---
_id: '3234'
abstract:
- lang: eng
text: 'The strongest standard security notion for digital signature schemes is unforgeability
under chosen message attacks. In practice, however, this notion can be insufficient
due to "side-channel attacks" which exploit leakage of information about
the secret internal state. In this work we put forward the notion of "leakage-resilient
signatures," which strengthens the standard security notion by giving the
adversary the additional power to learn a bounded amount of arbitrary information
about the secret state that was accessed during every signature generation. This
notion naturally implies security against all side-channel attacks as long as
the amount of information leaked on each invocation is bounded and "only
computation leaks information." The main result of this paper is a construction
which gives a (tree-based, stateful) leakage-resilient signature scheme based
on any 3-time signature scheme. The amount of information that our scheme can
safely leak per signature generation is 1/3 of the information the underlying
3-time signature scheme can leak in total. Signature schemes that remain secure
even if a bounded total amount of information is leaked were recently constructed,
hence instantiating our construction with these schemes gives the first constructions
of provably secure leakage-resilient signature schemes. The above construction
assumes that the signing algorithm can sample truly random bits, and thus an implementation
would need some special hardware (randomness gates). Simply generating this randomness
using a leakage-resilient stream-cipher will in general not work. Our second contribution
is a sound general principle to replace uniform random bits in any leakage-resilient
construction with pseudorandom ones: run two leakage-resilient stream-ciphers
(with independent keys) in parallel and then apply a two-source extractor to their
outputs. '
alternative_title:
- LNCS
author:
- first_name: Sebastian
full_name: Faust, Sebastian
last_name: Faust
- first_name: Eike
full_name: Kiltz, Eike
last_name: Kiltz
- first_name: Krzysztof Z
full_name: Krzysztof Pietrzak
id: 3E04A7AA-F248-11E8-B48F-1D18A9856A87
last_name: Pietrzak
orcid: 0000-0002-9139-1654
- first_name: Guy
full_name: Rothblum, Guy N
last_name: Rothblum
citation:
ama: 'Faust S, Kiltz E, Pietrzak KZ, Rothblum G. Leakage resilient signatures. In:
Vol 5978. Springer; 2010:343-360. doi:10.1007/978-3-642-11799-2_21'
apa: 'Faust, S., Kiltz, E., Pietrzak, K. Z., & Rothblum, G. (2010). Leakage
resilient signatures (Vol. 5978, pp. 343–360). Presented at the TCC: Theory of
Cryptography Conference, Springer. https://doi.org/10.1007/978-3-642-11799-2_21'
chicago: Faust, Sebastian, Eike Kiltz, Krzysztof Z Pietrzak, and Guy Rothblum. “Leakage
Resilient Signatures,” 5978:343–60. Springer, 2010. https://doi.org/10.1007/978-3-642-11799-2_21.
ieee: 'S. Faust, E. Kiltz, K. Z. Pietrzak, and G. Rothblum, “Leakage resilient signatures,”
presented at the TCC: Theory of Cryptography Conference, 2010, vol. 5978, pp.
343–360.'
ista: 'Faust S, Kiltz E, Pietrzak KZ, Rothblum G. 2010. Leakage resilient signatures.
TCC: Theory of Cryptography Conference, LNCS, vol. 5978, 343–360.'
mla: Faust, Sebastian, et al. Leakage Resilient Signatures. Vol. 5978, Springer,
2010, pp. 343–60, doi:10.1007/978-3-642-11799-2_21.
short: S. Faust, E. Kiltz, K.Z. Pietrzak, G. Rothblum, in:, Springer, 2010, pp.
343–360.
conference:
name: 'TCC: Theory of Cryptography Conference'
date_created: 2018-12-11T12:02:10Z
date_published: 2010-03-26T00:00:00Z
date_updated: 2021-01-12T07:41:59Z
day: '26'
doi: 10.1007/978-3-642-11799-2_21
extern: 1
intvolume: ' 5978'
month: '03'
page: 343 - 360
publication_status: published
publisher: Springer
publist_id: '3447'
quality_controlled: 0
status: public
title: Leakage resilient signatures
type: conference
volume: 5978
year: '2010'
...