Paper 2013/845

How to Keep a Secret: Leakage Deterring Public-key Cryptography

Aggelos Kiayias and Qiang Tang


How is it possible to prevent the sharing of cryptographic functions? This question appears to be fundamentally hard to address since in this setting the owner of the key {\em is} the adversary: she wishes to share a program or device that (potentially only partly) implements her main cryptographic functionality. Given that she possesses the cryptographic key, it is impossible for her to be {\em prevented} from writing code or building a device that uses that key. She may though be {\em deterred} from doing so. We introduce {\em leakage-deterring} public-key cryptographic primitives to address this problem. Such primitives have the feature of enabling the embedding of owner-specific private data into the owner's public-key so that given access to {\em any} (even partially functional) implementation of the primitive, the recovery of the data can be facilitated. We formalize the notion of leakage-deterring in the context of encryption, signature, and identification and we provide efficient generic constructions that facilitate the recoverability of the hidden data while retaining privacy as long as no sharing takes place.

Available format(s)
Public-key cryptography
Publication info
Published elsewhere. Major revision. ACM CCS 2013
Contact author(s)
qtang84 @ gmail com
2017-07-04: last of 3 revisions
2013-12-17: received
See all versions
Short URL
Creative Commons Attribution


      author = {Aggelos Kiayias and Qiang Tang},
      title = {How to Keep a Secret:  Leakage Deterring Public-key Cryptography},
      howpublished = {Cryptology ePrint Archive, Paper 2013/845},
      year = {2013},
      doi = {10.1145/2508859.2516691},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.