Optimal Security Proofs for Signatures from Identification Schemes.
IACR Cryptology ePrint Archive(2016)
摘要
We perform a concrete security treatment of digital signature schemes obtained from canonical identification schemes via the Fiat-Shamir transform. If the identification scheme is random self-reducible and satisfies the weakest possible security notion hardness of key-recoverability, then the signature scheme obtained via Fiat-Shamir is unforgeable against chosen-message attacks in the multi-user setting. Our security reduction is in the random oracle model and loses a factor of roughly $Q_h$, the number of hash queries. Previous reductions incorporated an additional multiplicative loss of N, the number of users in the system. Our analysis is done in small steps via intermediate security notions, and all our implications have relatively simple proofs. Furthermore, for each step, we show the optimality of the given reduction in terms of model assumptions and tightness. As an important application of our framework, we obtain a concrete security treatment for Schnorr signatures in the multi-user setting.
更多查看译文
关键词
Signatures,Identification,Schnorr,Tightness
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络