Protecting circuits from computationally bounded and noisy leakage

Sebastian Faust, Tal Rabin, Leonid Reyzin, Eran Tromer, Vinod Vaikuntanathan

Research output: Contribution to journalArticlepeer-review


Physical computational devices leak side-channel information that may, and often does, reveal secret internal states. We present a general transformation that compiles any circuit into a circuit with the same functionality but resilience against well-defined classes of leakage. Our construction requires a small, stateless, and computation-independent leak-proof component that draws random elements from a fixed distribution. In essence, we reduce the problem of shielding arbitrarily complex circuits to the problem of shielding a single, simple component. Our approach is based on modeling the adversary as a powerful observer that inspects the device via a limited measurement apparatus. We allow the apparatus to access all the bits of the computation (except those inside the leak-proof component), and the amount of leaked information to grow unbounded over time. However, we assume that the apparatus is limited in the amount of output bits per iteration and the ability to decode certain linear encodings. While our results apply in general to such leakage classes, in particular, we obtain security against (a) constant-depth circuits leakage, where the leakage function is computed by an AC0 circuit (composed of NOT gates and unbounded fan-in AND and OR gates); (b) noisy leakage, where the leakage function reveals all the bits of the internal state of the circuit, but each bit is perturbed by independent binomial noise-i.e., flipped with some probability p. Namely, for some number p ∈ (0, 1/2], each bit of the computation is flipped with probability p, and remains unchanged with probability 1 - p.

Original languageEnglish
Pages (from-to)1564-1614
Number of pages51
JournalSIAM Journal on Computing
Issue number5
StatePublished - 2014


  • Leakage resilience
  • Models
  • Side channel attacks


Dive into the research topics of 'Protecting circuits from computationally bounded and noisy leakage'. Together they form a unique fingerprint.

Cite this