The physically observable security of signature schemes

Abstract

In recent years much research has been devoted to producing formal models of security for cryptographic primitives and to designing schemes that can be proved secure in such models. This line of research typically assumes that an adversary is given black-box access to a cryptographic mechanism that uses some secret key. One then proves that this black-box access does not help the adversary to achieve its task. An increasingly popular environment for cryptographic implementation is the smart-card. In such an environment a definition of security that provides an adversary with only black-box access to the cryptography under attack may be unrealistic. This is illustrated by attacks such as the power-analysis methods proposed by Kocher and others. In this paper we attempt to formally define a set of necessary conditions on an implementation of a cryptosystem so that security against an adversary with black-box access is preserved in a more hostile environment such as the smart-card. Unlike the previous work in this area we concentrate on high-level primitives. The particular example that we take is the digital signature scheme.1 © Springer-Verlag Berlin Heidelberg 2005.