Tightly-Secure Signatures from Five-Move Identification Protocols

A Fiat; A Shamir; A Shamir; B Chevallier-Mames; B Poettering; C-P Schnorr; D Boneh; D Hofheinz; D Hofheinz; D Hofheinz; D Hofheinz; D Pointcheval; D Pointcheval; D Pointcheval; DJ Bernstein; E Kiltz; E-J Goh; E-J Goh; EF Brickell; H Ong; J Chen; J Stern; J Stern; JM Pollard; K Sakumoto; LC Guillou; M Abdalla; M Abdalla; M Abdalla; M Abe; M Bellare; M Bellare; M Bellare; M Girault; M Girault; M-S Chen; N Fleischhacker; O Blazy; O Blazy; P-L Cayrel; P-L Cayrel; S Goldwasser; S Micali; S Micali; SA Kakvi; SM Yousfi Alaoui; T Beth; T Koshiba; T Okamoto; V Lyubashevsky; Y Seurin

Tightly-Secure Signatures from Five-Move Identification Protocols

Authors: A Fiat
A Shamir
A Shamir
B Chevallier-Mames
B Poettering
C-P Schnorr
D Boneh
D Hofheinz
D Hofheinz
D Hofheinz
D Hofheinz
D Pointcheval
D Pointcheval
D Pointcheval
DJ Bernstein
E Kiltz
E-J Goh
E-J Goh
EF Brickell
H Ong
J Chen
J Stern
J Stern
JM Pollard
K Sakumoto
LC Guillou
M Abdalla
M Abdalla
M Abdalla
M Abe
M Bellare
M Bellare
M Bellare
M Girault
M Girault
M-S Chen
N Fleischhacker
O Blazy
O Blazy
P-L Cayrel
P-L Cayrel
S Goldwasser
S Micali
S Micali
SA Kakvi
SM Yousfi Alaoui
T Beth
T Koshiba
T Okamoto
V Lyubashevsky
Y Seurin
Publication date: 13 September 2017
Publisher: International Association for Cryptologic Research (IACR)
Doi

Abstract

We carry out a concrete security analysis of signature schemes obtained from five-move identification protocols via the Fiat-Shamir transform. Concretely, we obtain tightly-secure signatures based on the computational Diffie-Hellman (CDH), the short-exponent CDH, and the Factoring (FAC) assumptions. All our signature schemes have tight reductions to search problems, which is in stark contrast to all known signature schemes obtained from the classical Fiat-Shamir transform (based on three-move identification protocols), which either have a non-tight reduction to a search problem, or a tight reduction to a (potentially) stronger decisional problem. Surprisingly, our CDH-based scheme turns out to be (a slight simplification of) the Chevallier-Mames signature scheme (CRYPTO 05), thereby providing a theoretical explanation of its tight security proof via five-move identification protocols

Similar works

Full text

Open in the Core reader

Download PDF

Available Versions

Cryptology ePrint Archive

oai:eprint.iacr.org:2017/870

Last time updated on 25/08/2023

Crossref

info:doi/10.1007%2F978-3-319-7...

Last time updated on 06/08/2021