Towards a theory of software protection and simulation by oblivious RAMs
STOC '87 Proceedings of the nineteenth annual ACM symposium on Theory of computing
Efficient computation on oblivious RAMs
STOC '90 Proceedings of the twenty-second annual ACM symposium on Theory of computing
Software protection and simulation on oblivious RAMS
Software protection and simulation on oblivious RAMS
Software protection and simulation on oblivious RAMs
Journal of the ACM (JACM)
Relations Among Complexity Measures
Journal of the ACM (JACM)
The Design and Analysis of Computer Algorithms
The Design and Analysis of Computer Algorithms
Oblivious RAMs without cryptogrpahic assumptions
Proceedings of the forty-second ACM symposium on Theory of computing
Securing computation against continuous leakage
CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
Protecting circuits from leakage: the computationally-bounded and noisy cases
EUROCRYPT'10 Proceedings of the 29th Annual international conference on Theory and Applications of Cryptographic Techniques
Leakage-resilient zero knowledge
CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
A leakage-resilient zero knowledge proof for lattice problem
CSS'12 Proceedings of the 4th international conference on Cyberspace Safety and Security
Robust pseudorandom generators
ICALP'13 Proceedings of the 40th international conference on Automata, Languages, and Programming - Volume Part I
| Hi-index | 0.00 |
Assume that Alice is running a program P on a RAM, and an adversary Bob would like to get some information about the input or output of the program. At each time, during the execution of P, Bob is able to see the addresses of the memory cells involved in the instruction which is executed and the name of the instruction. In addition to this, at certain times, Bob can even see the contents of all of the memory cells involved in the instruction. We will call a time when this happens a compromised time. Bob can choose the compromised times in an adaptive way, that is, immediately before the instruction at time t is executed, Bob, using all of the information at his disposal, can decide whether time t will be compromised or not. The only restriction on his choice is, that among m consecutive instructions there can be at most ε m whose time is compromised, where ε0 is a small constant. We show that if m= c⌊ log n ⌋, where c0 is a large constant, then for each program P, using n memory cells and time T=O(poly(n)), Alice can construct a functionally equivalent program P', such that the probability that Bob gets any nontrivial information about the input of P is negligible, and the time and space requirements of P' grows, compared to P, only by a factor of poly(log n). We assume that the program P' gets its input in an encoded form, namely each input bit b is encoded by a random 0,1-sequence of length m whose parity is b. The output bits must be encoded by P' in a similar way. As part of the proof of the result described above we also construct for all positive integers m, and for all boolean circuits C of size n a functionally equivalent circuit C' of size O(n poly(m)) with the following properties. Assume that an adversary can observe each bit going through the wires of the circuit C' independently with a probability of ε, where ε0 is a small constant, and each input/output bit of C is encoded by m input/output bits of C' the same way as described above for RAMs. Then, such an adversary, while observing C', can get any information about the input/output of the circuit C only with a probability of ne-cm, where c0 is a constant.