Compiling device and method

The invention claimed is: 1. A compiling device comprising: an input interface circuit, wherein the input interface circuit is arranged to receive a computer program representation, a processor circuit, wherein the processor circuit is arranged to obtain a data flow graph representation from the computer program representation, wherein the processor circuit is arranged to assign at least one protective transformation(s) to parts of the data flow graph, wherein the at least one protective transformation(s) is selected from a list of available protective transformations, wherein the processor circuit is arranged to determine a performance level and a security level for the data flow graph, wherein the processor circuit is arranged to determine a performance level and a security level for the assigned protective transformations, wherein if the performance level and the security level satisfy a security and/or a performance target then processor circuit terminates the assigning of protective transformations, wherein the processor circuit is arranged to obtain a compilation of the computer program representation from at least the data flow graph and the assigned protective transformations, wherein the compilation of the computer program representation satisfies the security and/or the performance target. 2. The compiling device as in claim 1 , wherein the protective transformations in the list of available protective transformations have an associated security level, wherein the compiling device is arranged to assign at least one initial protective transformation(s) to parts of the data flow graph that are selected such that the associated security levels achieve the security target, wherein if the determined performance level is below the performance target one or more of the assigned protective transformations are modified to protective transformations with a lower associated security level, and wherein the compiling device is arranged to assign initial protective transformations to parts of the data flow graph that are selected such that the associated security levels are below the security target, wherein if the determined performance level is above the performance target one or more of the assigned protective transformations are modified to protective transformations with a higher associated security level. 3. The compiling device as in claim 1 , wherein the available protective transformations comprise one or more variable-protections for edges and operation-protections for nodes of the data flow graph. 4. The compiling device as in claim 1 , wherein the processor circuit is arranged to obtain one or more security targets for one or more edges and/or nodes in the data flow graph, wherein the security target is obtained from the security targets obtained for the one or more edges and/or nodes in the data flow graph. 5. The compiling device as in claim 1 , wherein the at least one protective transformation(s) comprise one or more of encoding of variables and plain execution of operation on de-coded variables, encoding of variables and encoded execution of operation on said encoded variables, homomorphic encrypting applied to variables and/or operations, constant time execution operations. 6. The compiling device as in claim 1 , wherein parts of the dataflow graph are assigned to an encoding domain of multiple encoding domains, wherein parts of the dataflow graph assigned to the same encoding domain is assigned the same protective transformation. 7. The compiling device as in claim 1 , wherein the security target comprises a target for security type, including confidentiality and integrity, and/or attack type, including, e.g., white-box, side-channel-time, side-channel power, and/or attack effort. 8. The compiling device as in claim 1 , wherein the performance level is determined by counting the number of operations of multiple types in the data flow graph and obtaining the expected cost, wherein operations of multiple types are substituted by encoded operations according to the assigned protective transformation. 9. The compiling device as in claim 1 , wherein the security target indicates an input variable, and a secret variable, wherein the security level is estimated by obtaining multiple executions of the computer program for different values of the input variable and secret variable, recording the values of at least one variable of the computer program that depends on the input variable during execution of the computer program, and/or recording the operation time of the operations performed on the at least one variable, computing a correlation between the secret variable without at least of the assigned protective transformations and the recorded values or operation times. 10. The compiling device as in claim 1 , wherein the processor circuit is arranged to combine operations before applying at least one of the protective transformation. 11. The compiling device as in claim 1 , wherein operation nodes in the dataflow graph have an associated encoding memory requirement, wherein the processor circuit is arranged to introduce different encodings for the operation nodes from smallest associated encoding memory requirement to the largest, wherein the processor circuit allocates memory to the encoded operation nodes until a maximum amount of memory is allocated. 12. The compiling device as in claim 1 , wherein the protective transformations in the list of available protective transformations have an associated security level, wherein the compiling device is arranged to assign at least one initial protective transformation(s) to parts of the data flow graph that are selected such that the associated security levels achieve the security target, wherein if the determined performance level is below the performance target one or more of the assigned protective transformations are modified to protective transformations with a lower associated security level, or wherein the compiling device is arranged to assign initial protective transformations to parts of the data flow graph that are selected such that the associated security levels are below the security target, wherein if the determined performance level is above the performance target one or more of the assigned protective transformations are modified to protective transformations with a higher associated security level. 13. The compiling device as in claim 1 , wherein the available protective transformations comprise one or more variable-protections for edges or operation-protections for nodes of the data flow graph. 14. A compiling method comprising receiving a computer program representation, obtaining a data flow graph representation from the computer program representation, assigning at least one protective transformation(s) to parts of the data flow graph, wherein the at least one protective transformation(s) is selected from a list of protective transformations, determining a performance level, a security level for the data flow graph and the at least one of the assigned protective transformation(s), if the performance level and the security level satisfy a security and/or a performance target then terminating the assigning of the at least one protective transformations, obtaining a compilation of the computer program representation from at least the data flow graph and the at least one of the assigned protective transformation(s) which satisfy the security and/or the performance target. 15. A computer program stored on a non-transitory medium, wherein the computer program when executed on a processor perform