Shielding circuits with groups

We show how to efficiently compile any given circuit C into a leakage-resistant circuit C' such that any function on the wires of C' that leaks information during a computation C'(x) yields advantage in computing the product of |C'|Ω(1) elements of the alternating group Au. In combination with new compression bounds for Au products, also obtained here, C' withstands leakage from virtually any class of functions against which average-case lower bounds are known. This includes communication protocols, and AC0 circuits augmented with few arbitrary symmetric gates. If NC1 ' TC0 then then the construction resists TC0 leakage as well. We also conjecture that our construction resists NC1 leakage. In addition, we extend the construction to the multi-query setting by relying on a simple secure hardware component. We build on Barrington's theorem [JCSS '89] and on the previous leakage-resistant constructions by Ishai et al. [Crypto '03] and Faust et al. [Eurocrypt '10]. Our construction exploits properties of Au beyond what is sufficient for Barrington's theorem.

[1]  Guy N. Rothblum,et al.  How to Compute under ${\cal{AC}}^{\sf0}$ Leakage without Secure Hardware , 2012, CRYPTO.

[2]  Yuval Ishai,et al.  Cryptography in NC0 , 2004, SIAM J. Comput..

[3]  Eric Allender,et al.  Uniform derandomization from pathetic lower bounds , 2010, Philosophical Transactions of the Royal Society A: Mathematical, Physical and Engineering Sciences.

[4]  Fan Chung Graham,et al.  Communication Complexity and Quasi Randomness , 1993, SIAM J. Discret. Math..

[5]  Silvio Micali,et al.  Physically Observable Cryptography (Extended Abstract) , 2004, Theory of Cryptography Conference.

[6]  Peter Bro Miltersen,et al.  On Pseudorandom Generators in NC , 2001, MFCS.

[7]  Noam Nisan,et al.  Multiparty Protocols, Pseudorandom Generators for Logspace, and Time-Space Trade-Offs , 1992, J. Comput. Syst. Sci..

[8]  Amit Sahai,et al.  On the (im)possibility of obfuscating programs , 2001, JACM.

[9]  Emanuele Viola,et al.  The communication complexity of addition , 2013, Comb..

[10]  Moni Naor,et al.  On the Compressibility of NP Instances and Cryptographic Applications , 2006, 2006 47th Annual IEEE Symposium on Foundations of Computer Science (FOCS'06).

[11]  Guy N. Rothblum,et al.  How to Compute in the Presence of Leakage , 2012, 2012 IEEE 53rd Annual Symposium on Foundations of Computer Science.

[12]  H. Kurzweil,et al.  The theory of finite groups : an introduction , 2004 .

[13]  Eric Allender The Division Breakthroughs , 2001, Bull. EATCS.

[14]  Emanuele Viola,et al.  Norms, XOR Lemmas, and Lower Bounds for GF(2) Polynomials and Multiparty Protocols , 2007, Twenty-Second Annual IEEE Conference on Computational Complexity (CCC'07).

[15]  Richard Cleve,et al.  Towards optimal simulations of formulas by bounded-width programs , 1990, STOC '90.

[16]  Eric Miles Iterated group products and leakage resilience against NC1 , 2013, IACR Cryptol. ePrint Arch..

[17]  P. Gács,et al.  Algorithms , 1992 .

[18]  Joe Kilian,et al.  Founding crytpography on oblivious transfer , 1988, STOC '88.

[19]  Yuval Ishai,et al.  On the randomness complexity of efficient sampling , 2006, STOC '06.

[20]  Moni Naor,et al.  On the Compressibility of NP Instances and Cryptographic Applications , 2010, SIAM J. Comput..

[21]  Richard J. Lipton,et al.  Multi-party protocols , 1983, STOC.

[22]  Emanuele Viola,et al.  Pseudorandom bits for constant depth circuits with few arbitrary symmetric gates , 2005, 20th Annual IEEE Conference on Computational Complexity (CCC'05).

[23]  Guy N. Rothblum,et al.  Securing Computation against Continuous Leakage , 2010, CRYPTO.

[24]  Yuval Ishai,et al.  Private Circuits: Securing Hardware against Probing Attacks , 2003, CRYPTO.

[25]  G. Rothblum How to Compute under AC 0 Leakage without Secure Hardware , 2012 .

[26]  Moni Naor,et al.  A minimal model for secure computation (extended abstract) , 1994, STOC '94.

[27]  Andrew Drucker New Limits to Classical and Quantum Instance Compression , 2015, SIAM J. Comput..

[28]  Salil P. Vadhan,et al.  Computational Complexity , 2005, Encyclopedia of Cryptography and Security.

[29]  B. Applebaum Cryptography in NC0 , 2014 .

[30]  Vinod Vaikuntanathan,et al.  Protecting Circuits from Leakage: the Computationally-Bounded and Noisy Cases , 2010, EUROCRYPT.

[31]  David A. Mix Barrington,et al.  Bounded-width polynomial-size branching programs recognize exactly those languages in NC1 , 1986, STOC '86.

[32]  N. Nisan The communication complexity of threshold gates , 1993 .

[33]  A BarringtonDavid Bounded-width polynomial-size branching programs recognize exactly those languages in NC1 , 1989 .

[34]  Guy N. Rothblum,et al.  A (de)constructive approach to program checking , 2008, STOC.

[35]  Stephen A. Cook,et al.  Problems Complete for Deterministic Logarithmic Space , 1987, J. Algorithms.

[36]  ApplebaumBenny,et al.  Cryptography in $NC^0$ , 2006 .

[37]  Richard J. Lipton,et al.  Subquadratic Simulations of Balanced Formulae by Branching Programs , 1994, SIAM J. Comput..

[38]  J. Urry Complexity , 2006, Interpreting Art.

[39]  Yevgeniy Vahlis,et al.  On Protecting Cryptographic Keys Against Continual Leakage , 2010, IACR Cryptol. ePrint Arch..

[40]  Stefan Dziembowski,et al.  Leakage-Resilient Circuits without Computational Assumptions , 2012, TCC.

[41]  Ran Raz,et al.  The BNS-Chung criterion for multi-party communication complexity , 2000, computational complexity.

[42]  Emanuele Viola,et al.  Selected Results in Additive Combinatorics: An Exposition , 2007, Theory Comput..