**Fully Leakage-Resilient Codes**

*Antonio Faonio and Jesper Buus Nielsen*

**Abstract: **Leakage resilient codes (LRCs) are probabilistic encoding schemes that guarantee message hiding even under some bounded leakage on the codeword.
We introduce the notion of \emph{fully} leakage resilient codes (FLRCs), where the adversary can leak some $\lambda_0$ bits from the encoding process, i.e., the message and
the randomness involved during the encoding process. In addition the adversary can as usual leak from the codeword.
We give a simulation-based definition requiring that the adversary's leakage from the encoding process and the codework can be simulated given just $\lambda_0$ bits of leakage from the message. For $\lambda_0 = 0$ our new simulation-based notion is equivalent to the usual game-based definition. A FLRC would be interesting in its own right and would be useful in building other leakage-resilient primitives in a composable manner.
We give a fairly general impossibility result for FLRCs in the popular split-state model, where the codeword is broken into independent parts and where the leakage occurs independently on the parts. We show that if the leakage is allowed to be any poly-time function of the secret and if collision-resistant hash functions exist,
then there is no FLRC for the split-state model. The result holds only when the message length can be linear in the security parameter. However,
we can extend the impossibility result to FLRCs for constant-length messages under assumptions related to differing-input obfuscation. These results show that it is highly unlikely that we can build FLRCs for the split-state model when the leakage can be any poly-time function of the secret state.
We then give two feasibility results for weaker models.
First, we show that for $\NC^0$-bounded leakage from the randomness and arbitrary poly-time leakage from the parts of the codeword the inner-product construction proposed by Daví \etal (SCN'10) and successively improved by Dziembowski and Faust (ASIACRYPT'11) is a FLRC for the split-state model. Second, we provide a compiler from any LRC to a FLRC in the common reference string model for any fixed leakage family of small cardinality. In particular, this compiler applies to the split-state model but also to many other models.

**Category / Keywords: **leakage-resilience

**Date: **received 27 Nov 2015, last revised 29 Mar 2016

**Contact author: **afaonio at gmail com

**Available format(s): **PDF | BibTeX Citation

**Version: **20160329:144554 (All versions of this report)

**Short URL: **ia.cr/2015/1151

**Discussion forum: **Show discussion | Start new discussion

[ Cryptology ePrint archive ]