Leakage-Tolerant Circuits

Yuval Ishai, Yifan Song

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

A leakage-resilient circuit for f:{0,1}n→{0,1}m is a randomized Boolean circuit C mapping a randomized encoding of an input x to an encoding of y=f(x), such that applying any leakage function L∈L to the wires of C reveals essentially nothing about x. A leakage-tolerant circuit achieves the stronger guarantee that even when x and y are not protected by any encoding, the output of L can be simulated by applying some L∈L to x and y alone. Thus, C is as secure as an ideal hardware implementation of f with respect to leakage from L. Leakage-resilient circuits were constructed for low-complexity classes L, including (length-t output) AC0 functions, parities, and functions with bounded communication complexity. In contrast, leakage-tolerant circuits were only known for the simple case of probing leakage, where L outputs the values of t wires in C. We initiate a systematic study of leakage-tolerant circuits for natural classes L of global leakage functions, obtaining the following main results. Leakage-tolerant circuits for depth-1 leakage. Every circuit Cf for f can be efficiently compiled into an L-tolerant circuit C for f, where L includes all leakage functions L that output either tparities or tdisjunctions (alternatively, conjunctions) of any number of wires or their negations. In the case of parities, our simulator runs in 2O(t) time. We provide partial evidence that this may be inherent.Application to stateful leakage-resilient circuits. Using a general transformation from leakage-tolerant circuits, we obtain the first construction of statefult-leakage-resilient circuits that tolerate a continuous parity leakage, and the first such construction for disjunction/conjunction leakage in which the circuit size grows sub-quadratically with t. Interestingly, here we can obtain poly(t)-time simulation even in the case of parities. Leakage-tolerant circuits for depth-1 leakage. Every circuit Cf for f can be efficiently compiled into an L-tolerant circuit C for f, where L includes all leakage functions L that output either tparities or tdisjunctions (alternatively, conjunctions) of any number of wires or their negations. In the case of parities, our simulator runs in 2O(t) time. We provide partial evidence that this may be inherent. Application to stateful leakage-resilient circuits. Using a general transformation from leakage-tolerant circuits, we obtain the first construction of statefult-leakage-resilient circuits that tolerate a continuous parity leakage, and the first such construction for disjunction/conjunction leakage in which the circuit size grows sub-quadratically with t. Interestingly, here we can obtain poly(t)-time simulation even in the case of parities.

Original languageEnglish
Title of host publicationAdvances in Cryptology – EUROCRYPT 2024 - 43rd Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings
EditorsMarc Joye, Gregor Leander
Pages196-225
Number of pages30
DOIs
StatePublished - 2024
Event43rd Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2024 - Zurich, Switzerland
Duration: 26 May 202430 May 2024

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume14654 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference43rd Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2024
Country/TerritorySwitzerland
CityZurich
Period26/05/2430/05/24

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science

Fingerprint

Dive into the research topics of 'Leakage-Tolerant Circuits'. Together they form a unique fingerprint.

Cite this