Protecting circuits from leakage: The computationally-bounded and noisy cases

Sebastian Faust*, Tal Rabin, Leonid Reyzin, Eran Tromer, Vinod Vaikuntanathan

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

105 Scopus citations

Abstract

Physical computational devices leak side-channel information that may, and often does, reveal secret internal states. We present a general transformation that compiles any circuit into a new, functionally equivalent circuit which is resilient against well-defined classes of leakage. Our construction requires a small, stateless and computation-independent leak-proof component that draws random elements from a fixed distribution. In essence, we reduce the problem of shielding arbitrarily complex circuits to the problem of shielding a single, simple component. Our approach is based on modeling the adversary as a powerful observer that inspects the device via a limited measurement apparatus. We allow the apparatus to access all the bits of the computation (except those inside the leak-proof component) and the amount of leaked information to grow unbounded over time. However, we assume that the apparatus is limited either in its computational ability (namely, it lacks the ability to decode certain linear encodings and outputs a limited number of bits per iteration), or its precision (each observed bit is flipped with some probability). While our results apply in general to such leakage classes, in particular, we obtain security against: - Constant depth circuits leakage, where the measurement apparatus can be implemented by an AC0 circuit (namely, a constant depth circuit composed of NOT gates and unbounded fan-in AND and OR gates), or an ACC 0[p] circuit (which is the same as AC0, except that it also uses MODp gates) which outputs a limited number of bits. - Noisy leakage, where the measurement apparatus reveals all the bits of the state of the circuit, perturbed by independent binomial noise. Namely, each bit of the computation is perturbed with probability p, and remains unchanged with probability 1 - p.

Original languageEnglish
Title of host publicationAdvances in Cryptology - Eurocrypt 2010, 29th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings
Pages135-156
Number of pages22
DOIs
StatePublished - 2010
Externally publishedYes
Event29th in the Series of EuropeanConferences on the Theory and Application of Cryptographic Techniques, Eurocrypt 2010 - French Riviera, France
Duration: 30 May 20103 Jun 2010

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume6110 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference29th in the Series of EuropeanConferences on the Theory and Application of Cryptographic Techniques, Eurocrypt 2010
Country/TerritoryFrance
CityFrench Riviera
Period30/05/103/06/10

Fingerprint

Dive into the research topics of 'Protecting circuits from leakage: The computationally-bounded and noisy cases'. Together they form a unique fingerprint.

Cite this