Abstract
A leakage-resilient cryptosystem remains secure even if arbitrary, but bounded, information about the secret key (and possibly other internal state information) is leaked to an adversary. Denote the length of the secret key by n. We show: A full-fledged signature scheme tolerating leakage of n - n ε bits of information about the secret key (for any constant ε > 0), based on general assumptions. A one-time signature scheme, based on the minimal assumption of one-way functions, tolerating leakage of (1/4 - ε)·n bits of information about the signer's entire state. A more efficient one-time signature scheme, that can be based on several specific assumptions, tolerating leakage of (1/2 - ε)·n bits of information about the signer's entire state. The latter two constructions extend to give leakage-resilient t-time signature schemes. All the above constructions are in the standard model. © 2009 Springer-Verlag.
Cite
CITATION STYLE
Katz, J., & Vaikuntanathan, V. (2009). Signature schemes with bounded leakage resilience. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 5912 LNCS, pp. 703–720). https://doi.org/10.1007/978-3-642-10366-7_41
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
