# How to Strengthen the Security of Signature Schemes in the Leakage Models: A Survey

## Abstract

We give a survey on generic transformations that strengthen the security of signature schemes, which are exploited in most cryptographic protocols, in the leakage models. In ProvSec 2014, Wang and Tanaka proposed a transformation which converts weakly existentially unforgeable signature schemes into strongly existentially unforgeable ones in the bounded leakage model. To obtain the construction, they combined a leakage resilient chameleon hash function with the Generalized Boneh–Shen–Waters (GBSW) transformation proposed by Steinfeld, Pieprzyk, and Wang. In ACISP 2015, Wang and Tanaka proposed another transformation in the continual leakage model. To achieve the goal, they defined a continuous leakage resilient (CLR) chameleon hash function and constructed it based on the CLR signature scheme proposed by Malkin, Teranishi, Vahlis, and Yung. Then they improved the GBSW transformation by making use of the Groth–Sahai proof system and then combine it with CLR chameleon hash functions. In Security and Communication Networks, Wang and Tanaka additionally gave an instantiation of (restricted) fully leakage resilient strong one-time signature based on leakage resilient chameleon hash functions, following the construction of strong one-time signature by Mohassel. They also proved that by combining a (restricted) fully leakage resilient strong one-time signature scheme with the transformation proposed by Huang, Wong, and Zhao, another transformation that can strengthen the security of fully leakage resilient signature schemes without changing signing keys can be obtained.

## Keywords

Bounded leakage resiliency Continual leakage resiliency Signature Strong existential unforgeability Chameleon hash function Generic transformation## Notes

### Acknowledgements

The first author is supported by a JSPS Fellowship for Young Scientists and JSPS KAKENHI 16J10697. The second is supported by Input Output Hong Kong, I-System, Nomura Research Institute, NTT Secure Platform Laboratories and JSPS KAKENHI 16H01705.

## References

- 1.A. Akavia, S. Goldwasser, V. Vaikuntanathan, Simultaneous hardcore bits and cryptography against memory attacks, in
*Theory of Cryptography*, ed. by O. Reingold. Lecture Notes in Computer Science, vol. 5444 (Springer, Berlin, 2009), pp. 474–495Google Scholar - 2.J. Alwen, Y. Dodis, D. Wichs, Leakage-resilient public-key cryptography in the bounded-retrieval model, in
*Advances in Cryptology CRYPTO 2009*, ed. by S. Halevi. Lecture Notes in Computer Science, vol. 5677 (Springer, Berlin, 2009), pp. 36–54Google Scholar - 3.J. Alwen, Y. Dodis, M. Naor, G. Segev, S. Walfish, D. Wichs, Public-key encryption in the bounded-retrieval model, in
*Advances in Cryptology EUROCRYPT 2010*, ed. by H. Gilbert. Lecture Notes in Computer Science, vol. 6110 (Springer, Berlin, 2010), pp. 113–134Google Scholar - 4.M. Bellare, S. Shoup, Two-tier signatures, strongly unforgeable signatures, and Fiat-Shamir without random oracles, in
*Public Key Cryptography PKC 2007*, ed. by T. Okamoto, X. Wang. Lecture Notes in Computer Science, vol. 4450 (Springer, Berlin, 2007), pp. 201–216Google Scholar - 5.D. Boneh, E. Shen, B. Waters, Strongly unforgeable signatures based on computational Diffie-Hellman, in
*Public Key Cryptography PKC 2006*, ed. by M. Yung, Y. Dodis, A. Kiayias, T. Malkin. Lecture Notes in Computer Science, vol. 3958 (Springer, Berlin, 2006), pp. 229–240Google Scholar - 6.E. Boyle, G. Segev, D. Wichs, Fully leakage-resilient signatures, in
*Advances in Cryptology EUROCRYPT 2011*, ed. by K.G. Paterson. Lecture Notes in Computer Science, vol. 6632 (Springer, Berlin, 2011), pp. 89–108Google Scholar - 7.Z. Brakerski, S. Goldwasser, Circular and leakage resilient public-key encryption under subgroup indistinguishability, in
*Advances in Cryptology CRYPTO 2010*, ed. by T. Rabin. Lecture Notes in Computer Science, vol. 6223 (Springer, Berlin, 2010), pp. 1–20Google Scholar - 8.Z. Brakerski, Y. Kalai, J. Katz, V. Vaikuntanathan, Overcoming the hole in the bucket: public-key cryptography resilient to continual memory leakage, in
*2010 51st Annual IEEE Symposium on Foundations of Computer Science (FOCS)*(2010), pp. 501–510Google Scholar - 9.Y. Dodis, K. Haralambiev, A. López-Alt, D. Wichs, Cryptography against continuous memory attacks, in
*Proceedings of the 2010 IEEE 51st Annual Symposium on Foundations of Computer Science, FOCS’10, Washington, DC, USA*(IEEE Computer Society, 2010), pp. 511–520Google Scholar - 10.Y. Dodis, K. Haralambiev, A. López-Alt, D. Wichs, Efficient public-key cryptography in the presence of key leakage, in
*Advances in Cryptology ASIACRYPT 2010*, ed. by M. Abe. Lecture Notes in Computer Science, vol. 6477 (Springer, Berlin, 2010), pp. 613–631Google Scholar - 11.Y. Dodis, A. Lewko, B. Waters, D. Wichs, Storing secrets on continually leaky devices, in
*2011 IEEE 52nd Annual Symposium on Foundations of Computer Science (FOCS)*(2011), pp. 688–697Google Scholar - 12.S. Garg, A. Jain, A. Sahai, Leakage-resilient zero knowledge, in
*Advances in Cryptology CRYPTO 2011*, ed. by P. Rogaway. Lecture Notes in Computer Science, vol. 6841 (Springer, Berlin, 2011), pp. 297–315Google Scholar - 13.J. Groth, A. Sahai, Efficient noninteractive proof systems for bilinear groups. SIAM J. Comput.
**41**(5), 1193–1232 (2012)MathSciNetCrossRefzbMATHGoogle Scholar - 14.Q. Huang, D.S. Wong, Y. Zhao, Generic transformation to strongly unforgeable signatures, in
*Applied Cryptography and Network Security ACNS 2007*, ed. by J. Katz, M. Yung. Lecture Notes in Computer Science, vol. 4521 (Springer, Berlin, 2007), pp. 1–17Google Scholar - 15.J. Katz, V. Vaikuntanathan, Signature schemes with bounded leakage resilience, in
*Advances in Cryptology ASIACRYPT 2009*, ed. by M. Matsui. Lecture Notes in Computer Science, vol. 5912 (Springer, Berlin, 2009), pp. 703–720Google Scholar - 16.H. Krawczyk, T. Rabin, Chameleon signatures, in
*NDSS*(The Internet Society, 2000)Google Scholar - 17.A. Lewko, M. Lewko, B. Waters, How to leak on key updates, in
*Proceedings of the Forty-Third Annual ACM Symposium on Theory of Computing, STOC’11, New York, NY, USA*(ACM, 2011), pp. 725–734Google Scholar - 18.V. Lyubashevsky, A. Palacio, G. Segev, Public-key cryptographic primitives provably as secure as subset sum, in
*Theory of Cryptography*, ed. by D. Micciancio. Lecture Notes in Computer Science, vol. 5978 (Springer, Berlin, 2010), pp. 382–400Google Scholar - 19.T. Malkin, I. Teranishi, Y. Vahlis, M. Yung, Signatures resilient to continual leakage on memory and computation, in
*Theory of Cryptography*, ed. by Y. Ishai. Lecture Notes in Computer Science, vol. 6597 (Springer, Berlin, 2011), pp. 89–106Google Scholar - 20.P. Mohassel, One-time signatures and chameleon hash functions, in
*Selected Areas in Cryptography*, ed. by A. Biryukov, G. Gong, D. Stinson. Lecture Notes in Computer Science, vol. 6544 (Springer, Berlin, 2011), pp. 302–319Google Scholar - 21.M. Naor, G. Segev, Public-key cryptosystems resilient to key leakage, in
*Advances in Cryptology CRYPTO 2009*, ed. by S. Halevi. Lecture Notes in Computer Science, vol. 5677 (Springer, Berlin, 2009), pp. 18–35Google Scholar - 22.T. Okamoto, Provably secure and practical identification schemes and corresponding signature schemes, in
*Advances in Cryptology CRYPTO’92*, ed. by E. Brickell. Lecture Notes in Computer Science, vol. 740 (Springer, Berlin, 1993), pp. 31–53Google Scholar - 23.A. Shamir, Y. Tauman, Improved online/offline signature schemes, in
*Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology, CRYPTO’01, London, UK*(Springer, 2001), pp. 355–367Google Scholar - 24.R. Steinfeld, J. Pieprzyk, H. Wang, How to strengthen any weakly unforgeable signature into a strongly unforgeable signature, in
*Topics in Cryptology CT-RSA 2007*, ed. by M. Abe. Lecture Notes in Computer Science, vol. 4377 (Springer, Berlin, 2006), pp. 357–371Google Scholar - 25.I. Teranishi, T. Oyama, W. Ogata, General conversion for obtaining strongly existentially unforgeable signatures, in
*Progress in Cryptology INDOCRYPT 2006*, ed. by R. Barua, T. Lange. Lecture Notes in Computer Science, vol. 4329 (Springer, Berlin, 2006), pp. 191–205Google Scholar - 26.Y. Wang, K. Tanaka, Generic transformation to strongly existentially unforgeable signature schemes with leakage resiliency, in
*Provable Security*, ed. by S.S. Chow, J.K. Liu, L.C. Hui, S.M. Yiu. Lecture Notes in Computer Science, vol. 8782 (Springer International Publishing, New York, 2014), pp. 117–129Google Scholar - 27.Y. Wang, K. Tanaka, Strongly simulation-extractable leakage-resilient NIZK, in
*Information Security and Privacy*, ed. by W. Susilo, Y. Mu. Lecture Notes in Computer Science, vol. 8544 (Springer International Publishing, New York, 2014), pp. 66–81Google Scholar - 28.Y. Wang, K. Tanaka, Generic transformation to strongly existentially unforgeable signature schemes with continuous leakage resiliency, in
*Information Security and Privacy*, ed. by E. Foo, D. Stebila. Lecture Notes in Computer Science, vol. 9144 (Springer International Publishing, New York, 2015), pp. 213–229Google Scholar - 29.Y. Wang, K. Tanaka, Generic transformations for existentially unforgeable signature schemes in the bounded leakage model. Secur. Commun. Netw.
**9**(12), 1829–1842 (2016)CrossRefGoogle Scholar