Mind Your Coins: Fully Leakage-Resilient Signatures with Graceful Degradation

We construct new leakage-resilient signature schemes. Our schemes remain unforgeable
against an adversary leaking arbitrary (yet bounded) information on the entire state of the
signer (sometimes known as fully leakage resilience).
The main feature of our constructions, is that they o er a graceful degradation of security
in situations where standard existential unforgeability is impossible. This property was
recently put forward by Nielsen et al. (PKC 2014) to deal with settings in which the secret
key is much larger than the size of a signature. One remarkable such case is the so-called
Bounded Retrieval Model (BRM), where one intentionally in
ates the size of the secret key
while keeping constant the signature size and the computational complexity of the scheme.
Our main constructions have leakage rate 1􀀀o(1), and are proven secure in the standard
model. We additionally give a construction in the BRM, relying on a random oracle. All
of our schemes are described in terms of generic building blocks, but also admit ecientbr /> instantiations under fairly standard number-theoretic assumptions. Finally, we explain howbr /> to extend some of our schemes to the setting of noisy leakage, where the only restriction onbr /> the leakage functions is that the output does not decrease the min-entropy of the secret keybr /> by too much./p>