One-More Assumptions Do Not Help Fiat-Shamir-type Signature Schemes in NPROM

On the Fiat-Shamir-type signature schemes, there are several impossibility results concerning their provable security. Most of these impossibility results employ the non-programmable random oracle model (NPROM), and to the best of our knowledge, all impossibilities deal with the security reductions from the non-interactive cryptographic assumptions except for the result on the security of Schnorr signature scheme from the One-More DL (OM-DL) assumption in ProvSec2017.

[1]  Tibor Jager,et al.  On the Impossibility of Tight Cryptographic Reductions , 2016, IACR Cryptol. ePrint Arch..

[2]  Jean-Sébastien Coron,et al.  Optimal Security Proofs for PSS and Other Signature Schemes , 2002, EUROCRYPT.

[3]  Kazuo Ohta,et al.  A Digital Multisignature Scheme Based on the Fiat-Shamir Scheme , 1991, ASIACRYPT.

[5]  Rafael Pass,et al.  Limits of provable security from standard assumptions , 2011, STOC '11.

[6]  Marc Fischlin,et al.  Random Oracles with(out) Programmability , 2010, ASIACRYPT.

[7]  Masayuki Fukumitsu,et al.  Impossibility on the Provable Security of the Fiat-Shamir-Type Signatures in the Non-programmable Random Oracle Model , 2016, ISC.

[8]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[9]  Tatu Ylönen,et al.  The Secure Shell (ssh) Transport Layer Protocol , 2006 .

[10]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[11]  Vadim Lyubashevsky,et al.  Lattice-Based Identification Schemes Secure Under Active Attacks , 2008, Public Key Cryptography.

[12]  Dan Boneh,et al.  Breaking RSA May Not Be Equivalent to Factoring , 1998, EUROCRYPT.

[13]  Yunlei Zhao,et al.  Black-Box Separations of Hash-and-Sign Signatures in the Non-Programmable Random Oracle Model , 2015, ProvSec.

[14]  Marc Fischlin,et al.  Limitations of the Meta-Reduction Technique: The Case of Schnorr Signatures , 2013, IACR Cryptol. ePrint Arch..

[15]  Mehdi Tibouchi,et al.  Tightly Secure Signatures From Lossy Identification Schemes , 2015, Journal of Cryptology.

[16]  Masayuki Fukumitsu,et al.  Black-Box Separations on Fiat-Shamir-Type Signatures in the Non-Programmable Random Oracle Model , 2015, ISC.

[17]  Tanja Lange,et al.  High-speed high-security signatures , 2011, Journal of Cryptographic Engineering.

[18]  Pascal Paillier,et al.  Discrete-Log-Based Signatures May Not Be Equivalent to Discrete Log , 2005, ASIACRYPT.

[19]  Tatsuaki Okamoto,et al.  Provably Secure and Practical Identification Schemes and Corresponding Signature Schemes , 1992, CRYPTO.

[20]  Mihir Bellare,et al.  The Exact Security of Digital Signatures - HOw to Sign with RSA and Rabin , 1996, EUROCRYPT.

[21]  Jonathan Katz,et al.  Efficiency improvements for signature schemes with tight security reductions , 2003, CCS '03.

[22]  Jacques Stern,et al.  Security Arguments for Digital Signatures and Blind Signatures , 2015, Journal of Cryptology.

[23]  Shingo Hasegawa,et al.  Lossy identification schemes from decisional RSA , 2014, 2014 International Symposium on Information Theory and its Applications.

[24]  Christopher Allen,et al.  The TLS Protocol Version 1.0 , 1999, RFC.

[25]  Andrew Morgan,et al.  On the Security Loss of Unique Signatures , 2018, IACR Cryptol. ePrint Arch..

[26]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[27]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[28]  Jean-Jacques Quisquater,et al.  A Practical Zero-Knowledge Protocol Fitted to Security Microprocessor Minimizing Both Transmission and Memory , 1988, EUROCRYPT.

[29]  Florian Hess,et al.  Efficient Identity Based Signature Schemes Based on Pairings , 2002, Selected Areas in Cryptography.

[30]  Chanathip Namprempre,et al.  From Identification to Signatures Via the Fiat–Shamir Transform: Necessary and Sufficient Conditions for Security and Forward-Security , 2008, IEEE Transactions on Information Theory.

[31]  Zhenfeng Zhang,et al.  Black-Box Separations for One-More (Static) CDH and Its Generalization , 2014, ASIACRYPT.

[32]  Masayuki Fukumitsu,et al.  Impossibility of the Provable Security of the Schnorr Signature from the One-More DL Assumption in the Non-programmable Random Oracle Model , 2017, ProvSec.

[33]  Jacques Stern,et al.  Provably Secure Blind Signature Schemes , 1996, ASIACRYPT.

[34]  Saqib A. Kakvi,et al.  Optimal security proofs for full domain hash, revisited , 2012 .

[35]  Shingo Hasegawa,et al.  A Lossy Identification Scheme Using the Subgroup Decision Assumption , 2014, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[36]  Mihir Bellare,et al.  Multi-signatures in the plain public-Key model and a general forking lemma , 2006, CCS '06.

[37]  Claus-Peter Schnorr,et al.  Efficient signature generation by smart cards , 2004, Journal of Cryptology.

[38]  Ronald Cramer,et al.  Signature schemes based on the strong RSA assumption , 2000, TSEC.

[39]  Tibor Jager,et al.  On Tight Security Proofs for Schnorr Signatures , 2014, Journal of Cryptology.

[40]  Mihir Bellare,et al.  GQ and Schnorr Identification Schemes: Proofs of Security against Impersonation under Active and Concurrent Attacks , 2002, CRYPTO.