Abstract
We consider the problem of constructing leakage-resilient circuit compilers that are secure against global leakage functions with bounded output length. By global, we mean that the leakage can depend on all circuit wires and output a low-complexity function (represented as a multi-output Boolean circuit) applied on these wires. In this work, we design compilers both in the stateless (a.k.a. single-shot leakage) setting and the stateful (a.k.a. continuous leakage) setting that are unconditionally secure against \(\mathsf {AC}^0\) leakage and similar low-complexity classes. In the stateless case, we show that the original private circuits construction of Ishai, Sahai, and Wagner (Crypto 2003) is actually secure against \(\mathsf {AC}^0\) leakage. In the stateful case, we modify the construction of Rothblum (Crypto 2012), obtaining a simple construction with unconditional security. Prior works that designed leakage-resilient circuit compilers against \(\mathsf {AC}^0\) leakage had to rely either on secure hardware components (Faust et al., Eurocrypt 2010, Miles-Viola, STOC 2013) or on (unproven) complexity-theoretic assumptions (Rothblum, Crypto 2012).
Similar content being viewed by others
Change history
26 October 2021
A Correction to this paper has been published: https://doi.org/10.1007/s00145-021-09412-0
24 January 2022
A Correction to this paper has been published: https://doi.org/10.1007/s00145-021-09417-9
Notes
Let \(D'_0,D'_1\) be uniform distributions over 2n-bit strings such that for every \((\mathbf {x},\mathbf {y}) \in D'_b\), \(<\mathbf {x},\mathbf {y}> = b\). IPPP states that it is hard for \(\mathsf {AC}^0\) circuits to distinguish between \(D'_0\) and \(D'_1\) even when given \(f(\mathbf {x})\) and \(g(\mathbf {y})\) for arbitrary polynomial-time computable functions f, g.
The simulator circuit \(\textsf {Simr}\) is the composition of \(\mathsf {RandZero}\) and a preprocessing circuit. The irrelevant wires from preprocessing are discounted when comparing the two distributions.
References
M. Ajtai, Secure computation with information leaking to an adversary, in Proceedings of the 43rd ACM Symposium on Theory of Computing, STOC 2011, (San Jose, CA, USA, 2011) 6-8 June 2011. pp. 715–724, https://doi.org/10.1145/1993636.1993731
A. Akavia, A. Bogdanov, S. Guo, A. Kamath, A. Rosen, Candidate weak pseudorandom functions in AC\(^0\)\(o\) MOD\(_2\), in Naor, M. (ed.) ITCS 2014. pp. 251–260. ACM (Jan 2014)
P. Ananth, Y. Ishai, A. Sahai, Private circuits: A modular approach, in Advances in Cryptology - CRYPTO 2018 - 38th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 19-23, 2018, Proceedings, Part III. pp. 427–455 (2018)
A. Battistello, J.S. Coron, E. Prouff, R. Zeitoun, Horizontal side-channel attacks and countermeasures on the ISW masking scheme, in Gierlichs, B., Poschmann, A.Y. (eds.) CHES 2016. LNCS, vol. 9813, pp. 23–39. (Springer, Heidelberg, Aug 2016)
S. Belaïd, F. Benhamouda, A. Passelègue, E. Prouff, A. Thillard, D. Vergnaud, Randomness complexity of private circuits for multiplication, in Fischlin, M., Coron, J.S. (eds.) EUROCRYPT 2016, Part II. LNCS, vol. 9666, pp. 616–648. Springer, Heidelberg (May 2016)
M. Ben-Or, S. Goldwasser, A. Wigderson, Completeness theorems for non-cryptographic fault-tolerant distributed computation (extended abstract), in STOC. (1988) pp. 1–10
F. Benhamouda, A. Degwekar, Y. Ishai, T. Rabin, On the local leakage resilience of linear secret sharing schemes, in Advances in Cryptology - CRYPTO 2018 - 38th Annual International Cryptology Conference, (Santa Barbara, CA, USA, August 19-23, 2018), Proceedings, Part I. (2018) pp. 531–561 https://doi.org/10.1007/978-3-319-96884-1_18
N. Bitansky, R. Canetti, S. Halevi, Leakage-tolerant interactive protocols, in Theory of Cryptography - 9th Theory of Cryptography Conference, TCC 2012, (Taormina, Sicily, Italy, March 19-21, 2012). Proceedings. (2012), pp. 266–284, https://doi.org/10.1007/978-3-642-28914-9_15
N. Bitansky, D. Dachman-Soled, H. Lin, Leakage-tolerant computation with input-independent preprocessing, in CRYPTO. (2014), pp. 146–163
A. Bogdanov, Y. Ishai, E. Viola, C. Williamson, Bounded indistinguishability and the complexity of recovering secrets, in Robshaw, M., Katz, J. (eds.) CRYPTO 2016, Part III. LNCS, vol. 9816, (Springer, Heidelberg, Aug 2016) pp. 593–618
E. Boyle, S. Garg, A. Jain, Y.T. Kalai, A. Sahai, Secure computation against adaptive auxiliary information, inAdvances in Cryptology - CRYPTO 2013 - 33rd Annual Cryptology Conference, (Santa Barbara, CA, USA, August 18–22, 2013). Proceedings, Part I. (2013), pp. 316–334 https://doi.org/10.1007/978-3-642-40041-4_18
E. Boyle, S. Goldwasser, A. Jain, Y.T. Kalai, Multiparty computation secure against continual memory leakage, in Proceedings of the 44th Symposium on Theory of Computing Conference, STOC 2012, (New York, NY, USA, May 19–22, 2012), (2012) pp. 1235–1254, https://doi.org/10.1145/2213977.2214087
J.V. Bulck, M. Minkin, O. Weisse, D. Genkin, B. Kasikci, F. Piessens, M. Silberstein, T.F. Wenisch, Y. Yarom, R. Strackx, Foreshadow: Extracting the keys to the intel SGX kingdom with transient out-of-order execution, in 27th USENIX Security Symposium, USENIX Security 2018, (Baltimore, MD, USA, August 15–17, 2018). (2018), pp. 991–1008, https://www.usenix.org/conference/usenixsecurity18/presentation/bulck
M. Bun, R. Kothari, J. Thaler, Quantum algorithms and approximating polynomials for composed functions with shared inputs, in Proceedings of the Thirtieth Annual ACM-SIAM Symposium on Discrete Algorithms, SODA 2019, (San Diego, California, USA, January 6-9, 2019), (2019), pp. 662–678
D. Chaum, C. Crépeau, I. Damgård, Multiparty unconditionally secure protocols (extended abstract), in STOC. (1988), pp. 11–19
J.S. Coron, Higher order masking of look-up tables, in Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, (Springer, Heidelberg, May 2014), pp. 441–458
J. Coron, E. Prouff, M. Rivain, T. Roche, Higher-order side channel security and mask refreshing, in Fast Software Encryption - 20th International Workshop, FSE 2013, Singapore, March 11–13, 2013. Revised Selected Papers. (2013), pp. 410–424 https://doi.org/10.1007/978-3-662-43933-3_21
D. Dachman-Soled, F. Liu, H. Zhou, Leakage-resilient circuits revisited - optimal number of computing components without leak-free hardware, in EUROCRYPT 2015. (2015), pp. 131–158
A. Duc, S. Dziembowski, S. Faust, Unifying leakage models: From probing attacks to noisy leakage, in Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 423–440. (Springer, Heidelberg, May 2014)
S. Dziembowski, S. Faust, Leakage-resilient circuits without computational assumptions, in TCC 2012. (2012), pp. 230–247
S. Dziembowski, S. Faust, M. Skorski, Noisy leakage revisited, in Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015, Part II. LNCS, vol. 9057, (Springer, Heidelberg, Apr 2015), pp. 159–188
S. Faust, C. Paglialonga, T. Schneider, Amortizing randomness complexity in private circuits, in Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017, Part I. LNCS, vol. 10624, pp. 781–810. (Springer, Heidelberg, Dec 2017)
S. Faust, T. Rabin, L. Reyzin, E. Tromer, V. Vaikuntanathan, Protecting circuits from leakage: the computationally-bounded and noisy cases, in Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, (Springer, Heidelberg, May 2010), pp. 135–156
S. Faust, T. Rabin, L. Reyzin, E. Tromer, V. Vaikuntanathan, Protecting circuits from computationally bounded and noisy leakage. SIAM J. Comput. 43(5), 1564–1614 (2014), extended abstract in Eurocrypt 2010
S. Garg, A. Jain, A. Sahai, Leakage-resilient zero knowledge, in Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, (Springer, Heidelberg, Aug 2011), pp. 297–315
D. Genkin, Y. Ishai, M. Weiss, How to construct a leakage-resilient (stateless) trusted party, in Theory of Cryptography - 15th International Conference, TCC 2017, Baltimore, MD, USA, November 12-15, 2017, Proceedings, Part II. (2017), pp. 209–244, https://doi.org/10.1007/978-3-319-70503-3_7
O. Goldreich, S. Micali, A. Wigderson, How to play any mental game or A completeness theorem for protocols with honest majority, in Aho, A. (ed.) 19th ACM STOC. ACM Press (May 1987), pp. 218–229
S. Goldwasser, G.N. Rothblum, Securing computation against continuous leakage, in CRYPTO 2010. (2010), pp. 59–79
S. Goldwasser, G.N. Rothblum, How to compute in the presence of leakage, in 53rd Annual IEEE Symposium on Foundations of Computer Science, FOCS 2012, (New Brunswick, NJ, USA, October 20–23, 2012). (2012), pp. 31–40, https://doi.org/10.1109/FOCS.2012.34
V. Goyal, Y. Ishai, H.K. Maji, A. Sahai, A.A. Sherstov, Bounded-communication leakage resilience via parity-resilient circuits, in FOCS 2016. (2016), pp. 1–10
J. Håstad, On the correlation of parity and small-depth circuits. SIAM J. Comput. 43(5), 1699–1708 (2014), https://doi.org/10.1137/120897432
Ishai, Y., Sahai, A., Wagner, D.: Private circuits: Securing hardware against probing attacks, in: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 463–481. Springer, Heidelberg (Aug 2003)
Y. Ishai, M. Weiss, G. Yang, Making the best of a leaky situation: Zero-knowledge pcps from leakage-resilient circuits, in Theory of Cryptography - 13th International Conference, TCC 2016-A, Tel Aviv, Israel, January 10-13, 2016, Proceedings, Part II. (2016), pp. 3–32, https://doi.org/10.1007/978-3-662-49099-0_1
A. Juma, Y. Vahlis, Protecting cryptographic keys against continual leakage, in CRYPTO 2010. (2010), pp. 41–58
P. Kocher, D. Genkin, D. Gruss, W. Haas, M. Hamburg, M. Lipp, S. Mangard, T. Prescher, M. Schwarz, Y. Yarom, Spectre attacks: Exploiting speculative execution. CoRR arXiv:1801.01203 (2018)
P.C. Kocher, Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems, in Koblitz, N. (ed.) (CRYPTO’96. LNCS), vol. 1109, pp. 104–113. (Springer, Heidelberg, Aug 1996)
P.C. Kocher, J. Jaffe, B. Jun, Differential power analysis, in Wiener, M.J. (ed.) CRYPTO’99. LNCS, vol. 1666, (Springer, Heidelberg, Aug 1999), pp. 388–397
M. Lipp, M. Schwarz, D. Gruss, T. Prescher, W. Haas, A. Fogh, J. Horn, S. Mangard, P. Kocher, D. Genkin, Y. Yarom, M. Hamburg, Meltdown: Reading kernel memory from user space, in 27th USENIX Security Symposium, USENIX Security 2018, (Baltimore, MD, USA, August 15–17, 2018). (2018), pp. 973–990 https://www.usenix.org/conference/usenixsecurity18/presentation/lipp
S. Micali, L. Reyzin, Physically observable cryptography (extended abstract), in Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, (Springer, Heidelberg, Feb 2004), pp. 278–296
E. Miles, Iterated group products and leakage resilience against NC1, in Naor, M. (ed.) ITCS 2014. (Jan 2014), pp. 261–268. ACM
E. Miles, E. Viola, Shielding circuits with groups, in Boneh, D., Roughgarden, T., Feigenbaum, J. (eds.) 45th ACM STOC. ACM Press (Jun 2013), pp. 251–260
M. Rivain, E. Prouff, Provably secure higher-order masking of AES, in Mangard, S., Standaert, F. (eds.) CHES 2010. Lecture Notes in Computer Science, vol. 6225, (Springer, 2010), pp. 413–427
G.N. Rothblum, How to compute under \({\cal{AC}}^{{\sf 0}}\) leakage without secure hardware, in Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, (Springer, Heidelberg, Aug 2012), pp. 552–569
A.C.C. Yao, How to generate and exchange secrets (extended abstract), in 27th FOCS. pp. 162–167. IEEE Computer Society Press (Oct 1986)
Acknowledgements
The first author’s research is supported by Hong Kong RGC GRF CUHK14208215 and CUHK14207618. The second author’s research is supported by ERC Project NTSC (742754), ISF Grant 1709/14, NSF-BSF Grant 2015782, and a grant from the Ministry of Science and Technology, Israel and Department of Science and Technology, Government of India. The third author’s research was done in part while visiting Technion, Israel and while at UC Berkeley, USA and supported in part from DARPA/ARL SAFEWARE Award W911NF15C0210, AFOSR Award FA9550-15-1-0274, AFOSR YIP Award, a Hellman Award and research grants by the Okawa Foundation, Visa Inc., and Center for LongTerm Cybersecurity (CLTC, UC Berkeley).
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by Jonathan Katz.
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Bogdanov, A., Ishai, Y. & Srinivasan, A. Unconditionally Secure Computation Against Low-Complexity Leakage. J Cryptol 34, 38 (2021). https://doi.org/10.1007/s00145-021-09402-2
Received:
Revised:
Accepted:
Published:
DOI: https://doi.org/10.1007/s00145-021-09402-2