Efficient Online/Offline Signatures with Computational Leakage Resilience in Online Phase

An online/offline signature scheme allows separation of its signing algorithm into offline phase and online phase. There have been many constructions in the literature, and they are provably secure under chosen-message attacks. However, it has recently been shown that this security notion is insufficient due to side-channel attacks, where an adversary can exploit leakage of information from the implementation of the signing algorithm. Regarding the implementation of online/offline signatures, we found that the online phase is much more critical than the offline phase. In this paper, we propose two efficient online/offline signature schemes. Our online phase is secure with unbounded leakage resilience as long as the assumption that only computation leaks information holds. Our constructions offer a very short signature length and they are efficient in the online phase with modular additions only.

[1]  Silvio Micali,et al.  On-Line/Off-Line Digital Schemes , 1989, CRYPTO.

[2]  Stefan Dziembowski,et al.  Leakage-Resilient Cryptography , 2008, 2008 49th Annual IEEE Symposium on Foundations of Computer Science.

[3]  Fuchun Guo,et al.  Optimal Online/Offline Signature: How to Sign a Message without Online Computation , 2008, ProvSec.

[4]  Vinod Vaikuntanathan,et al.  Signature Schemes with Bounded Leakage Resilience , 2009, ASIACRYPT.

[5]  D. Boneh,et al.  Short Signatures from the Weil Pairing , 2001, Journal of Cryptology.

[6]  Yi Mu,et al.  Efficient Generic On-Line/Off-Line Signatures Without Key Exposure , 2007, ACNS.

[7]  Brent Waters,et al.  Efficient Identity-Based Encryption Without Random Oracles , 2005, EUROCRYPT.

[8]  Ralph C. Merkle,et al.  A Digital Signature Based on a Conventional Encryption Function , 1987, CRYPTO.

[9]  Eike Kiltz,et al.  Programmable Hash Functions and Their Applications , 2008, CRYPTO.

[10]  Yael Tauman Kalai,et al.  Improved Online/Offline Signature Schemes , 2001, CRYPTO.

[11]  Moni Naor,et al.  Public-Key Cryptosystems Resilient to Key Leakage , 2009, SIAM J. Comput..

[12]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[13]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[14]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[15]  Craig Gentry,et al.  Practical Identity-Based Encryption Without Random Oracles , 2006, EUROCRYPT.

[16]  Dan Boneh,et al.  Short Signatures Without Random Oracles , 2004, EUROCRYPT.

[17]  Richard J. Lipton,et al.  On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract) , 1997, EUROCRYPT.

[18]  Mihir Bellare,et al.  Fast Batch Verification for Modular Exponentiation and Digital Signatures , 1998, IACR Cryptol. ePrint Arch..

[19]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[20]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[21]  Silvio Micali,et al.  Physically Observable Cryptography (Extended Abstract) , 2004, TCC.

[22]  Jean-Jacques Quisquater,et al.  ElectroMagnetic Analysis (EMA): Measures and Counter-Measures for Smart Cards , 2001, E-smart.

[23]  Guy N. Rothblum,et al.  Leakage-Resilient Signatures , 2010, TCC.