How to Compute in the Presence of Leakage

Author(s)

Rothblum, Guy N.; Goldwasser, Shafrira

Abstract

We address the following problem: how to execute any algorithm P, for an unbounded number of executions, in the presence of an adversary who observes partial information on the internal state of the computation during executions. The security guarantee is that the adversary learns nothing, beyond P's input-output behavior. Our main result is a compiler, which takes as input an algorithm P and a security parameter κ and produces a functionally equivalent algorithm P′. The running time of P′ is a factor of poly(κ) slower than P. P′ will be composed of a series of calls to poly(κ)-time computable subalgorithms. During the executions of P′, an adversary algorithm A, which can choose the inputs of P′, can learn the results of adaptively chosen leakage functions-each of bounded output size ∼θ(κ)-on the subalgorithms of P′ and the randomness they use. We prove that any computationally unbounded A observing the results of computationally unbounded leakage functions will learn no more from its observations than it could given black-box access only to the input-output behavior of P. Unlike all prior work on this question, this result does not rely on any secure hardware components and is unconditional. Namely, it holds even if P = NP.

Date issued

2015-10

URI

http://hdl.handle.net/1721.1/115437

Department

Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science

Journal

SIAM Journal on Computing

Publisher

Society for Industrial & Applied Mathematics (SIAM)

Citation

Goldwasser, Shafi and Guy N. Rothblum. “How to Compute in the Presence of Leakage.” SIAM Journal on Computing 44, 5 (January 2015): 1480–1549 © 2015 Society for Industrial and Applied Mathematics

Version: Final published version

ISSN

0097-5397

1095-7111