## Abstract

A leakage-resilient circuit for f:{0,1}^{n}→{0,1}^{m} is a randomized Boolean circuit C mapping a randomized encoding of an input x to an encoding of y=f(x), such that applying any leakage function L∈L to the wires of C reveals essentially nothing about x. A leakage-tolerant circuit achieves the stronger guarantee that even when x and y are not protected by any encoding, the output of L can be simulated by applying some L^{′}∈L to x and y alone. Thus, C is as secure as an ideal hardware implementation of f with respect to leakage from L. Leakage-resilient circuits were constructed for low-complexity classes L, including (length-t output) AC0 functions, parities, and functions with bounded communication complexity. In contrast, leakage-tolerant circuits were only known for the simple case of probing leakage, where L outputs the values of t wires in C. We initiate a systematic study of leakage-tolerant circuits for natural classes L of global leakage functions, obtaining the following main results. Leakage-tolerant circuits for depth-1 leakage. Every circuit C_{f} for f can be efficiently compiled into an L-tolerant circuit C for f, where L includes all leakage functions L that output either tparities or tdisjunctions (alternatively, conjunctions) of any number of wires or their negations. In the case of parities, our simulator runs in 2^{O(t)} time. We provide partial evidence that this may be inherent.Application to stateful leakage-resilient circuits. Using a general transformation from leakage-tolerant circuits, we obtain the first construction of statefult-leakage-resilient circuits that tolerate a continuous parity leakage, and the first such construction for disjunction/conjunction leakage in which the circuit size grows sub-quadratically with t. Interestingly, here we can obtain poly(t)-time simulation even in the case of parities. Leakage-tolerant circuits for depth-1 leakage. Every circuit C_{f} for f can be efficiently compiled into an L-tolerant circuit C for f, where L includes all leakage functions L that output either tparities or tdisjunctions (alternatively, conjunctions) of any number of wires or their negations. In the case of parities, our simulator runs in 2^{O(t)} time. We provide partial evidence that this may be inherent. Application to stateful leakage-resilient circuits. Using a general transformation from leakage-tolerant circuits, we obtain the first construction of statefult-leakage-resilient circuits that tolerate a continuous parity leakage, and the first such construction for disjunction/conjunction leakage in which the circuit size grows sub-quadratically with t. Interestingly, here we can obtain poly(t)-time simulation even in the case of parities.

Original language | English |
---|---|

Title of host publication | Advances in Cryptology – EUROCRYPT 2024 - 43rd Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings |

Editors | Marc Joye, Gregor Leander |

Pages | 196-225 |

Number of pages | 30 |

DOIs | |

State | Published - 2024 |

Event | 43rd Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2024 - Zurich, Switzerland Duration: 26 May 2024 → 30 May 2024 |

### Publication series

Name | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
---|---|

Volume | 14654 LNCS |

ISSN (Print) | 0302-9743 |

ISSN (Electronic) | 1611-3349 |

### Conference

Conference | 43rd Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2024 |
---|---|

Country/Territory | Switzerland |

City | Zurich |

Period | 26/05/24 → 30/05/24 |

## ASJC Scopus subject areas

- Theoretical Computer Science
- General Computer Science