Protecting Circuits from Leakage: the Computationally-Bounded and Noisy Cases
Physical computational devices leak side-channel information that may, and often does, reveal secret internal states. We present a general transformation that compiles any circuit into a new, functionally equivalent circuit which is resilient against well-defined classes of leakage. Our construction...
Saved in:
| Published in: | Advances in Cryptology – EUROCRYPT 2010 pp. 135 - 156 |
|---|---|
| Main Authors: | , , , , |
| Format: | Book Chapter |
| Language: | English |
| Published: |
Berlin, Heidelberg
Springer Berlin Heidelberg
2010
|
| Series: | Lecture Notes in Computer Science |
| Subjects: | |
| Online Access: | Get full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Abstract | Physical computational devices leak side-channel information that may, and often does, reveal secret internal states. We present a general transformation that compiles any circuit into a new, functionally equivalent circuit which is resilient against well-defined classes of leakage. Our construction requires a small, stateless and computation-independent leak-proof component that draws random elements from a fixed distribution. In essence, we reduce the problem of shielding arbitrarily complex circuits to the problem of shielding a single, simple component.
Our approach is based on modeling the adversary as a powerful observer that inspects the device via a limited measurement apparatus. We allow the apparatus to access all the bits of the computation (except those inside the leak-proof component) and the amount of leaked information to grow unbounded over time. However, we assume that the apparatus is limited either in its computational ability (namely, it lacks the ability to decode certain linear encodings and outputs a limited number of bits per iteration), or its precision (each observed bit is flipped with some probability). While our results apply in general to such leakage classes, in particular, we obtain security against:
Constant depth circuits leakage, where the measurement apparatus can be implemented by an AC0 circuit (namely, a constant depth circuit composed of NOT gates and unbounded fan-in AND and OR gates), or an ACC0[p] circuit (which is the same as AC0, except that it also uses MODp gates) which outputs a limited number of bits.Noisy leakage, where the measurement apparatus reveals all the bits of the state of the circuit, perturbed by independent binomial noise. Namely, each bit of the computation is perturbed with probability p, and remains unchanged with probability 1 − p. |
|---|---|
| AbstractList | Physical computational devices leak side-channel information that may, and often does, reveal secret internal states. We present a general transformation that compiles any circuit into a new, functionally equivalent circuit which is resilient against well-defined classes of leakage. Our construction requires a small, stateless and computation-independent leak-proof component that draws random elements from a fixed distribution. In essence, we reduce the problem of shielding arbitrarily complex circuits to the problem of shielding a single, simple component.
Our approach is based on modeling the adversary as a powerful observer that inspects the device via a limited measurement apparatus. We allow the apparatus to access all the bits of the computation (except those inside the leak-proof component) and the amount of leaked information to grow unbounded over time. However, we assume that the apparatus is limited either in its computational ability (namely, it lacks the ability to decode certain linear encodings and outputs a limited number of bits per iteration), or its precision (each observed bit is flipped with some probability). While our results apply in general to such leakage classes, in particular, we obtain security against:
Constant depth circuits leakage, where the measurement apparatus can be implemented by an AC0 circuit (namely, a constant depth circuit composed of NOT gates and unbounded fan-in AND and OR gates), or an ACC0[p] circuit (which is the same as AC0, except that it also uses MODp gates) which outputs a limited number of bits.Noisy leakage, where the measurement apparatus reveals all the bits of the state of the circuit, perturbed by independent binomial noise. Namely, each bit of the computation is perturbed with probability p, and remains unchanged with probability 1 − p. |
| Author | Faust, Sebastian Tromer, Eran Rabin, Tal Reyzin, Leonid Vaikuntanathan, Vinod |
| Author_xml | – sequence: 1 givenname: Sebastian surname: Faust fullname: Faust, Sebastian organization: K.U. Leuven ESAT-COSIC/IBBT, – sequence: 2 givenname: Tal surname: Rabin fullname: Rabin, Tal organization: IBM Research, – sequence: 3 givenname: Leonid surname: Reyzin fullname: Reyzin, Leonid organization: Boston University, – sequence: 4 givenname: Eran surname: Tromer fullname: Tromer, Eran organization: MIT, – sequence: 5 givenname: Vinod surname: Vaikuntanathan fullname: Vaikuntanathan, Vinod organization: IBM Research, |
| BookMark | eNotkMtOwzAQRQ0Uibb0C9j4Bwy2x7EddhCVh1QeC1hbduKU9BFXsbvo32NKZ3M1916NRmeCRn3oPUI3jN4yStVdqTQBIgUnDFhJSWHUGZpANo57cY7GTDJGAER5gWa5fsp0WY7QmALlpFQCrtAsxhXNI4TkQo7R2-cQkq9T1y9x1Q31vksRt0PY4oW3a7v09zj9eFyF7W6fbOpCbzebA3kM-77xDbZ9g99DFw-4stHHa3TZ2k30s5NO0ffT_Kt6IYuP59fqYUFWQHUiSlJnla5docFz7kBbRS1rlS2kdY4KpTkF7XxDG8Zkw8BLZa3IVdlKXsMUsf-7cTfkz_1gXAjraBg1f7xMBmDAZATmyMdkXvALnHxasQ |
| ContentType | Book Chapter |
| Copyright | Springer-Verlag Berlin Heidelberg 2010 |
| Copyright_xml | – notice: Springer-Verlag Berlin Heidelberg 2010 |
| DOI | 10.1007/978-3-642-13190-5_7 |
| DatabaseTitleList | |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Computer Science |
| EISBN | 3642131905 9783642131905 |
| EISSN | 1611-3349 |
| Editor | Gilbert, Henri |
| Editor_xml | – sequence: 1 givenname: Henri surname: Gilbert fullname: Gilbert, Henri email: henri.gilbert@orange-ftgroup.com |
| EndPage | 156 |
| GroupedDBID | -DT -GH -~X 1SB 29L 2HA 2HV 5QI 875 AASHB ABMNI ACGFS ADCXD AEFIE ALMA_UNASSIGNED_HOLDINGS EJD F5P FEDTE HVGLF LAS LDH P2P RIG RNI RSU SVGTG VI1 ~02 |
| ID | FETCH-LOGICAL-j308t-760ba78cb583e22b38a70a1f7a56abb04782038bed0d116d13e67aa422b6f62c3 |
| ISBN | 9783642131899 3642131891 |
| ISSN | 0302-9743 |
| IngestDate | Wed Nov 06 06:20:12 EST 2024 |
| IsDoiOpenAccess | false |
| IsOpenAccess | true |
| IsPeerReviewed | true |
| IsScholarly | true |
| Language | English |
| LinkModel | OpenURL |
| MergedId | FETCHMERGED-LOGICAL-j308t-760ba78cb583e22b38a70a1f7a56abb04782038bed0d116d13e67aa422b6f62c3 |
| OpenAccessLink | https://link.springer.com/content/pdf/10.1007/978-3-642-13190-5_7.pdf |
| PageCount | 22 |
| ParticipantIDs | springer_books_10_1007_978_3_642_13190_5_7 |
| PublicationCentury | 2000 |
| PublicationDate | 2010 |
| PublicationDateYYYYMMDD | 2010-01-01 |
| PublicationDate_xml | – year: 2010 text: 2010 |
| PublicationDecade | 2010 |
| PublicationPlace | Berlin, Heidelberg |
| PublicationPlace_xml | – name: Berlin, Heidelberg |
| PublicationSeriesTitle | Lecture Notes in Computer Science |
| PublicationSubtitle | 29th Annual International Conference on the Theory and Applications of Cryptographic Techniques, French Riviera, May 30 – June 3, 2010. Proceedings |
| PublicationTitle | Advances in Cryptology – EUROCRYPT 2010 |
| PublicationYear | 2010 |
| Publisher | Springer Berlin Heidelberg |
| Publisher_xml | – name: Springer Berlin Heidelberg |
| RelatedPersons | Kleinberg, Jon M. Mattern, Friedemann Nierstrasz, Oscar Steffen, Bernhard Kittler, Josef Vardi, Moshe Y. Weikum, Gerhard Sudan, Madhu Naor, Moni Mitchell, John C. Terzopoulos, Demetri Pandu Rangan, C. Kanade, Takeo Hutchison, David Tygar, Doug |
| RelatedPersons_xml | – sequence: 1 givenname: David surname: Hutchison fullname: Hutchison, David organization: Lancaster University, Lancaster, UK – sequence: 2 givenname: Takeo surname: Kanade fullname: Kanade, Takeo organization: Carnegie Mellon University, Pittsburgh, USA – sequence: 3 givenname: Josef surname: Kittler fullname: Kittler, Josef organization: University of Surrey, Guildford, UK – sequence: 4 givenname: Jon M. surname: Kleinberg fullname: Kleinberg, Jon M. organization: Cornell University, Ithaca, USA – sequence: 5 givenname: Friedemann surname: Mattern fullname: Mattern, Friedemann organization: ETH Zurich, Zurich, Switzerland – sequence: 6 givenname: John C. surname: Mitchell fullname: Mitchell, John C. organization: Stanford University, Stanford, USA – sequence: 7 givenname: Moni surname: Naor fullname: Naor, Moni organization: Weizmann Institute of Science, Rehovot, Israel – sequence: 8 givenname: Oscar surname: Nierstrasz fullname: Nierstrasz, Oscar organization: University of Bern, Bern, Switzerland – sequence: 9 givenname: C. surname: Pandu Rangan fullname: Pandu Rangan, C. organization: Indian Institute of Technology, Madras, India – sequence: 10 givenname: Bernhard surname: Steffen fullname: Steffen, Bernhard organization: University of Dortmund, Dortmund, Germany – sequence: 11 givenname: Madhu surname: Sudan fullname: Sudan, Madhu organization: Massachusetts Institute of Technology, USA – sequence: 12 givenname: Demetri surname: Terzopoulos fullname: Terzopoulos, Demetri organization: University of California, Los Angeles, USA – sequence: 13 givenname: Doug surname: Tygar fullname: Tygar, Doug organization: University of California, Berkeley, USA – sequence: 14 givenname: Moshe Y. surname: Vardi fullname: Vardi, Moshe Y. organization: Rice University, Houston, USA – sequence: 15 givenname: Gerhard surname: Weikum fullname: Weikum, Gerhard organization: Max-Planck Institute of Computer Science, Saarbrücken, Germany |
| SSID | ssj0000446246 ssj0002792 |
| Score | 2.2290835 |
| Snippet | Physical computational devices leak side-channel information that may, and often does, reveal secret internal states. We present a general transformation that... |
| SourceID | springer |
| SourceType | Publisher |
| StartPage | 135 |
| SubjectTerms | Boolean Circuit Constant Depth Circuit Output Length Parity Gate Security Parameter |
| Title | Protecting Circuits from Leakage: the Computationally-Bounded and Noisy Cases |
| URI | http://link.springer.com/10.1007/978-3-642-13190-5_7 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://sdu.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwtV1Lj9MwELbaPSEOvMVbPnCiipTEie0gcaEUcSjVqhQJTpHTTKWFVYva9FB-PTMeOy27AmkPXKzIimJnvmRsz-MbIV5Z6yAzDpJiZbHRyzKptGuTsgRQqTNKKV_E9rOZfbXvJ8VkMIh1B499_xVp7EOsKXP2Bmj3D8UOvEbMsUXUsb2yIf7T9Mohx-zR9zGu4-3hZ8cMSzGiQY0ocG88_3a-GJF_ugePyH-8HRRwVetOvpi5a5hkYOH6UIw5HH5x5xRQI7T94Z-YDzh7ZhufwNM6ZzIIH2JwsV3uyVnh81qm4H6gQovBJVxiIpgnLw_JO6r5BJ5MdjTbXOxQfeGiy6cAEibs3k6DD2S26cJrhzIVUWudmjV8dNypWSOaNUf_YP3yGShFnqFa4iJLMREMlTwek1hvAut1TWyNitlRg67OmCclLPsZ85tfW1FOg0hwsARHq9KkrM1QDE1VcsZgb9Uj93hOB-ywFyB6RvZj8ZQouyhOOWP-p-Mr9KRYzHt8Zbxrrnq_A1rcFbcpK0ZSugoK954YwPq-uBOFLYOwH4hPR6xlxFoS1jJg_UYi0vIvSEtEWnqkpUf6ofjyYbIYf0xCyY7ku0ptlxidNs7YZVNaBXneKOtM6rKVcaV2TUNUUHmqbANt2maZbjMF2jhX4K16pfOleiTO1ps1PBZSVWqpbbpSVaspndop1eByZK2GIocmfSJeR3nU9MPt6sjAjcKrVY3Cq73wahTe05vc_EzcOn6Rz8VZt93DCzHctfuXHu3fENl4MA |
| link.rule.ids | 781,782,786,795,27934 |
| linkProvider | IEEE |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.title=Advances+in+Cryptology+%E2%80%93+EUROCRYPT+2010&rft.au=Faust%2C+Sebastian&rft.au=Rabin%2C+Tal&rft.au=Reyzin%2C+Leonid&rft.au=Tromer%2C+Eran&rft.atitle=Protecting+Circuits+from+Leakage%3A+the+Computationally-Bounded+and+Noisy+Cases&rft.series=Lecture+Notes+in+Computer+Science&rft.date=2010-01-01&rft.pub=Springer+Berlin+Heidelberg&rft.isbn=9783642131899&rft.issn=0302-9743&rft.eissn=1611-3349&rft.spage=135&rft.epage=156&rft_id=info:doi/10.1007%2F978-3-642-13190-5_7 |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=0302-9743&client=summon |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=0302-9743&client=summon |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=0302-9743&client=summon |