We construct a new leakage-resilient signature scheme. Our scheme remains unforgeable in the noisy leakage model, where the only restriction on the leakage is that it does not decrease the min-entropy of the secret key by too much. The leakage information can depend on the entire state of the signer; this property is sometimes known as fully leakage resilience. An additional feature of our construction, is that it offers a graceful degradation of security in situations where standard existential unforgeability is impossible. This property was recently put forward by Nielsen et al. (PKC 2014) in the bounded leakage model, to deal with settings in which the secret key is much larger than the size of a signature. For security parameter κ , our scheme tolerates leakage on the entire state of the signer until ω(logκ) bits of min-entropy are left in the secret key, and is proven secure in the standard model. While we describe our scheme in terms of generic building blocks, we also explain how to instantiate it efficiently under fairly standard number-theoretic assumptions.
Mind your coins: fully leakage-resilient signatures with graceful degradation / Faonio, Antonio; Nielsen, Jesper Buus; Venturi, Daniele. - 9134:(2015), pp. 456-468. (Intervento presentato al convegno 42nd International Colloquium on Automata, Languages and Programming, ICALP 2015 tenutosi a Kyoto nel 2015) [10.1007/978-3-662-47672-7_37].
Mind your coins: fully leakage-resilient signatures with graceful degradation
FAONIO, ANTONIO;VENTURI, DANIELE
2015
Abstract
We construct a new leakage-resilient signature scheme. Our scheme remains unforgeable in the noisy leakage model, where the only restriction on the leakage is that it does not decrease the min-entropy of the secret key by too much. The leakage information can depend on the entire state of the signer; this property is sometimes known as fully leakage resilience. An additional feature of our construction, is that it offers a graceful degradation of security in situations where standard existential unforgeability is impossible. This property was recently put forward by Nielsen et al. (PKC 2014) in the bounded leakage model, to deal with settings in which the secret key is much larger than the size of a signature. For security parameter κ , our scheme tolerates leakage on the entire state of the signer until ω(logκ) bits of min-entropy are left in the secret key, and is proven secure in the standard model. While we describe our scheme in terms of generic building blocks, we also explain how to instantiate it efficiently under fairly standard number-theoretic assumptions.File | Dimensione | Formato | |
---|---|---|---|
Venturi_Mind_2015.pdf
accesso aperto
Note: Full version
Tipologia:
Documento in Post-print (versione successiva alla peer review e accettata per la pubblicazione)
Licenza:
Tutti i diritti riservati (All rights reserved)
Dimensione
705.71 kB
Formato
Adobe PDF
|
705.71 kB | Adobe PDF |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.