How to Compute under \({\mathcal {\varvec{AC}}}^\mathbf{0}\) Leakage without Secure Hardware

  • Guy N. Rothblum
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7417)


We study the problem of computing securely in the presence of leakage on the computation’s internals. Our main result is a general compiler that compiles any algorithm P, viewed as a boolean circuit, into a functionally equivalent algorithm \(P'\). The compiled \(P'\) can then be run repeatedly on adversarially chosen inputs in the presence of leakage on its internals: In each execution of \(P'\), an \({\mathcal {AC}}^{0}\) adversary can (adaptively) choose any leakage function that can be computed in \({\mathcal {AC}}^{0}\) and has bounded output length, apply it to the values on \(P'\)’s internal wires in that execution, and view its output. We show that no such leakage adversary can learn more than P’s input-output behavior. In particular, the internals of P are protected.

Security does not rely on any secure hardware, and is proved under a computational intractability assumption regarding the hardness of computing inner products for \({\mathcal {AC}}^{0}\) circuits with pre-processing. This new assumption has connections to long-standing open problems in complexity theory.


Security Proof Secret State Side Channel Attack Boolean Circuit Original Circuit 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. [AGV09]
    Akavia, A., Goldwasser, S., Vaikuntanathan, V.: Simultaneous Hardcore Bits and Cryptography against Memory Attacks. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 474–495. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  2. [Ajt11]
    Ajtai, M.: Secure computation with information leaking to an adversary. In: STOC, pp. 715–724 (2011)Google Scholar
  3. [BFS86]
    Babai, L., Frankl, P., Simon, J.: Complexity classes in communication complexity theory (preliminary version). In: FOCS, pp. 337–347 (1986)Google Scholar
  4. [BGI+01]
    Barak, B., Goldreich, O., Impagliazzo, R., Rudich, S., Sahai, A., Vadhan, S.P., Yang, K.: On the (Im)possibility of Obfuscating Programs. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 1–18. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  5. [BKKV10]
    Brakerski, Z., Kalai, Y.T., Katz, J., Vaikuntanathan, V.: Overcoming the hole in the bucket: Public-key cryptography resilient to continual memory leakage. In: FOCS, pp. 501–510 (2010)Google Scholar
  6. [DI06]
    Dubrov, B., Ishai, Y.: On the randomness complexity of efficient sampling. In: STOC, pp. 711–720 (2006)Google Scholar
  7. [DP08]
    Dziembowski, S., Pietrzak, K.: Leakage-resilient cryptography. In: FOCS, pp. 293–302 (2008)Google Scholar
  8. [FRR+10]
    Faust, S., Rabin, T., Reyzin, L., Tromer, E., Vaikuntanathan, V.: Protecting Circuits from Leakage: the Computationally-Bounded and Noisy Cases. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 135–156. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  9. [GK05]
    Goldwasser, S., Kalai, Y.T.: On the impossibility of obfuscation with auxiliary input. In: FOCS, pp. 553–562 (2005)Google Scholar
  10. [GR10]
    Goldwasser, S., Rothblum, G.N.: Securing Computation against Continuous Leakage. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 59–79. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  11. [GR12]
    Goldwasser, S., Rothblum, G.N.: How to compute in the presence of leakage. Electronic Colloquium on Computational Complexity (ECCC) (010) (2012)Google Scholar
  12. [HN10]
    Harnik, D., Naor, M.: On the compressibility of np instances and cryptographic applications. SIAM J. Comput. 39(5), 1667–1713 (2010)MathSciNetCrossRefzbMATHGoogle Scholar
  13. [ISW03]
    Ishai, Y., Sahai, A., Wagner, D.: Private Circuits: Securing Hardware against Probing Attacks. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 463–481. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  14. [JV10]
    Juma, A., Vahlis, Y.: Protecting Cryptographic Keys against Continual Leakage. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 41–58. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  15. [KJJ99]
    Kocher, P., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  16. [MR04]
    Micali, S., Reyzin, L.: Physically Observable Cryptography (Extended Abstract). In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 278–296. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  17. [Raz87]
    Razborov, A.: Lower bounds for the size of circuits of bounded depth with basis and, xor. Math. Notes of the Academy of Science of the USSR 41 (1987)Google Scholar
  18. [RCL]
    Boston University Reliable Computing Laboratory. Side channel attacks database,
  19. [RSVC+11]
    Renauld, M., Standaert, F.-X., Veyrat-Charvillon, N., Kamel, D., Flandre, D.: A Formal Study of Power Variability Issues and Side-Channel Attacks for Nanoscale Devices. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 109–128. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  20. [Smo87]
    Smolensky, R.: Algebraic methods in the theory of lower bounds for boolean circuit complexity. In: STOC, pp. 77–82 (1987)Google Scholar

Copyright information

© International Association for Cryptologic Research 2012 2012

Authors and Affiliations

  • Guy N. Rothblum
    • 1
  1. 1.Microsoft Research, Silicon Valley CampusMountain ViewUSA

Personalised recommendations