Cryptology ePrint Archive: Report 2009/220

Signature Schemes with Bounded Leakage Resilience

Jonathan Katz

Abstract: A leakage-resilient cryptosystem remains secure even if arbitrary, but bounded, information about the secret key (or possibly other internal state information) is leaked to an adversary. Denote the length of the secret key by $n$. We show a signature scheme tolerating (optimal) leakage of up to $n-n^\epsilon$ bits of information about the secret key, and a more efficient one-time signature scheme that tolerates leakage of $(\frac{1}{4}-\epsilon) \cdot n$ bits of information about the signer's entire state. The latter construction extends to give a leakage-resilient $t$-time signature scheme. All these constructions are in the standard model under general assumptions.

Category / Keywords: public-key cryptography / signatures, leakage resilience

Date: received 25 May 2009

Contact author: jkatz at cs umd edu

Available formats: PDF | BibTeX Citation

Note: Replaces ePrint report 2009/133

Version: 20090526:044303 (All versions of this report)

Discussion forum: Show discussion | Start new discussion