Program Obfuscation with Leaky Hardware

  • Nir Bitansky
  • Ran Canetti
  • Shafi Goldwasser
  • Shai Halevi
  • Yael Tauman Kalai
  • Guy N. Rothblum
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7073)


We consider general program obfuscation mechanisms using “somewhat trusted” hardware devices, with the goal of minimizing the usage of the hardware, its complexity, and the required trust. Specifically, our solution has the following properties:

(i) The obfuscation remains secure even if all the hardware devices in use are leaky. That is, the adversary can obtain the result of evaluating any function on the local state of the device, as long as this function has short output. In addition the adversary also controls the communication between the devices.

(ii) The number of hardware devices used in an obfuscation and the amount of work they perform are polynomial in the security parameter independently of the obfuscated function’s complexity.

(iii) A (universal) set of hardware components, owned by the user, is initialized only once and from that point on can be used with multiple “software-based” obfuscations sent by different vendors.


Hardware Component Homomorphic Encryption Secret State Hardware Device Update Procedure 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Akavia, A., Goldwasser, S., Hazay, C.: Distributed Public Key Encryption Schemes (2010) (manuscript)Google Scholar
  2. 2.
    Akavia, A., Goldwasser, S., Vaikuntanathan, V.: Simultaneous Hardcore Bits and Cryptography against Memory Attacks. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 474–495. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  3. 3.
    Atici, M., Stinson, D.R.: Universal Hashing and Multiple Authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 16–30. Springer, Heidelberg (1996)Google Scholar
  4. 4.
    Barak, B., Goldreich, O.: Universal arguments and their applications. SIAM J. Comput. 38(5), 1661–1694 (2008)CrossRefzbMATHMathSciNetGoogle Scholar
  5. 5.
    Barak, B., Goldreich, O., Goldwasser, S., Lindell, Y.: Resettably-sound zero-knowledge and its applications. In: FOCS, pp. 116–125 (2001)Google Scholar
  6. 6.
    Barak, B., Goldreich, O., Impagliazzo, R., Rudich, S., Sahai, A., Vadhan, S.P., Yang, K.: On the (Im)possibility of Obfuscating Programs. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 1–18. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  7. 7.
    Best, R.M.: Microprocessor for executing enciphered programs. US Patent 4168396 (1979)Google Scholar
  8. 8.
    Bitansky, N., Canetti, R.: On Strong Simulation and Composable Point Obfuscation. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 520–537. Springer, Heidelberg (2010)Google Scholar
  9. 9.
    Bitansky, N., Canetti, R., Goldwasser, S., Halevi, S., Rothblum, G.: Obfuscation with leaky hardware (2011), Long Version on
  10. 10.
    Bitansky, N., Canetti, R., Halevi, S.: Leakage tolerant interactive protocols (2011) (manuscript),
  11. 11.
    Canetti, R., Dakdouk, R.R.: Obfuscating Point Functions with Multibit Output. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 489–508. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  12. 12.
    Canetti, R., Feige, U., Goldreich, O., Naor, M.: Adaptively Secure Multi-party Computation. In: 28th Annual ACM Symposium on the Theory of Computing - STOC 1996, Philadelphia, PA, pp. 639–648. ACM (May 1996)Google Scholar
  13. 13.
    Canetti, R., Gennaro, R., Herzberg, A., Naor, D.: Proactive security: Long-term Protection against break-ins. CryptoBytes 3(1) (1997)Google Scholar
  14. 14.
    Canetti, R., Goldreich, O., Goldwasser, S., Micali, S.: Resettable zero-knowledge (extended abstract). In: STOC, pp. 235–244 (2000)Google Scholar
  15. 15.
    Canetti, R., Rothblum, G.N., Varia, M.: Obfuscation of Hyperplane Membership. In: Micciancio, D. (ed.) TCC 2010. LNCS, vol. 5978, pp. 72–89. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  16. 16.
    Dziembowski, S., Pietrzak, K.: Leakage-resilient cryptography. In: 49th FOCS - 2008, pp. 293–302. IEEE Computer Society (2008)Google Scholar
  17. 17.
    Faust, S., Rabin, T., Reyzin, L., Tromer, E., Vaikuntanathan, V.: Protecting Circuits from Leakage: the Computationally-Bounded and Noisy Cases. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 135–156. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  18. 18.
    Gentry, C.: Fully homomorphic encryption using ideal lattices. In: Proceedings of the 41st ACM Symposium on Theory of Computing – STOC 2009, pp. 169–178. ACM (2009)Google Scholar
  19. 19.
    Goldreich, O., Ostrovsky, R.: Software protection and simulation on oblivious rams. J. ACM 43(3), 431–473 (1996)CrossRefzbMATHMathSciNetGoogle Scholar
  20. 20.
    Goldwasser, S., Kalai, Y.T.: On the impossibility of obfuscation with auxiliary input. In: 46th FOCS, pp. 553–562. IEEE Computer Society (2005)Google Scholar
  21. 21.
    Goldwasser, S., Kalai, Y.T., Rothblum, G.N.: One-Time Programs. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 39–56. Springer, Heidelberg (2008)Google Scholar
  22. 22.
    Goldwasser, S., Rothblum, G.: Unconditionally securing general computation against continuous only-computation leakage (2011) (manuscript)Google Scholar
  23. 23.
    Goldwasser, S., Rothblum, G.N.: On Best-Possible Obfuscation. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 194–213. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  24. 24.
    Goldwasser, S., Rothblum, G.N.: Securing Computation against Continuous Leakage. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 59–79. Springer, Heidelberg (2010)Google Scholar
  25. 25.
    Goyal, V., Ishai, Y., Sahai, A., Venkatesan, R., Wadia, A.: Founding Cryptography on Tamper-Proof Hardware Tokens. In: Micciancio, D. (ed.) TCC 2010. LNCS, vol. 5978, pp. 308–326. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  26. 26.
    Hofheinz, D., Malone-Lee, J., Stam, M.: Obfuscation for Cryptographic Purposes. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 214–232. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  27. 27.
    Juma, A., Vahlis, Y.: Protecting Cryptographic Keys against Continual Leakage. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 41–58. Springer, Heidelberg (2010)Google Scholar
  28. 28.
    Kent, S.T.: Protecting externally supplied software in small computers. PhD thesis, Massachusetts Institute of Technology (1981)Google Scholar
  29. 29.
    Micali, S., Reyzin, L.: Physically Observable Cryptography. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 278–296. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  30. 30.
    Ostrovsky, R., Yung, M.: How to withstand mobile virus attacks. In: 10th Annual ACM Symposium on Principles of Distributed Computing, PODC 1991, pp. 51–59. ACM (1991)Google Scholar
  31. 31.
    Rivest, R., Adleman, L., Dertouzos, M.: On data banks and privacy homomorphisms. In: Foundations of Secure Computation, pp. 169–177. Academic Press (1978)Google Scholar
  32. 32.
    Wee, H.: On obfuscating point functions. In: STOC 2005, pp. 523–532 (2005)Google Scholar
  33. 33.
    Wegman, M., Carter, L.: New hash functions and their use in authentication and set equality. J. of Computer and System Sciences 22, 265–279 (1981)CrossRefzbMATHMathSciNetGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2011

Authors and Affiliations

  • Nir Bitansky
    • 1
  • Ran Canetti
    • 1
    • 2
  • Shafi Goldwasser
    • 3
  • Shai Halevi
    • 4
  • Yael Tauman Kalai
    • 5
  • Guy N. Rothblum
    • 5
  1. 1.Tel Aviv UniversityIsrael
  2. 2.Boston UniversityUSA
  3. 3.MIT and Weizmann Institute of ScienceUSA
  4. 4.IBM T.J. Watson Research CenterUSA
  5. 5.Microsoft ResearchUSA

Personalised recommendations