Journal of Cryptology

, Volume 32, Issue 3, pp 742–824 | Cite as

Leakage Resilience from Program Obfuscation

  • Dana Dachman-SoledEmail author
  • S. Dov Gordon
  • Feng-Hao Liu
  • Adam O’Neill
  • Hong-Sheng Zhou


The literature on leakage-resilient cryptography contains various leakage models that provide different levels of security. In the bounded leakage model (Akavia et al.—TCC 2009), it is assumed that there is a fixed upper bound L on the number of bits the attacker may leak on the secret key in the entire lifetime of the scheme. Alternatively, in the continual leakage model (Brakerski et al.—FOCS 2010, Dodis et al.—FOCS 2010), the lifetime of a cryptographic scheme is divided into “time periods” between which the scheme’s secret key is updated. Furthermore, in its attack the adversary is allowed to obtain some bounded amount of leakage on the current secret key during each time period. In the continual leakage model, a challenging problem has been to provide security against leakage on key updates, that is, leakage that is a function of not only the current secret key but also the randomness used to update it. We propose a modular approach to overcome this problem based on program obfuscation. Namely, we present a compiler that transforms any public key encryption or signature scheme that achieves a slight strengthening of continual leakage resilience, which we call consecutive continual leakage resilience, to one that is continual leakage resilient with leakage on key updates, assuming indistinguishability obfuscation (Barak et al.—CRYPTO 2001, Garg et al.—FOCS 2013). Under stronger forms of obfuscation, the leakage rate tolerated by our compiled scheme is essentially as good as that of the starting scheme. Our compiler is derived by making a connection between the problems of leakage on key updates and so-called sender-deniable encryption (Canetti et al.—CRYPTO 1997), which was recently constructed based on indistinguishability obfuscation by Sahai and Waters (STOC 2014). In the bounded leakage model, we give an approach to constructing leakage-resilient public key encryption from program obfuscation based on the public key encryption scheme of Sahai and Waters (STOC 2014). In particular, we achieve leakage-resilient public key encryption tolerating L bits of leakage for any L from \({\mathsf {iO}} \) and one-way functions. We build on this to achieve leakage-resilient public key encryption with optimal leakage rate of \(1-o(1)\) based on stronger forms of obfuscation and collision-resistant hash functions. Such a leakage rate is not known to be achievable in a generic way based on public key encryption alone. We then develop additional techniques to construct public key encryption that is (consecutive) continual leakage resilient under appropriate assumptions, which we believe is of independent interest.


Indistinguishability obfuscation Leakage resilience Public key encryption Digital signatures 



We thank the anonymous reviewers for their insightful comments, which greatly improved the presentation of this work.

Supplementary material


  1. 1.
    M. Abe, M. Chase, B. David, M. Kohlweiss, R. Nishimaki, and M. Ohkubo. Constant-size structure-preserving signatures: Generic constructions and simple assumptions. In X. Wang and K. Sako, editors, ASIACRYPT 2012, vol. 7658 of LNCS (Springer, Berlin, 2012), pp. 4–24.Google Scholar
  2. 2.
    A. Akavia, S. Goldwasser, and V. Vaikuntanathan. Simultaneous hardcore bits and cryptography against memory attacks. In O. Reingold, editor, TCC 2009, vol. 5444 of LNCS. (Springer, Berlin, 2009), , pp. 474–495.Google Scholar
  3. 3.
    P. Ananth, D. Boneh, S. Garg, A. Sahai, M. Zhandry. Differing-inputs obfuscation and applications. Cryptology ePrint Archive, Report 2013/689, 2013.
  4. 4.
    B. Barak, O. Goldreich, R. Impagliazzo, S. Rudich, A. Sahai, S. P. Vadhan, and K. Yang. On the (im)possibility of obfuscating programs. In J. Kilian, editor, CRYPTO 2001, vol. 2139 of LNCS. (Springer, Berlin, 2001), pp. 1–18.Google Scholar
  5. 5.
    B. Barak, O. Goldreich, R. Impagliazzo, S. Rudich, A. Sahai, S. P. Vadhan, and K. Yang. On the (im)possibility of obfuscating programs. J. ACM, 59(2):6, 2012.MathSciNetCrossRefzbMATHGoogle Scholar
  6. 6.
    A. Boldyreva, S. Fehr, and A. O’Neill. On notions of security for deterministic encryption, and efficient constructions without random oracles. In D. Wagner, editor, CRYPTO 2008, vol. 5157 of LNCS. (Springer, Berlin, 2008), pp. 335–359.Google Scholar
  7. 7.
    D. Boneh, X. Boyen, and H. Shacham. Short group signatures. In M. Franklin, editor, CRYPTO 2004, volume 3152 of LNCS (Springer, Berlin, 2004), pp. 41–55.Google Scholar
  8. 8.
    D. Boneh and B. Waters. Constrained pseudorandom functions and their applications. In K. Sako and P. Sarkar, editors, ASIACRYPT 2013, Part II, vol. 8270 of LNCS (Springer, Berlin, 2013), pp. 280–300.Google Scholar
  9. 9.
    E. Boyle, K.-M. Chung, R. Pass. On extractability obfuscation. In Y. Lindell, editor, TCC 2014, vol. 8349 of LNCS (Springer, Berlin, 2014), pp. 52–73.Google Scholar
  10. 10.
    E. Boyle, S. Goldwasser, and I. Ivan. Functional signatures and pseudorandom functions. In H. Krawczyk, editor, PKC 2014, vol. 8383 of LNCS (Springer, Berlin, 2014), pp. 501–519.Google Scholar
  11. 11.
    E. Boyle, G. Segev, and D. Wichs. Fully leakage-resilient signatures. In K. G. Paterson, editor, EUROCRYPT 2011, vol. 6632 of LNCS (Springer, Berlin, 2011), pp. 89–108.Google Scholar
  12. 12.
    Z. Brakerski, Y. T. Kalai, J. Katz, and V. Vaikuntanathan. Overcoming the hole in the bucket: Public-key cryptography resilient to continual memory leakage. In 51st FOCS, pp. 501–510. IEEE Computer Society Press, (2010).Google Scholar
  13. 13.
    R. Canetti, C. Dwork, M. Naor, and R. Ostrovsky. Deniable encryption. In B. S. Kaliski Jr., editor, CRYPTO’97, volume 1294 of LNCS. (Springer, Berlin, 1997), pp. 90–104.Google Scholar
  14. 14.
    R. Canetti, S. Goldwasser, and O. Poburinnaya. Adaptively secure two-party computation from indistinguishability obfuscation. In Y. Dodis and J. B. Nielsen, editors, TCC 2015, Part II, vol. 9015 of LNCS (Springer, Berlin, 2015), pp. 557–585.Google Scholar
  15. 15.
    R. Canetti, H. Krawczyk, and J. B. Nielsen. Relaxing chosen-ciphertext security. In D. Boneh, editor, CRYPTO 2003, vol. 2729 of LNCS (Springer, Berlin, 2003), pp. 565–582.Google Scholar
  16. 16.
    S. Chari, C. S. Jutla, J. R. Rao, and P. Rohatgi. Towards sound approaches to counteract power-analysis attacks. In M. J. Wiener, editor, CRYPTO’99, vol. 1666 of LNCS. (Springer, Berlin, 1999)Google Scholar
  17. 17.
    M. Chase, M. Kohlweiss, A. Lysyanskaya, and S. Meiklejohn. Malleable proof systems and applications. In D. Pointcheval and T. Johansson, editors, EUROCRYPT 2012, vol. 7237 of LNCS (Springer, Berlin, 2012), pp. 281–300Google Scholar
  18. 18.
    D. Dachman-Soled, J. Katz, and V. Rao. Adaptively secure, universally composable, multiparty computation in constant rounds. In Y. Dodis and J. B. Nielsen, editors, TCC 2015, Part II, vol. 9015 of LNCS (Springer, Berlin, 2015), pp. 586–613Google Scholar
  19. 19.
    D. Dachman-Soled, F.-H. Liu, and H.-S. Zhou. Leakage-resilient circuits revisited - optimal number of computing components without leak-free hardware. In E. Oswald and M. Fischlin, editors, EUROCRYPT 2015, Part II, vol. 9057 of LNCS, (Springer, Berlin, 2015), pp. 131–158.Google Scholar
  20. 20.
    A. De Santis, G. Di Crescenzo, R. Ostrovsky, G. Persiano, and A. Sahai. Robust non-interactive zero knowledge. In J. Kilian, editor, CRYPTO 2001, vol. 2139 of LNCS (Springer, Berlin, 2001), pp. 566–598Google Scholar
  21. 21.
    Y. Dodis, K. Haralambiev, A. López-Alt, and D. Wichs. Cryptography against continuous memory attacks. In 51st FOCS, IEEE Computer Society Press, 2010, pp. 511–520.Google Scholar
  22. 22.
    Y. Dodis, K. Haralambiev, A. López-Alt, and D. Wichs. Efficient public-key cryptography in the presence of key leakage. In M. Abe, editor, ASIACRYPT 2010, vol. 6477 of LNCS (Springer, Berlin, 2010), pp. 613–631.Google Scholar
  23. 23.
    Y. Dodis, Y. T. Kalai, and S. Lovett. On cryptography with auxiliary input. In M. Mitzenmacher, editor, 41st ACM STOC (ACM Press, 2009), pp. 621–630.Google Scholar
  24. 24.
    Y. Dodis, A. B. Lewko, B. Waters, and D. Wichs. Storing secrets on continually leaky devices. In R. Ostrovsky, editor, 52nd FOCS, pp. 688–697. IEEE Computer Society Press, 2011.Google Scholar
  25. 25.
    Y. Dodis, R. Ostrovsky, L. Reyzin, and A. Smith. Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. SIAM J. Comput., 38(1):97–139, 2008.MathSciNetCrossRefzbMATHGoogle Scholar
  26. 26.
    Y. Dodis and A. Smith. Correcting errors without leaking partial information. In H. N. Gabow and R. Fagin, editors, 37th ACM STOC (ACM Press, 2005), pp. 654–663.Google Scholar
  27. 27.
    S. Faust, T. Rabin, L. Reyzin, E. Tromer, and V. Vaikuntanathan. Protecting circuits from leakage: the computationally-bounded and noisy cases. In H. Gilbert, editor, EUROCRYPT 2010, vol. 6110 of LNCS (Springer, Berlin, 2010), pp. 135–156.Google Scholar
  28. 28.
    S. Garg, C. Gentry, and S. Halevi. Candidate multilinear maps from ideal lattices. In T. Johansson and P. Q. Nguyen, editors, EUROCRYPT 2013, vol. 7881 of LNCS (Springer, Berlin, 2013), pp. 1–17.Google Scholar
  29. 29.
    S. Garg, C. Gentry, S. Halevi, M. Raykova, A. Sahai, and B. Waters. Candidate indistinguishability obfuscation and functional encryption for all circuits. in 54th FOCS, pp. 40–49. IEEE Computer Society Press, 2013.Google Scholar
  30. 30.
    S. Garg, C. Gentry, S. Halevi, and D. Wichs. On the implausibility of differing-inputs obfuscation and extractable witness encryption with auxiliary input. In J. A. Garay and R. Gennaro, editors, CRYPTO 2014, Part I, volume 8616 of LNCS, (Springer, Berlin, 2014), pp. 518–535.Google Scholar
  31. 31.
    S. Garg and A. Polychroniadou. Two-round adaptively secure MPC from indistinguishability obfuscation. In Y. Dodis and J. B. Nielsen, editors, TCC 2015, Part II, vol. 9015 of LNCS (Springer, Berlin, 2015), pp. 614–637.Google Scholar
  32. 32.
    O. Goldreich, S. Goldwasser, and S. Micali. How to construct random functions. J. ACM, 33(4):792–807, Aug. 1986.MathSciNetCrossRefzbMATHGoogle Scholar
  33. 33.
    S. Goldwasser and G. N. Rothblum. On best-possible obfuscation. In S. P. Vadhan, editor, TCC 2007, volume 4392 of LNCS (Springer, Berlin 2007), pp. 194–213Google Scholar
  34. 34.
    J. A. Halderman, S. D. Schoen, N. Heninger, W. Clarkson, W. Paul, J. A. Calandrino, A. J. Feldman, J. Appelbaum, and E. W. Felten. Lest we remember: Cold boot attacks on encryption keys, in USENIX Security Symposium, pp. 45–60 (2008)Google Scholar
  35. 35.
    C. Hazay, A. López-Alt, H. Wee, and D. Wichs. Leakage-resilient cryptography from minimal assumptions. In T. Johansson and P. Q. Nguyen, editors, EUROCRYPT 2013, volume 7881 of LNCS, (Springer, Berlin, 2013), pp. 160–176.Google Scholar
  36. 36.
    R. Impagliazzo, L. A. Levin, and M. Luby. Pseudo-random generation from one-way functions (extended abstracts). In 21st ACM STOC (ACM Press, 1989), pp. 12–24.Google Scholar
  37. 37.
    Y. Ishai, O. Pandey, and A. Sahai. Public-coin differing-inputs obfuscation and its applications. In Y. Dodis and J. B. Nielsen, editors, TCC 2015, Part II, vol. 9015 of LNCS, (Springer, Berlin, 2015), pp. 668–697.Google Scholar
  38. 38.
    J. Katz and Y. Lindell. Introduction to Modern Cryptography, Second Edition. CRC Press, 2014.zbMATHGoogle Scholar
  39. 39.
    J. Katz and V. Vaikuntanathan. Signature schemes with bounded leakage resilience. In M. Matsui, editor, ASIACRYPT 2009, vol. 5912 of LNCS, (Springer, Berlin, 2009), pp. 703–720Google Scholar
  40. 40.
    M. J. Kearns and U. V. Vazirani. An introduction to computational learning theory. Massachusetts Institute of Technology (1994)Google Scholar
  41. 41.
    A. Kiayias, S. Papadopoulos, N. Triandopoulos, and T. Zacharias. Delegatable pseudorandom functions and applications. In A.-R. Sadeghi, V. D. Gligor, and M. Yung, editors, ACM CCS 13, (ACM Press, 2013), pp. 669–684.Google Scholar
  42. 42.
    C.-J. Lee, C.-J. Lu, S.-C. Tsai, and W.-G. Tzeng. Extracting randomness from multiple independent sources. IEEE Transactions on Information Theory, 51(6):2224–2227, 2005.MathSciNetCrossRefzbMATHGoogle Scholar
  43. 43.
    A. B. Lewko, M. Lewko, and B. Waters. How to leak on key updates. In L. Fortnow and S. P. Vadhan, editors, 43rd ACM STOC (ACM Press, 2011), pp. 725–734Google Scholar
  44. 44.
    T. Malkin, I. Teranishi, Y. Vahlis, and M. Yung. Signatures resilient to continual leakage on memory and computation. In Y. Ishai, editor, TCC 2011, vol. 6597 of LNCS, (Springer, Berlin, 2011), pp. 89–106Google Scholar
  45. 45.
    S. Micali and L. Reyzin. Physically observable cryptography (extended abstract). In M. Naor, editor, TCC 2004, vol. 2951 of LNCS (Springer, Berlin, 2004), pp. 278–296Google Scholar
  46. 46.
    M. Naor and G. Segev. Public-key cryptosystems resilient to key leakage. In S. Halevi, editor, CRYPTO 2009, vol. 5677 of LNCS, (Springer, Berlin, 2009), pp. 18–35Google Scholar
  47. 47.
    A. Sahai and B. Waters. How to use indistinguishability obfuscation: deniable encryption, and more. In D. B. Shmoys, editor, 46th ACM STOC (ACM Press, 2014), pp. 475–484Google Scholar
  48. 48.
    B. Waters. Dual system encryption: Realizing fully secure IBE and HIBE under simple assumptions. In S. Halevi, editor, CRYPTO 2009, volume 5677 of LNCS, (Springer, Berlin, 2009), pp. 619–636Google Scholar
  49. 49.
    B. Waters. CS 395T Special Topic: Obfuscation in Cryptography. 2014.
  50. 50.
    B. Waters. How to use in distinguishability obfuscation, in Visions of Cryptography, 2014. Talk slides available at
  51. 51.
    D. Wichs. Cryptographic resilience to continual information leakage. Ph.D. Thesis, 2011.

Copyright information

© International Association for Cryptologic Research 2018

Authors and Affiliations

  • Dana Dachman-Soled
    • 1
    Email author
  • S. Dov Gordon
    • 2
  • Feng-Hao Liu
    • 3
  • Adam O’Neill
    • 4
  • Hong-Sheng Zhou
    • 5
  1. 1.University of MarylandCollege ParkUSA
  2. 2.George Mason UniversityFairfaxUSA
  3. 3.Florida Atlantic UniversityBoca RatonUSA
  4. 4.Georgetown UniversityWashingtonUSA
  5. 5.Virginia Commonwealth UniversityRichmondUSA

Personalised recommendations