Research On Leakage-Resilient Signature Against Related-Key Attacks

Modem cryptography, starting from the foundational work in the late 70s, has been a huge success, leading to the definition and construction of various cryptographic primitives such as digital signatures, public-key encryption, identity-based encryption, and so forth. In the modern cryptography system, the working assumption is that the adversary views the system as a blackbox. That is, an adversary can only observe the input/output behavior of the system and knows nothing about internal states. However, it has been observed that this assumption does not hold in practice. When running a cryptographic device, the adversary can observe some physical characteristics of the system, such as timing, power consumption, electromagnetic radiation, and so forth. All of these physical characteristics will leak information about the secret key. In this way, it’s possible for the adversary to attack successfully.Till now, the types of attacks for cryptographic device are usually distinguished as leakage and tampering attacks respectively. The former, also known as side-channel attacks, is described that when running a cryptographic device, the adversary can observe the physical characteristics of the execution of this cryptographic device. These physical characteristics will leak information about the secret key used in the whole system. The latter, called tampering attacks, tampers the secret information proactively and observes the output behavior of the system.In this paper, we primarily explore how to construct a signature scheme which resists chosen message attack and meets requirements of leakage-resilience and tamper-resilience. At this moment, we take both of the two attacks described above into consideration rather than consider only one of them. Firstly in the case of no leakage on randomness, we give a signature scheme and its security proof. In our scheme, we use an extractor to randomize the value of correlated input hash function which will help to handle leakage about secret key.Because of the difference between signature and public encryption, we have to take the leakage on randomness into consideration. As is known, we use the public key to make encryptions. But as to signature, we use the secret key instead. So when consider leakage on randomness, the adversary may obtain some useful information about the secret key and make a forgery of the original signature. So we consider the case when there exists leakage on randomness and improve the scheme described before. In such case we prove the security of our fully leakage signature scheme.