Journal of Cryptology

, Volume 29, Issue 2, pp 422–455 | Cite as

Signature Schemes Secure Against Hard-to-Invert Leakage

  • Sebastian Faust
  • Carmit HazayEmail author
  • Jesper Buus Nielsen
  • Peter Sebastian Nordholt
  • Angela Zottarel


Side-channel attacks allow the adversary to gain partial knowledge of the secret key when cryptographic protocols are implemented in real-world hardware. The goal of leakage resilient cryptography is to design cryptosystems that withstand such attacks. In the auxiliary input model, an adversary is allowed to see a computationally hard-to-invert function of the secret key. The auxiliary input model weakens the bounded leakage assumption commonly made in leakage resilient cryptography as the hard-to-invert function may information-theoretically reveal the entire secret key. In this work, we propose the first constructions of digital signature schemes that are secure in the auxiliary input model. Our main contribution is a digital signature scheme that is secure against chosen message attacks when given any exponentially hard-to-invert function of the secret key. As a second contribution, we construct a signature scheme that achieves security for random messages assuming that the adversary is given a polynomial-time hard-to-invert function (where both the challenge as well as the signatures seen prior to that are computed on random messages). Here, polynomial hardness is required even when given the entire public key. We further show that such signature schemes readily give us auxiliary input secure identification schemes.



The authors thank Yevgeniy Dodis for discussions at an early stage of this project.


  1. 1.
    J. Alwen, Y. Dodis, D. Wichs, Leakage-resilient public-key cryptography in the bounded-retrieval model. in CRYPTO (2009), pp. 36–54Google Scholar
  2. 2.
    A. Akavia, S. Goldwasser, V. Vaikuntanathan, Simultaneous hardcore bits and cryptography against memory attacks. in TCC (2009), pp. 474–495Google Scholar
  3. 3.
    D. Boneh, R.A. DeMillo, R.J. Lipton, On the importance of checking cryptographic protocols for faults (extended abstract). in EUROCRYPT (1997), pp. 37–51Google Scholar
  4. 4.
    Z. Brakerski, S. Goldwasser, Circular and leakage resilient public-key encryption under subgroup indistinguishability—(or: Quadratic residuosity strikes back). in CRYPTO (2010), pp. 1–20Google Scholar
  5. 5.
    D. Boneh, S. Halevi, M. Hamburg, R. Ostrovsky, Circular-secure encryption from decision diffie-hellman. in CRYPTO (2008), pp. 108–125Google Scholar
  6. 6.
    E. Biham, A. Shamir, Differential fault analysis of secret key cryptosystems. in CRYPTO (1997), pp. 513–525Google Scholar
  7. 7.
    Z. Brakerski, G. Segev, Better security for deterministic public-key encryption: The auxiliary-input setting. in CRYPTO (2011), pp. 543–560Google Scholar
  8. 8.
    E. Boyle, G. Segev, D. Wichs, Fully leakage-resilient signatures. in EUROCRYPT (2011), pp. 89–108Google Scholar
  9. 9.
    J. Camenisch, N. Chandran, V. Shoup, A public key encryption scheme secure against key dependent chosen plaintext and adaptive chosen ciphertext attacks. in EUROCRYPT (2009), pp. 351–368Google Scholar
  10. 10.
    S. Dziembowski, S. Faust, Leakage-resilient circuits without computational assumptions. in TCC ed. by R. Cramer, volume 7194 of Lecture Notes in Computer Science (Springer, Berlinm 2012) pp. 230–247Google Scholar
  11. 11.
    Y. Dodis, S. Goldwasser, Y.T. Kalai, C. Peikert, V. Vaikuntanathan, Public-key encryption schemes with auxiliary inputs. in TCC (2010), pp. 361–381Google Scholar
  12. 12.
    Y. Dodis, K. Haralambiev, A. López-Alt, D. Wichs, Cryptography against continuous memory attacks. in FOCS (2010), pp. 511–520Google Scholar
  13. 13.
    Y. Dodis, K. Haralambiev, A. López-Alt, D. Wichs, Efficient public-key cryptography in the presence of key leakage. in ASIACRYPT (2010), pp. 613–631Google Scholar
  14. 14.
    Y. Dodis, Y.T. Kalai, S. Lovett, On cryptography with auxiliary input. in STOC (2009), pp. 621–630Google Scholar
  15. 15.
    S. Dziembowski, K. Pietrzak, Leakage-resilient cryptography. in FOCS (2008), pp. 293–302Google Scholar
  16. 16.
    S. Faust, E. Kiltz, K. Pietrzak, G.N. Rothblum, Leakage-resilient signatures. in TCC (2010), pp. 343–360Google Scholar
  17. 17.
    K. Gandolfi, C. Mourtel, F. Olivier, Electromagnetic analysis: concrete results. in CHES, number Generators (2001), pp. 251–261Google Scholar
  18. 18.
    S. Goldwasser, S. Micali, R.L. Rivest, A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Comput.17(2), 281–308 (1988)CrossRefMathSciNetzbMATHGoogle Scholar
  19. 19.
    C. Gentry, C. Peikert, V. Vaikuntanathan, Trapdoors for hard lattices and new cryptographic constructions. in STOC (2008), pp. 197–206Google Scholar
  20. 20.
    J. Groth, A. Sahai, Efficient non-interactive proof systems for bilinear groups. in EUROCRYPT (2008), pp. 415–432Google Scholar
  21. 21.
    C. Hazay, A. López-Alt, H. Wee, D. Wichs, Leakage-resilient cryptography from minimal assumptions. in EUROCRYPT (2013), pp. 160–176Google Scholar
  22. 22.
    J.A. Halderman, S.D. Schoen, N. Heninger, W. Clarkson, W. Paul, J.A. Calandrino, A.J. Feldman, J. Appelbaum, E.W. Felten, Lest we remember: cold-boot attacks on encryption keys. Commun. ACM, 52(5), 91–98 (2009)CrossRefGoogle Scholar
  23. 23.
    P.C. Kocher, J. Jaffe, B. Jun, Differential power analysis. in CRYPTO (1999), pp. 388–397Google Scholar
  24. 24.
    P.C. Kocher, Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. in CRYPTO (1996), pp. 104–113Google Scholar
  25. 25.
    H. Krawczyk, T. Rabin, Chameleon signatures. in NDSS (2000)Google Scholar
  26. 26.
    J. Katz, V. Vaikuntanathan, Signature schemes with bounded leakage resilience. in ASIACRYPT (2009), pp. 703–720Google Scholar
  27. 27.
    A.B. Lewko, Y. Rouselakis, B. Waters, Achieving leakage resilience through dual system encryption. in TCC (2011), pp. 70–88Google Scholar
  28. 28.
    S. Micali, L. Reyzin, Physically observable cryptography (extended abstract). in TCC (2004), pp. 278–296Google Scholar
  29. 29.
    T. Malkin, I. Teranishi, Y. Vahlis, M. Yung, Signatures resilient to continual leakage on memory and computation. in TCC (2011), pp. 89–106Google Scholar
  30. 30.
    M. Naor, G. Segev, Public-key cryptosystems resilient to key leakage. in CRYPTO (2009), pp. 18–35Google Scholar
  31. 31.
    K. Pietrzak, A leakage-resilient mode of operation. in EUROCRYPT (2009), pp. 462–482Google Scholar
  32. 32.
    J.-J. Quisquater, D. Samyde, Electromagnetic analysis (ema): measures and counter-measures for smart cards. in E-smart (2001), pp. 200–210Google Scholar
  33. 33.
    O. Regev, On lattices, learning with errors, random linear codes, and cryptography. in STOC, eds. by H.N. Gabow, R. Fagin, (ACM, 2005), pp. 84–93Google Scholar
  34. 34.
    C. Rackoff, D.R. Simon, Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. in CRYPTO (1991), pp. 433–444Google Scholar
  35. 35.
    H. Shacham, A cramer-shoup encryption scheme from the linear assumption and from progressively weaker linear variants. Cryptology ePrint Archive, Report 2007/074, 2007Google Scholar
  36. 36.
    F.-X. Standaert, T. Malkin, M. Yung, A unified framework for the analysis of side-channel key recovery attacks. in EUROCRYPT (2009), pp. 443–461Google Scholar
  37. 37.
    F.-X. Standaert, Leakage resilient cryptography: a practical overview. invited talk at ECRYPT workshop on symmetric encryption (SKEW 2011)Google Scholar
  38. 38.
    T.H. Yuen, S.S.M. Chow, Y. Zhang, S.-M. Yiu, Identity-based encryption resilient to continual auxiliary leakage. in EUROCRYPT (2012), pp. 117–134Google Scholar

Copyright information

© International Association for Cryptologic Research 2015

Authors and Affiliations

  • Sebastian Faust
    • 1
  • Carmit Hazay
    • 2
    Email author
  • Jesper Buus Nielsen
    • 3
  • Peter Sebastian Nordholt
    • 4
  • Angela Zottarel
    • 3
  1. 1.EPFLLausanneSwitzerland
  2. 2.Faculty of EngineeringBar-Ilan UniversityRamat-GanIsrael
  3. 3.Department of Computer ScienceAarhus UniversityAarhusDenmark
  4. 4.Alexandra InstituteAarhusDenmark

Personalised recommendations