Iterated group products and leakage resilience against NC1

Abstract

We show that if NC1 ≠ L, then for every element α of the alternating group At, circuits of depth O( t) cannot distinguish between a uniform vector over (At)t with product = α and one with product = identity. Combined with a recent construction by the author and Viola in the setting of leakage-resilient cryptography [STOC '13], this gives a compiler that produces circuits withstanding leakage from NC1 (assuming NC1 ≠ L). For context, leakage from NC1 breaks nearly all previous constructions, and security against leakage from P is impossible. %In the multi-query setting, circuits produced by this compiler use a simple secure hardware component. We build on work by Cook and McKenzie [J.\ Algorithms '87] establishing the relationship between L = logarithmic space and the symmetric group St. Our techniques include a novel algorithmic use of commutators to manipulate the cycle structure of permutations in At.