One-Time Programs with Limited Memory

We reinvestigate a notion of one-time programs introduced in the CRYPTO 2008 paper by Goldwasser et al. A one-time program is a device containing a program C, with the property that the program C can be executed on at most one input. Goldwasser et al. show how to implement one-time programs on devices equipped with special hardware gadgets called one-time memory tokens. We provide an alternative construction that does not rely on the hardware gadgets. Instead, it is based on the following assumptions: (1) the total amount of data that can leak from the device is bounded, and (2) the total memory on the device (available both to the honest user and to the attacker) is also restricted, which is essentially the model used recently by Dziembowski et al. (TCC 2011, CRYPTO 2011) to construct one-time computable pseudorandom functions and key-evolution schemes.