Efficient Fully-Leakage Resilient One-More Signature Schemes
- 513 Downloads
In a recent paper Faonio, Nielsen and Venturi (ICALP 2015) gave new constructions of leakage-resilient signature schemes. The signature schemes proposed remain unforgeable against an adversary leaking arbitrary information on the entire state of the signer, including the random coins of the signing algorithm. The main feature of their signature schemes is that they offer a graceful degradation of security in situations where standard existential unforgeability is impossible. The notion, put forward by Nielsen, Venturi, and Zottarel (PKC 2014), defines a slack parameter \(\gamma \) which, roughly speaking, describes how gracefully the security degrades. Unfortunately, the standard-model signature scheme of Faonio, Nielsen and Venturi has a slack parameter that depends on the number of signatures queried by the adversary.
In this paper we show two new constructions in the standard model where the above limitation is avoided. Specifically, the first scheme achieves slack parameter \(O(1/\lambda )\) where \(\lambda \) is the security parameter and it is based on standard number theoretic assumptions, the second scheme achieves optimal slack parameter (i.e. \(\gamma =1\)) and it is based on knowledge of the exponent assumptions. Our constructions are efficient and have leakage rate \(1-o(1)\), most notably our second construction has signature size of only 8 group elements which makes it the leakage-resilient signature scheme with the shortest signature size known to the best of our knowledge.
KeywordsSignature scheme Leakage resilience Efficient scheme Knowledge assumptions
Research leading to these results has been supported by the Spanish Ministry of Economy under the projects Dedetis (ref. TIN2015-70713-R) and Datamantium (ref. RTC-2016-4930-7), and by the Madrid Regional Government under project N-Greens (ref. S2013/ICE-2731).
I would like to thank Dario Fiore for a conversation we had on his paper . Also, I would like to thank Dennis Hofheinz which suggested to me the paper of Fujisaki on ABM Encryption.
- 6.Bitansky, N., Canetti, R., Paneth, O., Rosen, A.: On the existence of extractable one-way functions. In: 46th ACM STOC, pp. 505–514 (2014)Google Scholar
- 8.Brakerski, Z., Kalai, Y.T., Katz, J., Vaikuntanathan, V.: Overcoming the hole in the bucket: public-key cryptography resilient to continual memory leakage. In: 51st FOCS, pp. 501–510 (2010)Google Scholar
- 10.Dodis, Y., Haralambiev, K., López-Alt, A., Wichs, D.: Cryptography against continuous memory attacks. In: 51st FOCS, pp. 511–520 (2010)Google Scholar
- 12.Faonio, A.: Efficient fully-leakage resilient one-more signature schemes. Cryptology ePrint Archive, Report 2018/1140 (2018). https://eprint.iacr.org/2018/1140
- 14.Faonio, A., Nielsen, J.B., Venturi, D.: Mind your coins: fully leakage-resilient signatures with graceful degradation. In: Halldórsson, M.M., Iwama, K., Kobayashi, N., Speckmann, B. (eds.) ICALP 2015. LNCS, vol. 9134, pp. 456–468. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-47672-7_37CrossRefGoogle Scholar
- 31.Parno, B., Howell, J., Gentry, C., Raykova, M.: Pinocchio: nearly practical verifiable computation. In: 2013 IEEE Symposium on Security and Privacy, pp. 238–252 (2013)Google Scholar