Private Multiplication over Finite Fields.

The notion of privacy in the probing model, introduced by Ishai, Sahai, and Wagner in 2003, is nowadays frequently involved to assess the security of circuits manipulating sensitive information. However, provable security in this model still comes at the cost of a significant overhead both in terms of arithmetic complexity and randomness complexity. In this paper, we deal with this issue for circuits processing multiplication over finite fields. Our contributions are manifold. Extending the work of Belaid, Benhamouda, Passelegue, Prouff, Thillard, and Vergnaud at Eurocrypt 2016, we introduce an algebraic characterization of the privacy for multiplication in any finite field and we propose a novel algebraic characterization for non-interference (a stronger security notion in this setting). Then, we present two generic constructions of multiplication circuits in finite fields that achieve non-interference in the probing model. Denoting by d the number of probes used by the adversary, the first proposal reduces the number of bilinear multiplications (i.e., of general multiplications of two non-constant values in the finite field) to only 2d + 1 whereas the state-of-the-art was O(d(2)). The second proposal reduces the randomness complexity to d random elements in the underlying finite field, hence improving the O(d log d) randomness complexity achieved by Belaid et al. in their paper. This construction is almost optimal since we also prove that d/2 is a lower bound. Eventually, we show that both algebraic constructions can always be instantiated in large enough finite fields. Furthermore, for the important cases d is an element of {2, 3}, we illustrate that they perform well in practice by presenting explicit realizations for finite fields of practical interest.