Leakage-resilient Signature Scheme Research Articles

Fully Secure ID-Based Signature Scheme with Continuous Leakage Resilience

The side channel attacks will lead to the destruction of the security of the traditional cryptographic scheme. Leakage-resilient identity-based signature has attracted great attention. Based on the dual system encryption technology, we construct an identity-based signature scheme that can resist continuous private key leakage. In the standard model, the security of the scheme is proved. The key points of our leakage-resilient signature scheme are as follows: (1) The private key can be extended according to the security requirements. In other words, when the leakage is serious, we can select a bigger value n, where n is a parameter related to the leakage rate. (2) An elaborate key update algorithm makes the scheme resist continuous leakage attacks. Furthermore, the updated private key has the same distribution as the previous private key. (3) The proposed scheme is fully secure in the standard model rather than in the random oracle model or in the general group model. In order to achieve this goal, we use dual system encryption technology. Thus, the security of the constructed scheme does not depend on the number of queries of the attacker.

P.4.e.004 - MicroRNA signature associated with enhanced vulnerability to develop psychiatric disorders: dissecting the mechanisms by using an in vitro model

We construct new leakage-resilient signature schemes. Our schemes remain unforgeable against an adversary leaking arbitrary (yet bounded) information on the entire state of the signer (sometimes known as fully leakage resilience), including the random coin tosses of the signing algorithm.The main feature of our constructions is that they offer a graceful degradation of security in situations where standard existential unforgeability is impossible. This property was recently put forward by Nielsen, Venturi, and Zottarel (PKC 2014) [19] to deal with settings in which the secret key is much larger than the size of a signature. One remarkable such case is the so-called Bounded-Retrieval Model (BRM), where one intentionally inflates the size of the secret key while keeping constant the signature size and the computational complexity of the scheme.Our main constructions have leakage rate 1−o(1), and are proven secure in the standard model. We additionally give a construction in the BRM, relying on a random oracle. All of our schemes are described in terms of generic building blocks, but also admit efficient instantiations under fairly standard number-theoretic assumptions. Finally, we explain how to extend some of our schemes to the setting of noisy leakage, where the only restriction on the leakage functions is that the output does not decrease the min-entropy of the secret key by too much.

Leakage-Resilient Certificateless Short Signature Scheme

For a certificateless short signature scheme to be applied in practical applications, it should without various leakage attacks. In this paper, we present a new leakage-resilient certificateless short signature scheme whose security is based on the classical decisional Diffie-Hellman (DDH) assumption. Our scheme is leakage-resilient signature scheme, and leaked information is a maximum value (upper bound). What is more, our scheme also enjoys a higher relative leaked information rate and still semantically secure against adaptive chosen message attack. Besides these good performance features, we have formally proved the security of our scheme in the random oracle model under the hardness of the DDH problem. With these import features, our proposal may have some significant value in the practical applications. Compared to existing schemes, our new scheme has two advantages: (1) Our scheme is leakage-resilient certificateless short signature scheme; (2) Our Scheme is leakage-resilient signature scheme, and leaked information is a maximum value (upper bound).

Fully leakage-resilient signatures revisited: Graceful degradation, noisy leakage, and construction in the bounded-retrieval model

We construct new leakage-resilient signature schemes. Our schemes remain unforgeable against an adversary leaking arbitrary (yet bounded) information on the entire state of the signer (sometimes known as fully leakage resilience), including the random coin tosses of the signing algorithm.The main feature of our constructions is that they offer a graceful degradation of security in situations where standard existential unforgeability is impossible. This property was recently put forward by Nielsen, Venturi, and Zottarel (PKC 2014) [19] to deal with settings in which the secret key is much larger than the size of a signature. One remarkable such case is the so-called Bounded-Retrieval Model (BRM), where one intentionally inflates the size of the secret key while keeping constant the signature size and the computational complexity of the scheme.Our main constructions have leakage rate 1−o(1), and are proven secure in the standard model. We additionally give a construction in the BRM, relying on a random oracle. All of our schemes are described in terms of generic building blocks, but also admit efficient instantiations under fairly standard number-theoretic assumptions. Finally, we explain how to extend some of our schemes to the setting of noisy leakage, where the only restriction on the leakage functions is that the output does not decrease the min-entropy of the secret key by too much.

Generic transformations for existentially unforgeable signature schemes in the bounded leakage model

AbstractIn this paper, we present generic transformations, which allow us to be able to convert any signature scheme satisfying the weak existential unforgeability property into one satisfying the strong existential unforgeability property. Different from the previous researches, we consider this kind of transformations in the bounded leakage model, in which part of the secret information could be learned by the adversary. To achieve such transformations, we define a new cryptographic primitive called leakage resilient chameleon hash function and give an instantiation of it based on leakage resilient hard relation. By making use of this new variant of chameleon hash function, we improve the technique proposed by Steinfeld, Pieprzk, and Wang to obtain a generic transformation that works well in the bounded leakage model. Furthermore, we follow the construction of strong one‐time signature by Mohassel to give an instantiation of fully leakage resilient strong one‐time signature based on leakage resilient chameleon hash function. We prove that by combining the fully leakage resilient strong one‐time signature scheme with the transformation proposed by Huang, Wong, and Zhao, we can obtain another transformation that can convert any fully leakage resilient signature scheme that is weakly existentially unforgeable into one that is strongly existentially unforgeable without changing the signing key. Copyright © 2016 John Wiley & Sons, Ltd.

Strongly simulation-extractable leakage-resilient NIZK

This paper defines strongly simulation-extractable (sSE) leakage resiliency (LR), which is a new notion for non-interactive zero-knowledge (NIZK) proof system. For an sSE-NIZK proof system, there exists a probabilistic polynomial-time extractor that can always extract a correct witness from any valid proof generated by the adversary, who can obtain proofs of true statements previously given by the simulator. The proof generated by the adversary may depend on a statement---tag pair which has already been used by the simulator. Furthermore, if the adversary can also learn leakage on witnesses and randomness which can explain the proofs generated by the simulator, then the sSE-NIZK proof system is said to satisfy the property of LR. In ASIACRYPT 2010, Dodis, Haralambiev, Lopez-Alt, and Wichs proposed the definitions of true simulation-extractable (tSE) NIZK proof system and sSE-NIZK proof system and gave their constructions. The tSE-NIZK proof system is the same as the sSE-NIZK proof system except that the proof generated by the adversary cannot depend on a statement---tag pair which was used by the simulator. As an extension of the tSE-NIZK proof system, Garg, Jain, and Sahai defined a new notion for NIZK proof system called tSE-LR in CRYPTO 2011 and provided the construction of tSE-LR-NIZK proof system. We extend the notion of tSE-LR-NIZK proof system and construct it by improving the construction of tSE-LR-NIZK proof system. An sSE-LR-NIZK proof system is applicable to construct a fully leakage-resilient signature scheme which is strongly existentially unforgeable, while a tSE-LR-NIZK proof system is applicable to construct one which just satisfies the weak existentially unforgeability. Although there has already been a great deal of research proposed for cryptographic primitives in the leakage models, as far as we know, this is the first fully leakage-resilient signature scheme that is strongly existentially unforgeable.

Fully Leakage-Resilient Signatures

A signature scheme is fully leakage resilient (Katz and Vaikuntanathan, ASIACRYPT’09) if it is existentially unforgeable under an adaptive chosen-message attack even in a setting where an adversary may obtain bounded (yet arbitrary) leakage information on all intermediate values that are used throughout the lifetime of the system. This is a strong and meaningful notion of security that captures a wide range of side-channel attacks.One of the main challenges in constructing fully leakage-resilient signature schemes is dealing with leakage that may depend on the random bits used by the signing algorithm, and constructions of such schemes are known only in the random-oracle model. Moreover, even in the random-oracle model, known schemes are only resilient to leakage of less than half the length of their signing key.In this paper we construct the first fully leakage-resilient signature schemes without random oracles. We present a scheme that is resilient to any leakage of length (1−o(1))L bits, where L is the length of the signing key. Our approach relies on generic cryptographic primitives, and at the same time admits rather efficient instantiations based on specific number-theoretic assumptions. In addition, we show that our approach extends to the continual-leakage model, recently introduced by Dodis, Haralambiev, Lopez-Alt and Wichs (FOCS’10), and by Brakerski, Tauman Kalai, Katz and Vaikuntanathan (FOCS’10). In this model the signing key is allowed to be refreshed, while its corresponding verification key remains fixed, and the amount of leakage is assumed to be bounded only in between any two successive key refreshes.