Paper 2024/332
LeakageTolerant Circuits
Abstract
A leakageresilient circuit for $f:\{0,1\}^n\to\{0,1\}^m$ is a randomized Boolean circuit $C$ mapping a randomized encoding of an input $x$ to an encoding of $y=f(x)$, such that applying any leakage function $L\in \cal L$ to the wires of $C$ reveals essentially nothing about $x$. A leakagetolerant circuit achieves the stronger guarantee that even when $x$ and $y$ are not protected by any encoding, the output of $L$ can be simulated by applying some $L'\in \cal L$ to $x$ and $y$ alone. Thus, $C$ is as secure as an ideal hardware implementation of $f$ with respect to leakage from $\cal L$. Leakageresilient circuits were constructed for lowcomplexity classes $\cal L$, including (length$t$ output) $\mathcal{AC}0$ functions, parities, and functions with bounded communication complexity. In contrast, leakagetolerant circuits were only known for the simple case of probing leakage, where $L$ outputs the values of $t$ wires in $C$. We initiate a systematic study of leakagetolerant circuits for natural classes $\cal L$ of global leakage functions, obtaining the following main results. $\textbf{Leakagetolerant circuits for depth1 leakage.}$ Every circuit $C_f$ for $f$ can be efficiently compiled into an $\cal L$tolerant circuit $C$ for $f$, where $\cal L$ includes all leakage functions $L$ that output either $t$ parities or $t$ disjunctions (alternatively, conjunctions) of any number of wires or their negations. In the case of parities, our simulator runs in $2^{O(t)}$ time. We provide partial evidence that this may be inherent. $\textbf{Application to stateful leakageresilient circuits.}$ We present a general transformation from (stateless) leakagetolerant circuits to stateful leakageresilient circuits. Using this transformation, we obtain the first constructions of stateful $t$leakageresilient circuits that tolerate a continuous parity/disjunction/conjunction leakage in which the circuit size grows subquadratically with $t$. Interestingly, here we can obtain $\mathtt{poly}(t)$time simulation even in the case of parities.
Metadata
 Available format(s)
 Category
 Foundations
 Publication info
 A major revision of an IACR publication in EUROCRYPT 2024
 Keywords
 Leakage ToleranceLeakage Resilience
 Contact author(s)

yuvali @ cs technion ac il
yfsong @ mail tsinghua edu cn  History
 20240516: revised
 20240226: received
 See all versions
 Short URL
 https://ia.cr/2024/332
 License

CC BY
BibTeX
@misc{cryptoeprint:2024/332, author = {Yuval Ishai and Yifan Song}, title = {LeakageTolerant Circuits}, howpublished = {Cryptology {ePrint} Archive, Paper 2024/332}, year = {2024}, url = {https://eprint.iacr.org/2024/332} }