Advances in Cryptology – ASIACRYPT 2011

Volume 7073 of the series Lecture Notes in Computer Science pp 722-739

Program Obfuscation with Leaky Hardware

  • Nir BitanskyAffiliated withTel Aviv University
  • , Ran CanettiAffiliated withTel Aviv UniversityBoston University
  • , Shafi GoldwasserAffiliated withMIT and Weizmann Institute of Science
  • , Shai HaleviAffiliated withIBM T.J. Watson Research Center
  • , Yael Tauman KalaiAffiliated withMicrosoft Research
  • , Guy N. RothblumAffiliated withMicrosoft Research


We consider general program obfuscation mechanisms using “somewhat trusted” hardware devices, with the goal of minimizing the usage of the hardware, its complexity, and the required trust. Specifically, our solution has the following properties:

(i) The obfuscation remains secure even if all the hardware devices in use are leaky. That is, the adversary can obtain the result of evaluating any function on the local state of the device, as long as this function has short output. In addition the adversary also controls the communication between the devices.

(ii) The number of hardware devices used in an obfuscation and the amount of work they perform are polynomial in the security parameter independently of the obfuscated function’s complexity.

(iii) A (universal) set of hardware components, owned by the user, is initialized only once and from that point on can be used with multiple “software-based” obfuscations sent by different vendors.