Our approach is based on modeling the adversary as a powerful observer that inspects the device via a limited measurement apparatus. We allow the apparatus to access all the bits of the computation (except those inside the leak-proof component), and the amount of leaked information to grow unbounded over time. However, we assume that the apparatus is limited in the amount of output bits per iteration and the ability to decode certain linear encodings. While our results apply in general to such leakage classes, in particular, we obtain security against:
- Constant-depth circuits leakage, where the leakage function is computed by an AC^0 circuit (composed of NOT gates and unbounded fan-in AND and OR gates).
- Noisy leakage, where the leakage function reveals all the bits of the internal state of the circuit, perturbed by independent binomial noise. Namely, for some number p \in (0,1/2], each bit of the computation is flipped with probability p, and remains unchanged with probability 1-p.Category / Keywords: foundations / side channel, leakage resilience, models Original Publication (in the same form): SIAM Journal on Computing Date: received 31 Jul 2009, last revised 30 Jun 2014 Contact author: reyzin at cs bu edu Available format(s): PDF | BibTeX Citation Note: The previous version was from before the computationally bounded and noisy cases were merged. This version has substantial revisions since Eurocrypt 2010. Version: 20140701:022510 (All versions of this report) Short URL: ia.cr/2009/379 Discussion forum: Show discussion | Start new discussion