Formally, we show that a $q$-query tampering attack against the transformed circuit can be ``simulated'' with only black-box access to the original circuit and $\log(q)$ bits of additional auxiliary information. Thus, if the implemented cryptographic scheme is secure against $\log(q)$ bits of leakage, then our implementation is tamper-proof in the above sense. Surprisingly, allowing for this small amount of information leakage -- and not insisting on perfect simulability like in the work of Ishai et al. -- allows for much more efficient compilers, which moreover do not require randomness during evaluation. Similar to earlier work our compiler requires small, stateless and computation-independent tamper-proof gadgets. Thus, our result can be interpreted as reducing the problem of shielding arbitrary complex computation to protecting simple components.
Category / Keywords: foundations / tamper resilience, compiler Publication Info: An extended abstract of this paper appears at ICALP 2011 Date: received 14 Jun 2011 Contact author: sfaust at cs au dk Available format(s): PDF | BibTeX Citation Version: 20110617:064659 (All versions of this report) Short URL: ia.cr/2011/314 Discussion forum: Show discussion | Start new discussion