Cryptographic Hardware and Embedded Systems, CHES 2010

Volume 6225 of the series Lecture Notes in Computer Science pp 383-397

Garbled Circuits for Leakage-Resilience: Hardware Implementation and Evaluation of One-Time Programs

(Full Version)
  • Kimmo JärvinenAffiliated withDep. of Information and Comp. Science, Aalto University
  • , Vladimir KolesnikovAffiliated withAlcatel-Lucent Bell Laboratories
  • , Ahmad-Reza SadeghiAffiliated withHorst Görtz Institute for IT-Security, Ruhr-University Bochum
  • , Thomas SchneiderAffiliated withHorst Görtz Institute for IT-Security, Ruhr-University Bochum


The power of side-channel leakage attacks on cryptographic implementations is evident. Today’s practical defenses are typically attack-specific countermeasures against certain classes of side-channel attacks. The demand for a more general solution has given rise to the recent theoretical research that aims to build provably leakage-resilient cryptography. This direction is, however, very new and still largely lacks practitioners’ evaluation with regard to both efficiency and practical security. A recent approach, One-Time Programs (OTPs), proposes using Yao’s Garbled Circuit (GC) and very simple tamper-proof hardware to securely implement oblivious transfer, to guarantee leakage resilience.

Our main contributions are (i) a generic architecture for using GC/ OTP modularly, and (ii) hardware implementation and efficiency analysis of GC/OTP evaluation. We implemented two FPGA-based prototypes: a system-on-a-programmable-chip with access to hardware crypto accelerator (suitable for smartcards and future smartphones), and a stand-alone hardware implementation (suitable for ASIC design). We chose AES as a representative complex function for implementation and measurements. As a result of this work, we are able to understand, evaluate and improve the practicality of employing GC/OTP as a leakage-resistance approach.