Watermarking public‐key cryptographic functionalities and implementations: The case of encryption and signatures

Abstract A watermarking scheme for a public‐key cryptographic functionality enables the embedding of a mark in the instance of the secret‐key algorithm such that the functionality of the original scheme is maintained, while it is infeasible for an adversary to remove the mark (unremovability) or mark a fresh object without the marking key (unforgeability). A number of works have appeared in the literature proposing different definitional frameworks and schemes secure under a wide range of assumptions. In the previous work [1, 2], the authors proposed a meaningful relaxation of the watermarking model and gave constructions that allow direct watermarking of popular cryptographic schemes (e.g. ElGamal Encryption). A definitional framework for watermarking public‐key cryptographic functionalities and implementations which covers both deterministic (e.g. decryption) and probabilistic (e.g. signing) secret‐key algorithms is provided. The authors’ work unifies the previous results of [1, 2] where deterministic and probabilistic circuits to be watermarked as separate cases are considered. The constructions of [1, 2] were previously presented as extended abstracts missing rigorous security proofs. The authors prove those constructions secure under their new, unified framework. In the authors’ schemes secret detection of the watermark is provided, and security under minimal hardness assumptions assuming only the existence of one‐way functions, is proved.