Theory and practice of a leakage resilient masking scheme
ASIACRYPT'12 Proceedings of the 18th international conference on The Theory and Application of Cryptology and Information Security
Shielding circuits with groups
Proceedings of the forty-fifth annual ACM symposium on Theory of computing
Robust pseudorandom generators
ICALP'13 Proceedings of the 40th international conference on Automata, Languages, and Programming - Volume Part I
Iterated group products and leakage resilience against NC1
Proceedings of the 5th conference on Innovations in theoretical computer science
Hi-index | 0.00 |
We address the following problem: how to execute any algorithm P, for an unbounded number of executions, in the presence of an adversary who observes partial information on the internal state of the computation during executions. The security guarantee is that the adversary learns nothing, beyond P's input/output behavior. This general problem is important for running cryptographic algorithms in the presence of side-channel attacks, as well as for running non-cryptographic algorithms, such as a proprietary search algorithm or a game, on a cloud server where parts of the execution's internals might be observed. Our main result is a compiler, which takes as input an algorithm P and a security parameter k, and produces a functionally equivalent algorithm P'. The running time of P' is a factor of poly(k)slower than P. P' will be composed of a series of calls to poly(k)-time computable sub-algorithms. During the executions of P', an adversary algorithm A, which can choose the inputs of P', can learn the results of adaptively chosen leakage functions -- each of bounded output size $\tilde{\Omega}(k)$ -- on the sub-algorithms of P' and the randomness they use. We prove that any {\it computationally unbounded} A observing the results of computationally unbounded leakage functions, will learn no more from its observations than it could given black-box access only to the input-output behavior of P. This result is unconditional and does not rely on any secure hardware components.