On the Orthogonal Vector Problem and the Feasibility of Unconditionally Secure Leakage-Resilient Computation

  • Ivan Damgård
  • Frédéric Dupuis
  • Jesper Buus Nielsen
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9063)

Abstract

We consider unconditionally secure leakage resilient two- party computation. Security means that the leakage obtained by an adversary can be simulated using a similar amount of leakage from the private inputs or outputs. A related problem is known as circuit compilation, where there is only one device doing a computation on public input and output. Here the goal is to ensure that the adversary learns only the input/output behaviour of the computation, even given leakage from the internal state of the device. We study these problems in an enhanced version of the “only computation leaks” model, where the adversary is additionally allowed a bounded amount of global leakage from the state of the entity under attack. In this model, we show the first unconditionally secure leakage resilient two-party computation protocol. The protocol assumes access to correlated randomness in the form of a functionality \(f_{\sc Ort}\) that outputs pairs of orthogonal vectors (u,v) over some finite field, where the adversary can leak independently from u and from v. We also construct a general circuit compiler secure in the same leakage model. Our constructions work, even if the adversary is allowed to corrupt a constant fraction of the calls to \(f_{\sc Ort}\) and decide which vectors should be output. On the negative side, we show that unconditionally secure two-party computation and circuit compilation are in general impossible in the plain version of our model. It follows that even a somewhat unreliable version of \(f_{\sc Ort}\) cannot be implemented with unconditional security in the plain leakage model, using classical communication. However, we show that an implementation using quantum communication does exist. In particular, we propose a simple “prepare-and-measure” type protocol which we show secure using a new result on sampling from a quantum population. Although the protocol may produce a small number of incorrect pairs, this is sufficient for leakage resilient computation by our other results. To the best of our knowledge, this is the first time a quantum protocol is used constructively for leakage resilience.

Note that the full version of this paper is available at [6].

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Ben-Or, M., Goldwasser, S., Wigderson, A.: Completeness theorems for non-cryptographic fault-tolerant distributed computation. In: Proc. STOC 1988, pp. 1–10 (1988)Google Scholar
  2. 2.
    Bitansky, N., Canetti, R., Halevi, S.: Leakage-tolerant interactive protocols. In: Cramer, R. (ed.) TCC 2012. LNCS, vol. 7194, pp. 266–284. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  3. 3.
    Boyle, E., Goldwasser, S., Jain, A., Kalai, Y.T.: Multiparty computation secure against continual memory leakage. In: Proc. STOC 2012, pp. 1235–1254. ACM (2012)Google Scholar
  4. 4.
    Canetti, R.: Security and composition of multiparty cryptographic protocols. J. Cryptology 13(1), 143–202 (2000)CrossRefMATHMathSciNetGoogle Scholar
  5. 5.
    Christandl, M., König, R., Renner, R.: Postselection technique for quantum channels with applications to quantum cryptography. Phys. Rev. Lett. 102, 020504 (2009)Google Scholar
  6. 6.
    Damgård, I., Dupuis, F., Nielsen, J.B.: On the orthogonal vector problem and the feasibility of unconditionally secure leakage resilient computation. Cryptology ePrint Archive, Report 2014/282 (2014)Google Scholar
  7. 7.
    Dziembowski, S., Faust, S.: Leakage-resilient cryptography from the inner-product extractor. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 702–721. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  8. 8.
    Dziembowski, S., Faust, S.: Leakage-resilient circuits without computational assumptions. In: Cramer, R. (ed.) TCC 2012. LNCS, vol. 7194, pp. 230–247. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  9. 9.
    Goldwasser, S., Rothblum, G.N.: How to compute in the presence of leakage. In: Proc. FOCS 2012, pp. 31–40. IEEE (2012)Google Scholar
  10. 10.
    Kilian, J.: A note on efficient zero-knowledge proofs and arguments (extended abstract). In: Kosaraju, S.R., Fellows, M., Wigderson, A., Ellis, J.A. (eds.) STOC, pp. 723–732. ACM (1992)Google Scholar
  11. 11.
    Micali, S., Reyzin, L.: Physically observable cryptography. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 278–296. Springer, Heidelberg (2004)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Ivan Damgård
    • 1
  • Frédéric Dupuis
    • 2
  • Jesper Buus Nielsen
    • 1
  1. 1.Department of Computer ScienceAarhus UniversityAarhusDenmark
  2. 2.Faculty of InformaticsMasaryk UniversityBrnoCzech Republic

Personalised recommendations