Cryptographic Operations

Asymmetric keys can be generated and protected by TTM. They are wrapped in key blobs and stored outside of the device. Similar to wrapped keys in TPM, one can specify conditions on which the key blobs can be loaded and used. Such unwrapping conditions in TPM are usually based on PCR values. In TTM, these conditions are related to the tokens stored in the device. Figure 5.3.6 show the details of the commands for creating, loading and using wrapped keys.

5.3.3.1 Creating Wrapped Keys.

TTM creates asymmetric keys and wraps them in key blobs that can be used only when certain conditions are met. TTM CreateWrappedKey command takes the unwrapping con- dition cond as a parameter and returns a signed key blob. The blob contains the encrypted private part of the newly generated key and the unwrapping condition. The public part of the new key pair is returned together with the blob.

The possible values of cond are:

1. NULL: the key can be unwrapped without any condition.

2. pttype, cid, h, count, range, discq: the parameters represent the type of tokens, the

counter ID, the height of a Merkle tree, the number of tokens, a specific range of tokens, and the discount value respectively. The range element is used only for R-T tokens. The value of disc, where 0¤disc 2

m
1

, is directly related to the number of time this blob can be unwrapped. More specifically, let ct be the current number

Command: TTM CreateWrappedKey

Inputs: cond - condition to unwrapped the key. NULL if key can be unwrapped unconditionally

Outputs: If successful, return a key blob Else return error

Actions:

1. Generate an asymmetric key pair (Kpub′_{, Kpriv}′₎ 2. Set blob = (enc(Kpriv′_{, Kpub), cond)}

3. Create the signature

σ= (blob,INTERNAL FLAG)Kpriv

4. Return Kpub′_{, blob, σ}

Command: TTM LoadBKey

Inputs: blob - the key blob

σ - signature on the blob

Outputs: If successful, return the key handle Else return error

Actions:

1. Check that σ is the correct signature of blob ABORT if not true

2. Check that blob is of the form (enc(Kpriv′_{, Kpub), cond)} ABORT if not true

3. If (cond is not NULL) then

(a) Check that cond is of the form

(ttype, cid, h, count, range, disc). ABORT if not true

(b) Check that there is an active token state tks such that tks.ttype= ttype, tks.cid = cid and tks.isRT = F . ABORT if not true

(c) Check that tks.count≥ count + disc ABORT if not true

(d) Set tks.count= tks.count − disc 4. Decrypt enc(Kpriv′_{) and set handle to Kpriv}′ 5. Return handle

Command: TTM LoadRKey

Inputs: blob - the key blob

σ - signature on the blob L - a Merkle tree’s leaf

path - verification path, in which L is path[0]

Outputs: If successful, return the key handle Else return error

Actions:

1. Check that σ is the correct signature of blob ABORT if not true

2. Check that blob is of the form (enc(Kpriv′_{, Kpub), cond)} ABORT if not true

3. If (cond is not NULL) then

(a) Check that cond is of the form

(ttype, cid, h, count, range, disc). ABORT if not true

(b) Check that there is an active token state tks such that tks.ttype= ttype, tks.cid = cid, tks.h = h and tks.isRT= T . ABORT if not true

(c) Check that range represents[x, y]ttype. ABORT if not true

(d) Check that|[x, y]ttype| = count, and tks.count ≥ count+ dis. ABORT if not true

(e) Derive[a, b]ttypefrom the leaf L

(f) Check that[x, y]ttype ⊆ [a, b]ttype, and disc ≤ cd(y, b)

ABORT if not true

(g) Compute the root hash rHash, using path and L (h) Check that rHash= tks.root. ABORT if not true

(i) Set L.size= L.size − disc

(j) Compute new root hash newHash using path and the updated leaf

(k) Set tks.root= newHash (l) Set tks.count= tks.count − disc 4. Decrypt enc(Kpriv′_{) and set handle to Kpriv}′ 5. Return handle

Command: TTM Decrypt/TTM Sign

Inputs: keyHandle - key handle, DEFAULT HANDLE if

the identity key is used

data - data to be decrypt/sign

Outputs: If successful, return the encrypted data or sig- nature

Else return error Actions:

1. If keyHandle is not DEFAULT HANDLE, then

set key to the key pointed to by the handle, namely KP riv. ABORT if such key does not exist

2. If this is a sign operation, then set res= (data, EXTERNAL FLAG)key 3. If this is a decrypt operation, then

set res= dec(data, key)

4. If keyHandle is not DEFAULT HANDLE, then remove key from the memory

5. Return res

Figure 5.3.6: Commands for generating and loading asymmetric keys. enc(KPriv’, KPub) encrypts KPriv’ using KPub as the encryption key

of tokens with type ttype that belong to the TTM. The blob can be unwrapped only if the following conditions are met:

(a)

ct¥pcount discq (5.3.1)

(b) For R-T tokens, letrx, ysttype be the range of tokens represented by range, and

let ra, bsttype be the range belonging to the TTM, then:

cdpy, xqcount ^ rx, ysttype €ra, bsttype ^ cdpy, bq¡disc (5.3.2)

These conditions basically imply that the TTM must have at least count disc tokens. For R-T tokens, it must additionally have a range bigger than the one specified by range.

Once unwrapped successfully, a number of disc tokens are removed from the device. As a result, the blob can be unwrapped at mostt

ct
count

disc utimes.

5.3.3.2 Loading Wrapped Keys.

Key blobs are stored outside of TTM, and they need to be loaded into the device, using either TTM LoadBKey or TTM LoadRKey command before being used. TTM LoadBKey is called when unwrapping requires B-T tokens. TTM LoadRKey is called when R-T tokens are needed to unwrap the blob. TTM LoadRKey requires as input the details of the Merkle’s leaf containing the specified range. TTM then checks if the conditions in Equation 5.3.1 and Equation 5.3.2 are met. If true, the key is unwrapped (or decrypted) and stored in the device’s memory where it is accessible via a handle.

5.3.3.3 Decrypting and Signing.

Loaded keys can be used for decrypting (using TTM Decrypt command) or signing (using TTM Sign command). Before returning the decrypted or signed data, TTM removes the

loaded key from the memory. As the consequence, the wrapped key is used at most once after loaded, meaning that the blob needs to be re-loaded for the key to be used again.