{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,12]],"date-time":"2025-10-12T03:43:37Z","timestamp":1760240617646,"version":"build-2065373602"},"reference-count":31,"publisher":"MDPI AG","issue":"3","license":[{"start":{"date-parts":[[2019,8,20]],"date-time":"2019-08-20T00:00:00Z","timestamp":1566259200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Cryptography"],"abstract":"<jats:p>Backdooring cryptographic algorithms is an indisputable taboo in the cryptographic literature for a good reason: however noble the intentions, backdoors might fall in the wrong hands, in which case security is completely compromised. Nonetheless, more and more legislative pressure is being produced to enforce the use of such backdoors. In this work we introduce the concept of disposable cryptographic backdoors which can be used only once and become useless after that. These exotic primitives are impossible in the classical digital world without stateful and secure trusted hardware support, but, as we show, are feasible assuming quantum computation and access to classical stateless hardware tokens. Concretely, we construct a disposable (single-use) version of message authentication codes, and use them to derive a black-box construction of stateful hardware tokens in the above setting with quantum computation and classical stateless hardware tokens. This can be viewed as a generic transformation from stateful to stateless tokens and enables, among other things, one-time programs and memories. This is to our knowledge the first provably secure construction of such primitives from stateless tokens. As an application of disposable cryptographic backdoors we use our constructed primitive above to propose a middle-ground solution to the recent legislative push to backdoor cryptography: the conflict between Apple and FBI. We show that it is possible for Apple to create a one-time backdoor which unlocks any single device, and not even Apple can use it to unlock more than one, i.e., the backdoor becomes useless after it is used. We further describe how to use our ideas to derive a version of CCA-secure public key encryption, which is accompanied with a disposable (i.e., single-use, as in the above scenario) backdoor.<\/jats:p>","DOI":"10.3390\/cryptography3030022","type":"journal-article","created":{"date-parts":[[2019,8,21]],"date-time":"2019-08-21T11:19:06Z","timestamp":1566386346000},"page":"22","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":7,"title":["Cryptography with Disposable Backdoors"],"prefix":"10.3390","volume":"3","author":[{"given":"Kai-Min","family":"Chung","sequence":"first","affiliation":[{"name":"Academia Sinica, Taipei 11529, Taiwan"}]},{"given":"Marios","family":"Georgiou","sequence":"additional","affiliation":[{"name":"The Graduate Center, City University of New York, New York, NY 10035, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1970-8167","authenticated-orcid":false,"given":"Ching-Yi","family":"Lai","sequence":"additional","affiliation":[{"name":"Institute of Communications Engineering, National Chiao Tung University, Hsinchu 30010, Taiwan"}]},{"given":"Vassilis","family":"Zikas","sequence":"additional","affiliation":[{"name":"School of Informatics, University of Edinburgh, South Bridge, Edinburgh EH8 9YL, UK"}]}],"member":"1968","published-online":{"date-parts":[[2019,8,20]]},"reference":[{"key":"ref_1","unstructured":"Goldwasser, S., Kalai, Y.T., and Rothblum, G.N. (2008, January 17\u201321). One-time programs. Proceedings of the Annual International Cryptology Conference, Santa Barbara, CA, USA."},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Broadbent, A., Gutoski, G., and Stebila, D. (2013). Quantum one-time programs\u2014(Extended abstract). Advances in Cryptology\u2014CRYPTO 2013, Proceedings of the 33rd Annual Cryptology Conference, Santa Barbara, CA, USA, 18\u201322 August 2013, Springer. Part II.","DOI":"10.1007\/978-3-642-40084-1_20"},{"key":"ref_3","unstructured":"Bennett, C.H., and Brassard, G. (1984, January 9\u201312). Quantum cryptography: Public key distribution and coin tossing. Proceedings of the IEEE International Conference on Computers, Systems, and Signal Processing, Bangalore, India."},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Fisch, B., Freund, D., and Naor, M. (2014, January 17\u201321). Physical zero-knowledge proofs of physical properties. Proceedings of the International Cryptology Conference, Santa Barbara, CA, USA.","DOI":"10.1007\/978-3-662-44381-1_18"},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Fisch, B.A., Freund, D., and Naor, M. (2015, January 23\u201325). Secure physical computation using disposable circuits. Proceedings of the Theory of Cryptography Conference, Warsaw, Poland.","DOI":"10.1007\/978-3-662-46494-6_9"},{"key":"ref_6","unstructured":"Khamooshi, A. (2018, April 15). Breaking Down Apple\u2019s iPhone Fight with the U.S. Government. Available online: https:\/\/www.nytimes.com\/interactive\/2016\/03\/03\/technology\/apple-iphone-fbi-fight-explained.html?_r=0."},{"key":"ref_7","unstructured":"Schmidt, M.S., and Perez-Pena, R. (2018, April 15). F.B.I. Treating San Bernardino Attack as Terrorism Case. Available online: https:\/\/www.nytimes.com\/2015\/12\/05\/us\/tashfeen-malik-islamic-state.html."},{"key":"ref_8","unstructured":"Comey, J.B. (2018, April 15). Transcripts from a Public Speech, Available online: https:\/\/www.fbi.gov\/news\/speeches\/going-dark-are-technology-privacy-and-public-safety-on-a-collision-course."},{"key":"ref_9","unstructured":"Electronic Frontier Foundation (EFF) (2018, April 15). The Crypto Wars: Governments Working to Undermine Encryption. Available online: https:\/\/www.eff.org\/files\/2014\/01\/03\/cryptowarsonepagers-1_cac.pdf."},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Aaronson, S., and Christiano, P. (2012, January 19\u201322). Quantum money from hidden subspaces. Proceedings of the Forty-fourth Annual ACM Symposium on Theory of Computing, New York, NY, USA.","DOI":"10.1145\/2213977.2213983"},{"key":"ref_11","unstructured":"David, S.B., and Sattath, O. (2016). Quantum tokens for digital signatures. arXiv."},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Aaronson, S. (2009, January 15\u201318). Quantum copy-protection and quantum money. Proceedings of the 2009 24th Annual IEEE Conference on Computational Complexity, Paris, France.","DOI":"10.1109\/CCC.2009.42"},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Gavinsky, D. (2012, January 26\u201329). Quantum money with classical verification. Proceedings of the 2012 IEEE 27th Annual Conference on Computational Complexity (CCC), Porto, Portugal.","DOI":"10.1109\/CCC.2012.10"},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"16079","DOI":"10.1073\/pnas.1203552109","article-title":"Unforgeable noise-tolerant quantum tokens","volume":"109","author":"Pastawski","year":"2012","journal-title":"Proc. Natl. Acad. Sci. USA"},{"key":"ref_15","unstructured":"Georgiou, M., and Kerenidis, I. (2015). New constructions for quantum money. LIPIcs-Leibniz International Proceedings in Informatics, Schloss Dagstuhl-Leibniz-Zentrum fuer Informatik."},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Bennett, C.H., Brassard, G., Breidbart, S., and Wiesner, S. (1983). Quantum cryptography, or unforgeable subway tokens. Advances in Cryptology, Springer.","DOI":"10.1007\/978-1-4757-0602-4_26"},{"key":"ref_17","unstructured":"Aaronson, S. (2004, January 21\u201324). Limitations of quantum advice and one-way communication. Proceedings of the 19th IEEE Annual Conference on Computational Complexity, Amherst, MA, USA."},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"2481","DOI":"10.1109\/18.796385","article-title":"Coding theorem and strong converse for quantum channels","volume":"45","author":"Winter","year":"1999","journal-title":"IEEE Trans. Inf. Theory"},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"2261","DOI":"10.1109\/TIT.2007.896874","article-title":"Making good codes for classical-quantum channel coding via quantum hypothesis testing","volume":"53","author":"Ogawa","year":"2007","journal-title":"IEEE Trans. Inf. Theory"},{"key":"ref_20","unstructured":"Broadbent, A., Gharibian, S., and Zhou, H.-S. (2015). Quantum one-time memories from stateless hardware. arXiv."},{"key":"ref_21","unstructured":"Broadbent, A., Gharibian, S., and Zhou, H.-S. (2018). Towards quantum one-time memories from stateless hardware. arXiv."},{"key":"ref_22","first-page":"115","article-title":"Universally composable multi-party computation using tamper-proof hardware","volume":"Volume 4515","author":"Naor","year":"2007","journal-title":"Advances in Cryptology - EUROCRYPT 2007, Proceedings of the 26th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Barcelona, Spain, 20\u201324 May 2007"},{"key":"ref_23","first-page":"319","article-title":"General statistically secure computation with bounded-resettable hardware tokens","volume":"Volume 9014","author":"Dodis","year":"2015","journal-title":"Theory of Cryptography, Proceedings of the 12th Theory of Cryptography Conference, TCC 2015, Warsaw, Poland, 23\u201325 March 2015"},{"key":"ref_24","first-page":"308","article-title":"Founding cryptography on tamper-proof hardware tokens","volume":"Volume 5978","author":"Micciancio","year":"2010","journal-title":"Theory of Cryptography, Proceedings of the 7th Theory of Cryptography Conference, TCC 2010, Zurich, Switzerland, 9\u201311 February 2010"},{"key":"ref_25","unstructured":"Goldreich, O. (2009). Foundations of Cryptography: Volume 2, Basic Applications, Cambridge University Press."},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"281","DOI":"10.1137\/0217017","article-title":"A digital signature scheme secure against adaptive chosen-message attacks","volume":"17","author":"Goldwasser","year":"1988","journal-title":"SIAM J. Comput."},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"D\u00f6ttling, N., Kraschewski, D., M\u00fcller-Quade, J., and Nilges, T. (2015, January 24\u201326). From stateful hardware to resettable hardware using symmetric ssumptions. Proceedings of the International Conference on Provable Security, Kanazawa, Japan.","DOI":"10.1007\/978-3-319-26059-4_2"},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Liu, Y.-K. Single-shot security for one-time memories in the isolated qubits model. Advances in Cryptology\u2014CRYPTO 2014, Proceedings of the 34th Annual Cryptology Conference, Santa Barbara, CA, USA, 17\u201321 August 2014, Springer. Part II.","DOI":"10.1007\/978-3-662-44381-1_2"},{"key":"ref_29","doi-asserted-by":"crossref","unstructured":"Krawczyk, H. (1998). Relations among notions of security for public-key encryption schemes. Advances in Cryptology\u2014CRYPTO \u201998, Springer.","DOI":"10.1007\/BFb0055715"},{"key":"ref_30","doi-asserted-by":"crossref","first-page":"497","DOI":"10.1038\/nature13457","article-title":"A zero-knowledge protocol for nuclear warhead verification","volume":"510","author":"Glaser","year":"2014","journal-title":"Nature"},{"key":"ref_31","doi-asserted-by":"crossref","unstructured":"Bellare, M., and Rogaway, P. The security of triple encryption and a framework for code-based game-playing proofs. Advances in Cryptology\u2014EUROCRYPT 2006, Proceedings of the 25th Annual International Conference on the Theory and Applications of Cryptographic Techniques, St. Petersburg, Russia, 28 May\u20131 June 2006, Springer.","DOI":"10.1007\/11761679_25"}],"container-title":["Cryptography"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2410-387X\/3\/3\/22\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T13:12:27Z","timestamp":1760188347000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2410-387X\/3\/3\/22"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,8,20]]},"references-count":31,"journal-issue":{"issue":"3","published-online":{"date-parts":[[2019,9]]}},"alternative-id":["cryptography3030022"],"URL":"https:\/\/doi.org\/10.3390\/cryptography3030022","relation":{},"ISSN":["2410-387X"],"issn-type":[{"type":"electronic","value":"2410-387X"}],"subject":[],"published":{"date-parts":[[2019,8,20]]}}}