Basing Cryptographic Protocols on Tamper-Evident Seals

In this paper we attempt to formally study two very intuitive physical models: sealed envelopes and locked boxes, often used as illustrations for common cryptographic operations. We relax the security properties usually required from locked boxes (such as in bit-commitment protocols) and require only that a broken lock or torn envelope be identifiable to the original sender. Unlike the completely impregnable locked box, this functionality may be achievable in real life, where containers having this property are called “tamper-evident seals”. Another physical object with this property is the “scratch-off card”, often used in lottery tickets. We consider three variations of tamper-evident seals, and show that under some conditions they can be used to implement oblivious transfer, bit-commitment and coin flipping. We also show a separation between the three models. One of our results is a strongly-fair coin flipping protocol with bias bounded by O(1/r) (where r is the number of rounds); this was a stepping stone towards achieving such a protocol in the standard model (in subsequent work).