Advertisement

Signature Schemes with Bounded Leakage Resilience

  • Jonathan Katz
  • Vinod Vaikuntanathan
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5912)

Abstract

A leakage-resilient cryptosystem remains secure even if arbitrary, but bounded, information about the secret key (and possibly other internal state information) is leaked to an adversary. Denote the length of the secret key by n. We show:
  • A full-fledged signature scheme tolerating leakage of n − n ε bits of information about the secret key (for any constant ε> 0), based on general assumptions.

  • A one-time signature scheme, based on the minimal assumption of one-way functions, tolerating leakage of \((\frac{1}{4}-\epsilon) \cdot n\) bits of information about the signer’s entire state.

  • A more efficient one-time signature scheme, that can be based on several specific assumptions, tolerating leakage of \((\frac{1}{2}-\epsilon) \cdot n\) bits of information about the signer’s entire state.

The latter two constructions extend to give leakage-resilient t-time signature schemes. All the above constructions are in the standard model.

Keywords

Signature Scheme Random Oracle Model Common Reference String Leakage Function Leakage Resilience 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Akavia, A., Goldwasser, S., Vaikuntanathan, V.: Simultaneous hardcore bits and cryptography against memory attacks. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 474–495. Springer, Heidelberg (2009)Google Scholar
  2. 2.
    Alwen, J., Dodis, Y., Wichs, D.: Public key cryptography in the bounded retrieval model and security against side-channel attacks. In: Halevi, S. (ed.) Crypto 2009. LNCS, vol. 5677, pp. 1–17. Springer, Heidelberg (2009)Google Scholar
  3. 3.
    Biham, E., Carmeli, Y., Shamir, A.: Bug attacks. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 221–240. Springer, Heidelberg (2008)Google Scholar
  4. 4.
    Boneh, D., Brumley, D.: Remote timing attacks are practical. Computer Networks 48(5), 701–716 (2005)CrossRefGoogle Scholar
  5. 5.
    Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of checking cryptographic protocols for faults. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 37–51. Springer, Heidelberg (1997)Google Scholar
  6. 6.
    Canetti, R., Dodis, Y., Halevi, S., Kushilevitz, E., Sahai, A.: Exposure-resilient functions and all-or-nothing transforms. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 453–469. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  7. 7.
    Cramer, R., Damgård, I.: Secure signature schemes based on interactive protocols. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 297–310. Springer, Heidelberg (1995)Google Scholar
  8. 8.
    De Santis, A., Di Crescenzo, G., Ostrovsky, R., Persiano, G., Sahai, A.: Robust non-interactive zero knowledge. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 566–598. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  9. 9.
    Dodis, Y., Kalai, Y., Lovett, S.: On cryptography with auxiliary input. In: 41st Annual ACM Symposium on Theory of Computing (STOC), pp. 621–630. ACM, New York (2009)CrossRefGoogle Scholar
  10. 10.
    Dodis, Y., Kalai, Y., Vaikuntanathan, V.: Public-key encryption schemes with auxiliary inputs (manuscript, 2009)Google Scholar
  11. 11.
    Dziembowski, S., Pietrzak, K.: Leakage-resilient cryptography. In: 49th Annual Symposium on Foundations of Computer Science (FOCS), pp. 293–302. IEEE, Los Alamitos (2008), Full version: http://eprint.iacr.org/2008/240 CrossRefGoogle Scholar
  12. 12.
    Faust, S., Kiltz, E., Pietrzak, K., Rothblum, G.: Leakage-resilient signatures, http://eprint.iacr.org/2009/282
  13. 13.
    Fiat, A., Shamir, A.: How to prove yourself: Practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987)Google Scholar
  14. 14.
    Fischlin, M., Fischlin, R.: The representation problem based on factoring. In: Preneel, B. (ed.) CT-RSA 2002. LNCS, vol. 2271, pp. 96–113. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  15. 15.
    Goldwasser, S., Micali, S., Rivest, R.L.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM Journal on Computing 17(2), 281–308 (1988)MATHCrossRefMathSciNetGoogle Scholar
  16. 16.
    Guillou, L.C., Quisquater, J.-J.: A “paradoxical” indentity-based signature scheme resulting from zero-knowledge. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 216–231. Springer, Heidelberg (1990)Google Scholar
  17. 17.
    Halderman, A., Schoen, S., Heninger, N., Clarkson, W., Paul, W., Calandrino, J., Feldman, A., Applebaum, J., Felten, E.: Lest we remember: Cold boot attacks on encryption keys. In: Proc. 17th USENIX Security Symposium, pp. 45–60. USENIX Association (2008)Google Scholar
  18. 18.
    Hsiao, C.-Y., Reyzin, L.: Finding collisions on a public road, or do secure hash functions need secret coins? In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 92–105. Springer, Heidelberg (2004)Google Scholar
  19. 19.
    Ishai, Y., Sahai, A., Wagner, D.: Private circuits: Securing hardware against probing attacks. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 463–481. Springer, Heidelberg (2003)Google Scholar
  20. 20.
    Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)Google Scholar
  21. 21.
    Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)Google Scholar
  22. 22.
    Kumar, R., Rajagopalan, S., Sahai, A.: Coding constructions for blacklisting problems without computational assumptions. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 609–623. Springer, Heidelberg (1999)Google Scholar
  23. 23.
    Lamport, L.: Constructing digital signatures from a one-way function. Technical Report SRI-CSL-98, SRI International Computer Science Laboratory (October 1979)Google Scholar
  24. 24.
    Lyubashevsky, V., Micciancio, D.: Asymptotically efficient lattice-based digital signatures. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 37–54. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  25. 25.
    Micali, S., Reyzin, L.: Physically observable cryptography. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 278–296. Springer, Heidelberg (2004)Google Scholar
  26. 26.
    Naor, M., Segev, G.: Public-key cryptosystems resilient to key leakage. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 18–35. Springer, Heidelberg (2009), http://eprint.iacr.org/2009/105 CrossRefGoogle Scholar
  27. 27.
    Naor, M., Yung, M.: Universal one-way hash functions and their cryptographic applications. In: 21st Annual ACM Symposium on Theory of Computing (STOC), pp. 33–43. ACM Press, New York (1989)Google Scholar
  28. 28.
    Nguyen, P.Q., Shparlinski, I.: The insecurity of the digital signature algorithm with partially known nonces. Journal of Cryptology 15(3), 151–176 (2002)MATHCrossRefMathSciNetGoogle Scholar
  29. 29.
    Okamoto, T.: Provably secure and practical identification schemes and corresponding signature schemes. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 31–53. Springer, Heidelberg (1993)Google Scholar
  30. 30.
    Ong, H., Schnorr, C.-P.: Fast signature generation with a Fiat-Shamir-like scheme. In: Damgård, I.B. (ed.) EUROCRYPT 1990. LNCS, vol. 473, pp. 432–440. Springer, Heidelberg (1991)Google Scholar
  31. 31.
    Pietrzak, K.: A leakage-resilient mode of operation. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 462–482. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  32. 32.
    Porat, E., Rothschild, A.: Explicit non-adaptive combinatorial group testing schemes. In: Aceto, L., Damgård, I., Goldberg, L.A., Halldórsson, M.M., Ingólfsdóttir, A., Walukiewicz, I. (eds.) ICALP 2008, Part I. LNCS, vol. 5125, pp. 748–759. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  33. 33.
    Sahai, A.: Non-malleable non-interactive zero knowledge and adaptive chosen-ciphertext security. In: 40th Annual Symposium on Foundations of Computer Science (FOCS), pp. 543–553. IEEE, Los Alamitos (1999)Google Scholar
  34. 34.
    Schnorr, C.-P.: Efficient identification and signatures for smart cards. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 239–252. Springer, Heidelberg (1990)Google Scholar
  35. 35.
    Standaert, F.-X., Malkin, T., Yung, M.: A unified framework for the analysis of side-channel key recovery attacks. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 443–461. Springer, Heidelberg (2009)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Jonathan Katz
    • 1
  • Vinod Vaikuntanathan
    • 2
  1. 1.University of Maryland 
  2. 2.IBM Research 

Personalised recommendations