Technique for secure computation

摘要

A technique for secure computation obfuscates program execution such that observers cannot detect what instructions are being run at any given time. Rather, program execution and memory access patterns are made to appear uniform. A processor operates based on encrypted inputs and produces encrypted outputs. In various examples, obfuscation is achieved by exercising computational circuits in a similar way for a wide range of instructions, such that all such instructions, regardless of their operational differences, affect the processor's power dissipation and processing time substantially uniformly. Obfuscation is further achieved by limiting memory accesses to predetermined time intervals, with memory interface circuits exercised regardless of whether a running program requires a memory access or not. The resulting processor thus reduces leakage of any meaningful information relating to the program or its inputs, which could otherwise be detectable to observers.

主权项

1. A method of performing secure computation, comprising:
executing a program on a processor, the program having particular processing requirements and particular memory access requirements; obfuscating computational activity on the program by exercising computational circuits of the processor in a uniform manner across different instructions in the program, even when the different instructions do not operationally require the computational circuits to be exercised uniformly; and obfuscating memory access patterns for activity in the program by exercising memory interface circuits on a regular basis, even when exercising the memory interface circuits is not required each time to advance the program, wherein processor presents to outside observers uniform power consumption and uniform memory access patterns regardless of the particular processing and memory access requirements of the program, and wherein the processor has an instruction set architecture (ISA) and a program counter pointing to an instruction of the ISA in the program, and wherein obfuscating computational activity in the program includes, for each one of multiple instructions in the ISA:
testing whether the one of multiple instructions matches the instruction of the ISA pointed to by the program counter;updating a program state of the program when the one of multiple instructions matches the instruction of the ISA pointed to by the program counter; andactivating the circuits of the processor to simulate updating the program state of the program when the one of multiple instructions does not match the instruction of the ISA pointed to by the program counter.