Signature schemes secure against hard-to-invert leakage

Abstract

In the auxiliary input model an adversary is allowed to see a computationally hard-to-invert function of the secret key. The auxiliary input model weakens the bounded leakage assumption commonly made in leakage resilient cryptography as the hard-to-invert function may information-theoretically reveal the entire secret key. In this work, we propose the first constructions of digital signature schemes that are secure in the auxiliary input model. Our main contribution is a digital signature scheme that is secure against chosen message attacks when given an exponentially hard-to-invert function of the secret key. As a second contribution, we construct a signature scheme that achieves security for random messages assuming that the adversary is given a polynomialtime hard to invert function. Here, polynomial-hardness is required even when given the entire public-key - so called weak auxiliary input security. We show that such signature schemes readily give us auxiliary input secure identification schemes. © International Association for Cryptologic Research 2012.