Cryptology ePrint Archive: Report 2010/276

Garbled Circuits for Leakage-Resilience: Hardware Implementation and Evaluation of One-Time Programs

Kimmo J�rvinen and Vladimir Kolesnikov and Ahmad-Reza Sadeghi and Thomas Schneider

Abstract: The power of side-channel leakage attacks on cryptographic implementations is evident. Today's practical defenses are typically attack-specific countermeasures against certain classes of side-channel attacks. The demand for a more general solution has given rise to the recent theoretical research that aims to build provably leakage-resilient cryptography. This direction is, however, very new and still largely lacks practitioners' evaluation with regard to both efficiency and practical security. A recent approach, One-Time Programs (OTPs), proposes using Yao's Garbled Circuit (GC) and very simple tamper-proof hardware to securely implement oblivious transfer, to guarantee leakage resilience.

Our main contributions are (i) a generic architecture for using GC/OTP modularly, and (ii) hardware implementation and efficiency analysis of GC/OTP evaluation. We implemented two FPGA-based prototypes: a system-on-a-programmable-chip with access to hardware crypto accelerator (suitable for smartcards and future smartphones), and a stand-alone hardware implementation (suitable for ASIC design). We chose AES as a representative complex function for implementation and measurements. As a result of this work, we are able to understand, evaluate and improve the practicality of employing GC/OTP as a leakage-resistance approach. Last, but not least, we believe that our work contributes to bringing together the results of both theoretical and practical communities.

Category / Keywords: Garbled Circuit, Hardware Implementation, Leakage-Resilience, One-Time Programs, Secure Function Evaluation

Publication Info: Full version of CHES 2010 paper.

Date: received 11 May 2010, last revised 17 Jun 2010

Contact author: thomas schneider at trust rub de

Available format(s): PDF | BibTeX Citation

Version: 20100617:125539 (All versions of this report)

Short URL: ia.cr/2010/276

[ Cryptology ePrint archive ]