SPEAKER: Yevgeniy Vahlis, Columbia
Resilient to Continual Leakage on Memory and Computation
breakthrough results by Brakerski et.al. and Dodis et.al.haveshown that signature schemes can be made secure even if the adversarycontinually obtains information leakage from
the secret key of thescheme. However,
the schemes currently do not allow leakage on thesecret key and randomness during signing,
except in the randomoracle model.
Further, the random oracle based schemes require updates tothe secret key in order to maintain security,
even when no leakageduring computation
We present the
first signature scheme that is resilient to full continual
leakage as well as leakage from processing duringsigning (both from the secret key and the
randomness), inkey generation, and in
Our scheme can
tolerate leakage of a 1-o(1) fraction of the secretkey between updates, and is proven secure in
the standard model basedon the
symmetric external DDH(SXDH) assumption
in bilinear groups.
The time periods
between updates are a function of the amount ofleakage in the period (and nothing more).
makes new use of the Groth-Sahai proof systems, and inparticular avoids composing proofs, which
gives improved efficiency. Inaddition,
we introduce a new tool: independent pre-image resistant hashfunctions, which may be of independent
Joint work with Tal Malkin, Isamu Teranishi, and Moti