**Signature Schemes with Bounded Leakage Resilience**

*Jonathan Katz*

**Abstract: **A leakage-resilient cryptosystem remains secure even if arbitrary, but bounded, information about the secret key (or possibly other internal state information) is leaked to an adversary. Denote the length of the secret key by $n$. We show a signature scheme tolerating (optimal) leakage of up to $n-n^\epsilon$ bits of information about the secret key, and a more efficient one-time signature scheme that tolerates leakage of $(\frac{1}{4}-\epsilon) \cdot n$ bits of information about the signer's entire state. The latter construction extends to give a leakage-resilient $t$-time signature scheme. All these constructions are in the standard model under general assumptions.

**Category / Keywords: **public-key cryptography / signatures, leakage resilience

**Date: **received 25 May 2009

**Contact author: **jkatz at cs umd edu

**Available format(s): **PDF | BibTeX Citation

**Note: **Replaces ePrint report 2009/133

**Version: **20090526:044303 (All versions of this report)

**Short URL: **ia.cr/2009/220

**Discussion forum: **Show discussion | Start new discussion

[ Cryptology ePrint archive ]