Protecting Circuits from Computationally Bounded and Noisy Leakage

Physical computational devices leak side-channel information that may, and often does, reveal secret internal states. We present a general transformation that compiles any circuit into a circuit with the same functionality but resilience against well-defined classes of leakage. Our construction requires a small, stateless ,a ndcomputation-independent leak-proof component that draws random elements from a fixed distribution. In essence, we reduce the problem of shielding arbitrarily complex circuits to the problem of shielding a single, simple component. Our approach is based on modeling the adversary as a powerful observer that inspects the device via a limited measurement apparatus. We allow the apparatus to access all the bits of the computation (except those inside the leak-proof component), and the amount of leaked information to grow unbounded over time. However, we assume that the apparatus is limited in the amount of output bits per iteration and the ability to decode certain linear encodings. While our results apply in general to such leakage classes, in particular, we obtain security against (a) constant-depth circuits leakage, where the leakage function is computed by an AC 0 circuit (composed of NOT gates and unbounded fan-in AND and OR gates); (b) noisy leakage, where the leakage function reveals all the bits of the internal state of the circuit, but each bit is perturbed by independent binomial noise—i.e., flipped with some probability p. Namely, for some number p ∈ (0, 1/2), each bit of the computation is flipped with probability p, and remains unchanged with probability 1 − p.

[1]  David Brumley,et al.  Remote timing attacks are practical , 2003, Comput. Networks.

[2]  Eric Miles Iterated group products and leakage resilience against NC1 , 2013, IACR Cryptol. ePrint Arch..

[3]  Oded Goldreich,et al.  Towards a theory of software protection and simulation by oblivious RAMs , 1987, STOC.

[4]  Tal Rabin Advances in Cryptology - CRYPTO 2010, 30th Annual Cryptology Conference, Santa Barbara, CA, USA, August 15-19, 2010. Proceedings , 2010, CRYPTO.

[5]  Adi Shamir,et al.  Cache Attacks and Countermeasures: The Case of AES , 2006, CT-RSA.

[6]  Johan Håstad,et al.  Almost optimal lower bounds for small depth circuits , 1986, STOC '86.

[7]  Michael Sipser,et al.  Parity, circuits, and the polynomial-time hierarchy , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[8]  W. Hoeffding Probability Inequalities for sums of Bounded Random Variables , 1963 .

[9]  G. Rothblum How to Compute under AC 0 Leakage without Secure Hardware , 2012 .

[10]  Rafail Ostrovsky,et al.  Software protection and simulation on oblivious RAMs , 1996, JACM.

[11]  Guy N. Rothblum,et al.  Leakage-Resilient Signatures , 2010, TCC.

[12]  Silvio Micali,et al.  Physically Observable Cryptography (Extended Abstract) , 2004, TCC.

[13]  Yuval Ishai,et al.  On the randomness complexity of efficient sampling , 2006, STOC '06.

[14]  Stefan Dziembowski,et al.  Leakage-Resilient Cryptography From the Inner-Product Extractor , 2011, IACR Cryptol. ePrint Arch..

[15]  Miklós Ajtai,et al.  Secure computation with information leaking to an adversary , 2011, STOC '11.

[16]  Mark Braverman,et al.  Poly-logarithmic Independence Fools AC^0 Circuits , 2009, 2009 24th Annual IEEE Conference on Computational Complexity.

[17]  Silvio Micali,et al.  Physically Observable Cryptography , 2003, IACR Cryptol. ePrint Arch..

[18]  Eran Tromer,et al.  Acoustic cryptanalysis : on nosy people and noisy machines , 2004 .

[19]  P. MuraliKrishna,et al.  SECURE SCHEMES FOR SECRET SHARING AND KEY DISTRIBUTION USING PELL'S EQUATION , 2013 .

[20]  Mark Braverman Poly-logarithmic Independence Fools AC0 Circuits , 2009, Computational Complexity Conference.

[21]  Diederich Hinrichsen,et al.  Mathematical Systems Theory I , 2006, IEEE Transactions on Automatic Control.

[22]  Markus G. Kuhn,et al.  Compromising Emanations , 2005, Encyclopedia of Cryptography and Security.

[23]  Stefan Dziembowski,et al.  Leakage-Resilient Circuits without Computational Assumptions , 2012, TCC.

[24]  Eric Miles,et al.  Shielding circuits with groups , 2013, STOC '13.

[25]  Miklós Ajtai,et al.  Approximate Counting with Uniform Constant-Depth Circuits , 1990, Advances In Computational Complexity Theory.

[26]  Yevgeniy Vahlis,et al.  On Protecting Cryptographic Keys Against Continual Leakage , 2010, IACR Cryptol. ePrint Arch..

[27]  Oded Goldreich,et al.  Three XOR-Lemmas - An Exposition , 1995, Electron. Colloquium Comput. Complex..

[28]  Stefan Dziembowski,et al.  Leakage-Resilient Cryptography , 2008, 2008 49th Annual IEEE Symposium on Foundations of Computer Science.

[29]  Noam Nisan,et al.  Pseudorandom bits for constant depth circuits , 1991, Comb..

[30]  Adam R. Klivans On the Derandomization of Constant Depth Circuits , 2001, RANDOM-APPROX.

[31]  Guy N. Rothblum,et al.  How to Compute in the Presence of Leakage , 2012, 2012 IEEE 53rd Annual Symposium on Foundations of Computer Science.

[32]  Guy N. Rothblum,et al.  Securing Computation against Continuous Leakage , 2010, CRYPTO.

[33]  Yuval Ishai,et al.  Private Circuits: Securing Hardware against Probing Attacks , 2003, CRYPTO.

[34]  Daniel J. Bernstein,et al.  Cache-timing attacks on AES , 2005 .

[35]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[36]  Colin Percival CACHE MISSING FOR FUN AND PROFIT , 2005 .

[37]  Emmanuel Prouff,et al.  Masking against Side-Channel Attacks: A Formal Security Proof , 2013, EUROCRYPT.

[38]  Ingrid Verbauwhede,et al.  A VLSI design flow for secure side-channel attack resistant ICs , 2005, Design, Automation and Test in Europe.

[39]  Krzysztof Pietrzak,et al.  A Leakage-Resilient Mode of Operation , 2009, EUROCRYPT.

[40]  Pankaj Rohatgi,et al.  Towards Sound Approaches to Counteract Power-Analysis Attacks , 1999, CRYPTO.

[41]  Vinod Vaikuntanathan,et al.  Protecting Circuits from Leakage: the Computationally-Bounded and Noisy Cases , 2010, EUROCRYPT.

[42]  Amit Sahai,et al.  On the (im)possibility of obfuscating programs , 2001, JACM.

[43]  Jean-Jacques Quisquater,et al.  ElectroMagnetic Analysis (EMA): Measures and Counter-Measures for Smart Cards , 2001, E-smart.