Private Circuits: A Modular Approach

  • Prabhanjan AnanthEmail author
  • Yuval Ishai
  • Amit Sahai
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10993)


We consider the problem of protecting general computations against constant-rate random leakage. That is, the computation is performed by a randomized boolean circuit that maps a randomly encoded input to a randomly encoded output, such that even if the value of every wire is independently leaked with some constant probability \(p > 0\), the leakage reveals essentially nothing about the input.

In this work we provide a conceptually simple, modular approach for solving the above problem, providing a simpler and self-contained alternative to previous constructions of Ajtai (STOC 2011) and Andrychowicz et al. (Eurocrypt 2016). We also obtain several extensions and generalizations of this result. In particular, we show that for every leakage probability \(p<1\), there is a finite basis \(\mathbb {B}\) such that leakage-resilient computation with leakage probability p can be realized using circuits over the basis \(\mathbb {B}\). We obtain similar positive results for the stronger notion of leakage tolerance, where the input is not encoded, but the leakage from the entire computation can be simulated given random \(p'\)-leakage of input values alone, for any \(p<p'<1\). Finally, we complement this by a negative result, showing that for every basis \(\mathbb {B}\) there is some leakage probability \(p<1\) such that for any \(p'<1\), leakage tolerance as above cannot be achieved in general.

We show that our modular approach is also useful for protecting computations against worst case leakage. In this model, we require that leakage of any \(\mathbf{t}\) (adversarially chosen) wires reveal nothing about the input. By combining our construction with a previous derandomization technique of Ishai et al. (ICALP 2013), we show that security in this setting can be achieved with \(O(\mathbf{t}^{1+\varepsilon })\) random bits, for every constant \(\varepsilon > 0\). This (near-optimal) bound significantly improves upon previous constructions that required more than \(\mathbf{t}^{3}\) random bits.



We thank Jean-Sébastien Coron, Stefan Dziembowski, and Sebastian Faust for helpful discussions. The second author was supported in part by ERC grant 742754, ISF grant 1709/14, NSF-BSF grant 2015782, and a grant from the Ministry of Science and Technology, Israel and Department of Science and Technology, Government of India. The third author’s research is supported in part from a DARPA/ARL SAFEWARE award, NSF Frontier Award 1413955, and NSF grant 1619348, BSF grant 2012378, a Xerox Faculty Research Award, a Google Faculty Research Award, an equipment grant from Intel, and an Okawa Foundation Research Grant. This material is based upon work supported by the Defense Advanced Research Projects Agency through the ARL under Contract W911NF-15-C-0205. The views expressed are those of the authors and do not reflect the official policy or position of the Department of Defense, the National Science Foundation, or the U.S. Government.


  1. [ADF16]
    Andrychowicz, M., Dziembowski, S., Faust, S.: Circuit compilers with \(O(1/\log (n))\) leakage rate. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9666, pp. 586–615. Springer, Heidelberg (2016). Scholar
  2. [Ajt11]
    Ajtai, M.: Secure computation with information leaking to an adversary. In: Proceedings of the Forty-Third Annual ACM Symposium on Theory of Computing, pp. 715–724. ACM (2011)Google Scholar
  3. [BBD+16]
    Barthe, G., Belaïd, S., Dupressoir, F., Fouque, P.-A., Grégoire, B., Strub, P.-Y., Zucchini, R.: Strong non-interference and type-directed higher-order masking. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 116–129. ACM (2016)Google Scholar
  4. [BBP+16]
    Belaïd, S., Benhamouda, F., Passelègue, A., Prouff, E., Thillard, A., Vergnaud, D.: Randomness complexity of private circuits for multiplication. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9666, pp. 616–648. Springer, Heidelberg (2016). Scholar
  5. [BBP+17]
    Belaïd, S., Benhamouda, F., Passelègue, A., Prouff, E., Thillard, A., Vergnaud, D.: Private multiplication over finite fields. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10403, pp. 397–426. Springer, Cham (2017). Scholar
  6. [Bea91]
    Beaver, D.: Efficient multiparty protocols using circuit randomization. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 420–432. Springer, Heidelberg (1992). Scholar
  7. [BOGW88]
    Ben-Or, M., Goldwasser, S., Wigderson, A.: Completeness theorems for non-cryptographic fault-tolerant distributed computation. In: Proceedings of the Twentieth Annual ACM Symposium on Theory of Computing, pp. 1–10. ACM (1988)Google Scholar
  8. [CCD88]
    Chaum, D., Crépeau, C., Damgård, I.: Multiparty unconditionally secure protocols. In: Proceedings of the Twentieth Annual ACM Symposium on Theory of Computing, pp. 11–19. ACM (1988)Google Scholar
  9. [CDI+13]
    Cohen, G., et al.: Efficient multiparty protocols via log-depth threshold formulae. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8043, pp. 185–202. Springer, Heidelberg (2013). Scholar
  10. [CK91]
    Chor, B., Kushilevitz, E.: A zero-one law for boolean privacy. SIAM J. Discret. Math. 4(1), 36–47 (1991)MathSciNetCrossRefGoogle Scholar
  11. [DDF14]
    Duc, A., Dziembowski, S., Faust, S.: Unifying leakage models: from probing attacks to noisy leakage. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 423–440. Springer, Heidelberg (2014). Scholar
  12. [GIK+15]
    Garg, S., Ishai, Y., Kushilevitz, E., Ostrovsky, R., Sahai, A.: Cryptography with one-way communication. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015, Part II. LNCS, vol. 9216, pp. 191–208. Springer, Heidelberg (2015). Scholar
  13. [GIM+16]
    Goyal, V., Ishai, Y., Maji, H.K, Sahai, A., Sherstov, A.A.: Bounded-communication leakage resilience via parity-resilient circuits. In: 2016 IEEE 57th Annual Symposium on Foundations of Computer Science (FOCS), pp. 1–10. IEEE (2016)Google Scholar
  14. [HM00]
    Hirt, M., Maurer, U.: Player simulation and general adversary structures in perfect multiparty computation. J. Cryptol. 13(1), 31–60 (2000)MathSciNetCrossRefGoogle Scholar
  15. [IKL+13]
    Ishai, Y., et al.: Robust pseudorandom generators. In: Fomin, F.V., Freivalds, R., Kwiatkowska, M., Peleg, D. (eds.) ICALP 2013. LNCS, vol. 7965, pp. 576–588. Springer, Heidelberg (2013). Scholar
  16. [ISW03]
    Ishai, Y., Sahai, A., Wagner, D.: Private circuits: securing hardware against probing attacks. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 463–481. Springer, Heidelberg (2003). Scholar
  17. [Pip85]
    Pippenger, N.: On networks of noisy gates. In: FOCS, pp. 30–38 (1985)Google Scholar
  18. [vN56]
    von Neumann, J.: Probabilistic logics and synthesis of reliable organisms from unreliable components. Autom. Stud. 34, 43–98 (1956)MathSciNetGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2018

Authors and Affiliations

  1. 1.CSAIL, MITCambridgeUSA
  2. 2.TechnionHaifaIsrael
  3. 3.UCLALos AngelesUSA

Personalised recommendations