Skip to main content

Advertisement

SpringerLink
Log in

Unconditionally Secure Computation Against Low-Complexity Leakage

  • Published:
Journal of Cryptology Aims and scope Submit manuscript

A Correction to this article was published on 24 January 2022

A Correction to this article was published on 26 October 2021

This article has been updated

Abstract

We consider the problem of constructing leakage-resilient circuit compilers that are secure against global leakage functions with bounded output length. By global, we mean that the leakage can depend on all circuit wires and output a low-complexity function (represented as a multi-output Boolean circuit) applied on these wires. In this work, we design compilers both in the stateless (a.k.a. single-shot leakage) setting and the stateful (a.k.a. continuous leakage) setting that are unconditionally secure against \(\mathsf {AC}^0\) leakage and similar low-complexity classes. In the stateless case, we show that the original private circuits construction of Ishai, Sahai, and Wagner (Crypto 2003) is actually secure against \(\mathsf {AC}^0\) leakage. In the stateful case, we modify the construction of Rothblum (Crypto 2012), obtaining a simple construction with unconditional security. Prior works that designed leakage-resilient circuit compilers against \(\mathsf {AC}^0\) leakage had to rely either on secure hardware components (Faust et al., Eurocrypt 2010, Miles-Viola, STOC 2013) or on (unproven) complexity-theoretic assumptions (Rothblum, Crypto 2012).

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6

Similar content being viewed by others

Change history

Notes

  1. Let \(D'_0,D'_1\) be uniform distributions over 2n-bit strings such that for every \((\mathbf {x},\mathbf {y}) \in D'_b\), \(<\mathbf {x},\mathbf {y}> = b\). IPPP states that it is hard for \(\mathsf {AC}^0\) circuits to distinguish between \(D'_0\) and \(D'_1\) even when given \(f(\mathbf {x})\) and \(g(\mathbf {y})\) for arbitrary polynomial-time computable functions fg.

  2. The simulator circuit \(\textsf {Simr}\) is the composition of \(\mathsf {RandZero}\) and a preprocessing circuit. The irrelevant wires from preprocessing are discounted when comparing the two distributions.

References

  1. M. Ajtai, Secure computation with information leaking to an adversary, in Proceedings of the 43rd ACM Symposium on Theory of Computing, STOC 2011, (San Jose, CA, USA, 2011) 6-8 June 2011. pp. 715–724, https://doi.org/10.1145/1993636.1993731

  2. A. Akavia, A. Bogdanov, S. Guo, A. Kamath, A. Rosen, Candidate weak pseudorandom functions in AC\(^0\)\(o\) MOD\(_2\), in Naor, M. (ed.) ITCS 2014. pp. 251–260. ACM (Jan 2014)

  3. P. Ananth, Y. Ishai, A. Sahai, Private circuits: A modular approach, in Advances in Cryptology - CRYPTO 2018 - 38th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 19-23, 2018, Proceedings, Part III. pp. 427–455 (2018)

  4. A. Battistello, J.S. Coron, E. Prouff, R. Zeitoun, Horizontal side-channel attacks and countermeasures on the ISW masking scheme, in Gierlichs, B., Poschmann, A.Y. (eds.) CHES 2016. LNCS, vol. 9813, pp. 23–39. (Springer, Heidelberg, Aug 2016)

  5. S. Belaïd, F. Benhamouda, A. Passelègue, E. Prouff, A. Thillard, D. Vergnaud, Randomness complexity of private circuits for multiplication, in Fischlin, M., Coron, J.S. (eds.) EUROCRYPT 2016, Part II. LNCS, vol. 9666, pp. 616–648. Springer, Heidelberg (May 2016)

  6. M. Ben-Or, S. Goldwasser, A. Wigderson, Completeness theorems for non-cryptographic fault-tolerant distributed computation (extended abstract), in STOC. (1988) pp. 1–10

  7. F. Benhamouda, A. Degwekar, Y. Ishai, T. Rabin, On the local leakage resilience of linear secret sharing schemes, in Advances in Cryptology - CRYPTO 2018 - 38th Annual International Cryptology Conference, (Santa Barbara, CA, USA, August 19-23, 2018), Proceedings, Part I. (2018) pp. 531–561 https://doi.org/10.1007/978-3-319-96884-1_18

  8. N. Bitansky, R. Canetti, S. Halevi, Leakage-tolerant interactive protocols, in Theory of Cryptography - 9th Theory of Cryptography Conference, TCC 2012, (Taormina, Sicily, Italy, March 19-21, 2012). Proceedings. (2012), pp. 266–284, https://doi.org/10.1007/978-3-642-28914-9_15

  9. N. Bitansky, D. Dachman-Soled, H. Lin, Leakage-tolerant computation with input-independent preprocessing, in CRYPTO. (2014), pp. 146–163

  10. A. Bogdanov, Y. Ishai, E. Viola, C. Williamson, Bounded indistinguishability and the complexity of recovering secrets, in Robshaw, M., Katz, J. (eds.) CRYPTO 2016, Part III. LNCS, vol. 9816, (Springer, Heidelberg, Aug 2016) pp. 593–618

  11. E. Boyle, S. Garg, A. Jain, Y.T. Kalai, A. Sahai, Secure computation against adaptive auxiliary information, inAdvances in Cryptology - CRYPTO 2013 - 33rd Annual Cryptology Conference, (Santa Barbara, CA, USA, August 18–22, 2013). Proceedings, Part I. (2013), pp. 316–334 https://doi.org/10.1007/978-3-642-40041-4_18

  12. E. Boyle, S. Goldwasser, A. Jain, Y.T. Kalai, Multiparty computation secure against continual memory leakage, in Proceedings of the 44th Symposium on Theory of Computing Conference, STOC 2012, (New York, NY, USA, May 19–22, 2012), (2012) pp. 1235–1254, https://doi.org/10.1145/2213977.2214087

  13. J.V. Bulck, M. Minkin, O. Weisse, D. Genkin, B. Kasikci, F. Piessens, M. Silberstein, T.F. Wenisch, Y. Yarom, R. Strackx, Foreshadow: Extracting the keys to the intel SGX kingdom with transient out-of-order execution, in 27th USENIX Security Symposium, USENIX Security 2018, (Baltimore, MD, USA, August 15–17, 2018). (2018), pp. 991–1008, https://www.usenix.org/conference/usenixsecurity18/presentation/bulck

  14. M. Bun, R. Kothari, J. Thaler, Quantum algorithms and approximating polynomials for composed functions with shared inputs, in Proceedings of the Thirtieth Annual ACM-SIAM Symposium on Discrete Algorithms, SODA 2019, (San Diego, California, USA, January 6-9, 2019), (2019), pp. 662–678

  15. D. Chaum, C. Crépeau, I. Damgård, Multiparty unconditionally secure protocols (extended abstract), in STOC. (1988), pp. 11–19

  16. J.S. Coron, Higher order masking of look-up tables, in Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, (Springer, Heidelberg, May 2014), pp. 441–458

  17. J. Coron, E. Prouff, M. Rivain, T. Roche, Higher-order side channel security and mask refreshing, in Fast Software Encryption - 20th International Workshop, FSE 2013, Singapore, March 11–13, 2013. Revised Selected Papers. (2013), pp. 410–424 https://doi.org/10.1007/978-3-662-43933-3_21

  18. D. Dachman-Soled, F. Liu, H. Zhou, Leakage-resilient circuits revisited - optimal number of computing components without leak-free hardware, in EUROCRYPT 2015. (2015), pp. 131–158

  19. A. Duc, S. Dziembowski, S. Faust, Unifying leakage models: From probing attacks to noisy leakage, in Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 423–440. (Springer, Heidelberg, May 2014)

  20. S. Dziembowski, S. Faust, Leakage-resilient circuits without computational assumptions, in TCC 2012. (2012), pp. 230–247

  21. S. Dziembowski, S. Faust, M. Skorski, Noisy leakage revisited, in Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015, Part II. LNCS, vol. 9057, (Springer, Heidelberg, Apr 2015), pp. 159–188

  22. S. Faust, C. Paglialonga, T. Schneider, Amortizing randomness complexity in private circuits, in Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017, Part I. LNCS, vol. 10624, pp. 781–810. (Springer, Heidelberg, Dec 2017)

  23. S. Faust, T. Rabin, L. Reyzin, E. Tromer, V. Vaikuntanathan, Protecting circuits from leakage: the computationally-bounded and noisy cases, in Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, (Springer, Heidelberg, May 2010), pp. 135–156

  24. S. Faust, T. Rabin, L. Reyzin, E. Tromer, V. Vaikuntanathan, Protecting circuits from computationally bounded and noisy leakage. SIAM J. Comput. 43(5), 1564–1614 (2014), extended abstract in Eurocrypt 2010

  25. S. Garg, A. Jain, A. Sahai, Leakage-resilient zero knowledge, in Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, (Springer, Heidelberg, Aug 2011), pp. 297–315

  26. D. Genkin, Y. Ishai, M. Weiss, How to construct a leakage-resilient (stateless) trusted party, in Theory of Cryptography - 15th International Conference, TCC 2017, Baltimore, MD, USA, November 12-15, 2017, Proceedings, Part II. (2017), pp. 209–244, https://doi.org/10.1007/978-3-319-70503-3_7

  27. O. Goldreich, S. Micali, A. Wigderson, How to play any mental game or A completeness theorem for protocols with honest majority, in Aho, A. (ed.) 19th ACM STOC. ACM Press (May 1987), pp. 218–229

  28. S. Goldwasser, G.N. Rothblum, Securing computation against continuous leakage, in CRYPTO 2010. (2010), pp. 59–79

  29. S. Goldwasser, G.N. Rothblum, How to compute in the presence of leakage, in 53rd Annual IEEE Symposium on Foundations of Computer Science, FOCS 2012, (New Brunswick, NJ, USA, October 20–23, 2012). (2012), pp. 31–40, https://doi.org/10.1109/FOCS.2012.34

  30. V. Goyal, Y. Ishai, H.K. Maji, A. Sahai, A.A. Sherstov, Bounded-communication leakage resilience via parity-resilient circuits, in FOCS 2016. (2016), pp. 1–10

  31. J. Håstad, On the correlation of parity and small-depth circuits. SIAM J. Comput. 43(5), 1699–1708 (2014), https://doi.org/10.1137/120897432

  32. Ishai, Y., Sahai, A., Wagner, D.: Private circuits: Securing hardware against probing attacks, in: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 463–481. Springer, Heidelberg (Aug 2003)

  33. Y. Ishai, M. Weiss, G. Yang, Making the best of a leaky situation: Zero-knowledge pcps from leakage-resilient circuits, in Theory of Cryptography - 13th International Conference, TCC 2016-A, Tel Aviv, Israel, January 10-13, 2016, Proceedings, Part II. (2016), pp. 3–32, https://doi.org/10.1007/978-3-662-49099-0_1

  34. A. Juma, Y. Vahlis, Protecting cryptographic keys against continual leakage, in CRYPTO 2010. (2010), pp. 41–58

  35. P. Kocher, D. Genkin, D. Gruss, W. Haas, M. Hamburg, M. Lipp, S. Mangard, T. Prescher, M. Schwarz, Y. Yarom, Spectre attacks: Exploiting speculative execution. CoRR arXiv:1801.01203 (2018)

  36. P.C. Kocher, Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems, in Koblitz, N. (ed.) (CRYPTO’96. LNCS), vol. 1109, pp. 104–113. (Springer, Heidelberg, Aug 1996)

  37. P.C. Kocher, J. Jaffe, B. Jun, Differential power analysis, in Wiener, M.J. (ed.) CRYPTO’99. LNCS, vol. 1666, (Springer, Heidelberg, Aug 1999), pp. 388–397

  38. M. Lipp, M. Schwarz, D. Gruss, T. Prescher, W. Haas, A. Fogh, J. Horn, S. Mangard, P. Kocher, D. Genkin, Y. Yarom, M. Hamburg, Meltdown: Reading kernel memory from user space, in 27th USENIX Security Symposium, USENIX Security 2018, (Baltimore, MD, USA, August 15–17, 2018). (2018), pp. 973–990 https://www.usenix.org/conference/usenixsecurity18/presentation/lipp

  39. S. Micali, L. Reyzin, Physically observable cryptography (extended abstract), in Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, (Springer, Heidelberg, Feb 2004), pp. 278–296

  40. E. Miles, Iterated group products and leakage resilience against NC1, in Naor, M. (ed.) ITCS 2014. (Jan 2014), pp. 261–268. ACM

  41. E. Miles, E. Viola, Shielding circuits with groups, in Boneh, D., Roughgarden, T., Feigenbaum, J. (eds.) 45th ACM STOC. ACM Press (Jun 2013), pp. 251–260

  42. M. Rivain, E. Prouff, Provably secure higher-order masking of AES, in Mangard, S., Standaert, F. (eds.) CHES 2010. Lecture Notes in Computer Science, vol. 6225, (Springer, 2010), pp. 413–427

  43. G.N. Rothblum, How to compute under \({\cal{AC}}^{{\sf 0}}\) leakage without secure hardware, in Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, (Springer, Heidelberg, Aug 2012), pp. 552–569

  44. A.C.C. Yao, How to generate and exchange secrets (extended abstract), in 27th FOCS. pp. 162–167. IEEE Computer Society Press (Oct 1986)

Download references

Acknowledgements

The first author’s research is supported by Hong Kong RGC GRF CUHK14208215 and CUHK14207618. The second author’s research is supported by ERC Project NTSC (742754), ISF Grant 1709/14, NSF-BSF Grant 2015782, and a grant from the Ministry of Science and Technology, Israel and Department of Science and Technology, Government of India. The third author’s research was done in part while visiting Technion, Israel and while at UC Berkeley, USA and supported in part from DARPA/ARL SAFEWARE Award W911NF15C0210, AFOSR Award FA9550-15-1-0274, AFOSR YIP Award, a Hellman Award and research grants by the Okawa Foundation, Visa Inc., and Center for LongTerm Cybersecurity (CLTC, UC Berkeley).

Author information

Authors and Affiliations

  1. Chinese University of Hong Kong, Shatin, Hong Kong

    Andrej Bogdanov

  2. Technion, Haifa, Israel

    Yuval Ishai

  3. Tata Institute of Fundamental Research, Mumbai, India

    Akshayaram Srinivasan

Authors
  1. Andrej Bogdanov
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yuval Ishai
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Akshayaram Srinivasan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Akshayaram Srinivasan.

Additional information

Communicated by Jonathan Katz.

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Bogdanov, A., Ishai, Y. & Srinivasan, A. Unconditionally Secure Computation Against Low-Complexity Leakage. J Cryptol 34, 38 (2021). https://doi.org/10.1007/s00145-021-09402-2

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s00145-021-09402-2

Search

Navigation