IACR News item: 08 July 2014
Jesper Buus Nielsen, Daniele Venturi, Angela Zottarel
ePrint Reportleakage-resilient signatures secure against existential forgeries,
where the signature is much shorter than the leakage bound.
Current models of leakage-resilient signatures against existential
forgeries demand that the adversary cannot produce a new valid
message/signature pair $(m, \\sigma)$ even after receiving some
$\\lambda$ bits of leakage on the signing key. If $\\vert \\sigma \\vert
\\le \\lambda$, then the adversary can just choose to leak a valid
signature $\\sigma$, and hence signatures must be larger than the
allowed leakage, which is impractical as the goal often is to have
large signing keys to allow a lot of leakage.
We propose a new notion of leakage-resilient signatures against
existential forgeries where we demand that the adversary cannot
produce $n = \\lfloor \\lambda / \\vert \\sigma \\vert \\rfloor + 1$
distinct valid message/signature pairs
$(m_1, \\sigma_1), \\ldots, (m_n, \\sigma_n)$ after receiving
$\\lambda$ bits of leakage. If $\\lambda =
0$, this is the usual notion of existential unforgeability. If $1
Additional news items may be found on the IACR news page.