Hardware Implementation of One-Time Programs and Evaluation as Practical Leakage-Resilient Primitives

The power of side-channel leakage attacks on cryptographic implementations is evident. Today's practical defenses are typically attack-specific countermeasures, such as changes to the underlying hardware or to compilers that generate code resilient to certain classes of side-channel attacks. The demand for a more general solution has given rise to the recent theoretical research that aims to build provably leakage-resilient cryptography. This direction is, however, very new and still largely lacks efficient (i.e., ``engineer-approved'') solutions for practice. A recent approach, One-Time Programs (OTPs), proposes using Yao's Garbled Circuit (GC) to guarantee leakage resilience. OTP uses very simple hardware (assumed tamper-proof) to securely implement oblivious transfer, a critical part of GC. Our main contributions are (i) a generic architecture for using GC/OTP modularly, and (ii) hardware implementation of GC/OTP evaluation and its efficiency analysis. We implemented two FPGA-based prototypes: a system-on-a-programmable-chip with access to hardware accelerator (suitable for smartcards and future smartphones), and a stand-alone hardware implementation (suitable for ASIC design). We chose AES as a representative complex function for implementation and measurements. As a result of this work, we are able to understand, evaluate and improve the practicality of employing OTP as a leakage-resistance approach. Last, but not least, we believe that our work contributes to bringing together the results of both theoretical and practical communities.