TY - GEN
T1 - Leakage-Tolerant Circuits
AU - Ishai, Yuval
AU - Song, Yifan
N1 - Publisher Copyright:
© The Author(s), under exclusive license to Springer Nature Switzerland AG 2024.
PY - 2024
Y1 - 2024
N2 - A leakage-resilient circuit for f:{0,1}n→{0,1}m is a randomized Boolean circuit C mapping a randomized encoding of an input x to an encoding of y=f(x), such that applying any leakage function L∈L to the wires of C reveals essentially nothing about x. A leakage-tolerant circuit achieves the stronger guarantee that even when x and y are not protected by any encoding, the output of L can be simulated by applying some L′∈L to x and y alone. Thus, C is as secure as an ideal hardware implementation of f with respect to leakage from L. Leakage-resilient circuits were constructed for low-complexity classes L, including (length-t output) AC0 functions, parities, and functions with bounded communication complexity. In contrast, leakage-tolerant circuits were only known for the simple case of probing leakage, where L outputs the values of t wires in C. We initiate a systematic study of leakage-tolerant circuits for natural classes L of global leakage functions, obtaining the following main results. Leakage-tolerant circuits for depth-1 leakage. Every circuit Cf for f can be efficiently compiled into an L-tolerant circuit C for f, where L includes all leakage functions L that output either tparities or tdisjunctions (alternatively, conjunctions) of any number of wires or their negations. In the case of parities, our simulator runs in 2O(t) time. We provide partial evidence that this may be inherent.Application to stateful leakage-resilient circuits. Using a general transformation from leakage-tolerant circuits, we obtain the first construction of statefult-leakage-resilient circuits that tolerate a continuous parity leakage, and the first such construction for disjunction/conjunction leakage in which the circuit size grows sub-quadratically with t. Interestingly, here we can obtain poly(t)-time simulation even in the case of parities. Leakage-tolerant circuits for depth-1 leakage. Every circuit Cf for f can be efficiently compiled into an L-tolerant circuit C for f, where L includes all leakage functions L that output either tparities or tdisjunctions (alternatively, conjunctions) of any number of wires or their negations. In the case of parities, our simulator runs in 2O(t) time. We provide partial evidence that this may be inherent. Application to stateful leakage-resilient circuits. Using a general transformation from leakage-tolerant circuits, we obtain the first construction of statefult-leakage-resilient circuits that tolerate a continuous parity leakage, and the first such construction for disjunction/conjunction leakage in which the circuit size grows sub-quadratically with t. Interestingly, here we can obtain poly(t)-time simulation even in the case of parities.
AB - A leakage-resilient circuit for f:{0,1}n→{0,1}m is a randomized Boolean circuit C mapping a randomized encoding of an input x to an encoding of y=f(x), such that applying any leakage function L∈L to the wires of C reveals essentially nothing about x. A leakage-tolerant circuit achieves the stronger guarantee that even when x and y are not protected by any encoding, the output of L can be simulated by applying some L′∈L to x and y alone. Thus, C is as secure as an ideal hardware implementation of f with respect to leakage from L. Leakage-resilient circuits were constructed for low-complexity classes L, including (length-t output) AC0 functions, parities, and functions with bounded communication complexity. In contrast, leakage-tolerant circuits were only known for the simple case of probing leakage, where L outputs the values of t wires in C. We initiate a systematic study of leakage-tolerant circuits for natural classes L of global leakage functions, obtaining the following main results. Leakage-tolerant circuits for depth-1 leakage. Every circuit Cf for f can be efficiently compiled into an L-tolerant circuit C for f, where L includes all leakage functions L that output either tparities or tdisjunctions (alternatively, conjunctions) of any number of wires or their negations. In the case of parities, our simulator runs in 2O(t) time. We provide partial evidence that this may be inherent.Application to stateful leakage-resilient circuits. Using a general transformation from leakage-tolerant circuits, we obtain the first construction of statefult-leakage-resilient circuits that tolerate a continuous parity leakage, and the first such construction for disjunction/conjunction leakage in which the circuit size grows sub-quadratically with t. Interestingly, here we can obtain poly(t)-time simulation even in the case of parities. Leakage-tolerant circuits for depth-1 leakage. Every circuit Cf for f can be efficiently compiled into an L-tolerant circuit C for f, where L includes all leakage functions L that output either tparities or tdisjunctions (alternatively, conjunctions) of any number of wires or their negations. In the case of parities, our simulator runs in 2O(t) time. We provide partial evidence that this may be inherent. Application to stateful leakage-resilient circuits. Using a general transformation from leakage-tolerant circuits, we obtain the first construction of statefult-leakage-resilient circuits that tolerate a continuous parity leakage, and the first such construction for disjunction/conjunction leakage in which the circuit size grows sub-quadratically with t. Interestingly, here we can obtain poly(t)-time simulation even in the case of parities.
UR - http://www.scopus.com/inward/record.url?scp=85192863030&partnerID=8YFLogxK
U2 - 10.1007/978-3-031-58737-5_8
DO - 10.1007/978-3-031-58737-5_8
M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???
AN - SCOPUS:85192863030
SN - 9783031587368
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 196
EP - 225
BT - Advances in Cryptology – EUROCRYPT 2024 - 43rd Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings
A2 - Joye, Marc
A2 - Leander, Gregor
T2 - 43rd Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2024
Y2 - 26 May 2024 through 30 May 2024
ER -