Private Circuits: Securing Hardware against Probing Attacks

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2729)


Can you guarantee secrecy even if an adversary can eavesdrop on your brain? We consider the problem of protecting privacy in circuits, when faced with an adversary that can access a bounded number of wires in the circuit. This question is motivated by side channel attacks, which allow an adversary to gain partial access to the inner workings of hardware. Recent work has shown that side channel attacks pose a serious threat to cryptosystems implemented in embedded devices. In this paper, we develop theoretical foundations for security against side channels. In particular, we propose several efficient techniques for building private circuits resisting this type of attacks. We initiate a systematic study of the complexity of such private circuits, and in contrast to most prior work in this area provide a formal threat model and give proofs of security for our constructions.


Cryptanalysis side channel attacks provable security secure multi-party computation circuit complexity 


  1. 1.
    Ajtai, M., Komlos, J., Szemeredi, E.: An O(n log n) sorting network. In: Proceedings of the 15th STOC, pp. 1–9 (1983)Google Scholar
  2. 2.
    Anderson, R., Kuhn, M.: Tamper Resistance—A Cautionary Note. In: USENIX E-Commerce Workshop, pp. 1–11. USENIX Press (1996)Google Scholar
  3. 3.
    Anderson, R., Kuhn, M.: Soft Tempest: Hidden Data Transmission Using Electromagnetic Emanations. In: Proc. 2nd Workshop on Information Hiding. Springer, Heidelberg (1998)Google Scholar
  4. 4.
    Barak, B., Goldreich, O., Impagliazzo, R., Rudich, S., Sahai, A., Vadhan, S., Yang, K.: On the (Im)possibility of obfuscating programs. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, p. 1. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  5. 5.
    Batcher, K.: Sorting Networks and their Applications. In: Proc. AFiPS Spring Joint Conference, vol. 32, pp. 307–314 (1988)Google Scholar
  6. 6.
    Ben-Or, M., Goldwasser, S., Widgerson, A.: Completeness theorems for non-cryptographic fault-tolerant distributed computation. In: Proc. of 20th STOC (1988)Google Scholar
  7. 7.
    Boneh, D., Demillo, R.A., Lipton, R.J.: On the Importance of Checking Cryptographic Protocols for Faults. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 37–51. Springer, Heidelberg (1997)Google Scholar
  8. 8.
    Canetti, R.: Security and composition of multiparty cryptographic protocols. J. of Cryptology 13(1) (2000)Google Scholar
  9. 9.
    Canetti, R., Dodis, Y., Halevi, S., Kushilevitz, E., Sahai, A.: Exposure-Resilient Functions and All-or-Nothing Transforms. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 453–469. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  10. 10.
    Canetti, R., Herzberg, A.: Maintaining Security in the Presence of Transient Faults. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 425–438. Springer, Heidelberg (1994)Google Scholar
  11. 11.
    Chari, S., Jutla, C.S., Rao, J.R., Rohatgi, P.: Towards Sound Approaches to Counteract Power- Analysis Attacks. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 398–412. Springer, Heidelberg (1999)Google Scholar
  12. 12.
    Chaum, D., Crepeau, C., Damgård, I.: Multiparty unconditional secure protocols. In: Proc. of 20th STOC (1988)Google Scholar
  13. 13.
    Cramer, R., Damgård, I., Maurer, U.: General secure multi-party computation from any linear secret-sharing scheme. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, p. 316. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  14. 14.
    Coron, J.-S., Goubin, L.: On Boolean and Arithmetic Masking against Differential Power Analysis. In: Paar, C., Koç, Ç.K. (eds.) CHES 2000. LNCS, vol. 1965, pp. 231–237. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  15. 15.
    Daemen, J., Rijmen, V.: Resistance Against Implementation Attacks: A Comparative Study of the AES Proposals. In: AES 1999 (March 1999)Google Scholar
  16. 16.
    Gandolfi, K., Mourtel, C., Olivier, F.: Electromagnetic Analysis: Concrete Results. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, p. 251. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  17. 17.
    Gennaro, R., Rabin, M.O., Rabin, T.: Simplified VSS and fast-track multiparty computations with applications to threshold cryptography. In: Proc. of 17th PODC (1998)Google Scholar
  18. 18.
    Goldreich, O., Goldwasser, S., Micali, S.: How to construct random functions. JACM 33(4), 792–807 (1986)CrossRefMathSciNetGoogle Scholar
  19. 19.
    Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game (extended abstract). In: Proc. of 19th STOC (1987)Google Scholar
  20. 20.
    Goldreich, O., Ostrovsky, R.: Software Protection and Simulation on Oblivious RAMs. JACM 43(3), 431–473 (1996)zbMATHCrossRefMathSciNetGoogle Scholar
  21. 21.
    Goubin, L., Patarin, J.: DES and Differential Power Analysis—The Duplication Method. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 158–172. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  22. 22.
    Hirt, M., Maurer, U.: Robustness for free in unconditional multi-party computation. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, p. 101. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  23. 23.
    Kahn, D.: The Codebreakers. The MacMillan Company, Basingstoke (1967)Google Scholar
  24. 24.
    Kelsey, J., Schneier, B., Wagner, D.: Side Channel Cryptanalysis of Product Ciphers. In: Quisquater, J.-J., Deswarte, Y., Meadows, C., Gollmann, D. (eds.) ESORICS 1998. LNCS, vol. 1485, pp. 97–110. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  25. 25.
    Kocher, P.: Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)Google Scholar
  26. 26.
    Kocher, P., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)Google Scholar
  27. 27.
    Messerges, T.S.: Securing the AES Finalists Against Power Analysis Attacks. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, p. 150. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  28. 28.
    Micali, S., Reyzin, L.: A model for physically observable cryptography. Manuscript (2003)Google Scholar
  29. 29.
    Ostrovsky, R., Yung, M.: How to withstand mobile virus attacks. In: Proc. of 10th PODC (1991)Google Scholar
  30. 30.
    Page, D.: Theoretical Use of Cache Memory as a Cryptanalytic Side-Channel. Tech. report CSTR-02-003, Computer Science Dept., Univ. of Bristol (June 2002)Google Scholar
  31. 31.
    Pfitzmann, B., Schunter, M., Waidner, M.: Secure Reactive Systems, IBM Technical report RZ 3206 (93252) (May 2000)Google Scholar
  32. 32.
    Quisquater, J.-J., Samyde, D.: Eddy current for Magnetic Analysis with Active Sensor. In: Esmart 2002 (September 2002)Google Scholar
  33. 33.
    Quisquater, J.-J., Samyde, D.: ElectroMagnetic Analysis (EMA): Measures and Counter- Measures for Smart Cards. In: Attali, S., Jensen, T. (eds.) Esmart 2001. LNCS, vol. 2140, p. 200. Springer, Heidelberg (2001)Google Scholar
  34. 34.
    Rao, J.R., Rohatgi, P.: EMpowering Side-Channel Attacks. IACR ePrint 2001/037Google Scholar
  35. 35.
    US Air Force, Air Force Systems Security Memorandum 7011—Emission Security Countermeasures Review, May 1 (1998)Google Scholar
  36. 36.
    van Eck, W.: Electromagnetic Radiation fromVideo Display Units:An Eavesdropping Risk. Computers & Security 4, 269–286 (1985)CrossRefGoogle Scholar
  37. 37.
    Wright, D.: Spycatcher. Viking Penguin Inc., New York (1987)Google Scholar
  38. 38.
    Yao, A.C.: How to generate and exchange secrets. In: Proc. of 27th FOCS (1986)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  1. 1.Israel Institute of TechnologyTechnion 
  2. 2.Princeton University 
  3. 3.University of CaliforniaBerkeley

Personalised recommendations