Tightly-Secure Signatures from Five-Move Identification Protocols

@article{Kiltz2017TightlySecureSF,
  title={Tightly-Secure Signatures from Five-Move Identification Protocols},
  author={Eike Kiltz and Julian Loss and Jiaxin Pan},
  journal={IACR Cryptol. ePrint Arch.},
  year={2017},
  volume={2017},
  pages={870}
}
We carry out a concrete security analysis of signature schemes obtained from five-move identification protocols via the Fiat-Shamir transform. Concretely, we obtain tightly-secure signatures based on the computational Diffie-Hellman (CDH), the short-exponent CDH, and the Factoring (FAC) assumptions. All our signature schemes have tight reductions to search problems, which is in stark contrast to all known signature schemes obtained from the classical Fiat-Shamir transform (based on three-move… 
Signatures with Tight Multi-user Security from Search Assumptions
TLDR
Two tightly secure signature schemes are constructed based on the computational Diffie-Hellman (CDH) and factoring assumptions in the random oracle model that are proven secure in the multi-user setting and are the first schemes that achieve this based on standard search assumptions.
An Attack on Some Signature Schemes Constructed From Five-Pass Identification Schemes
TLDR
A generic forgery attack on signature schemes constructed from 5round identification schemes made non-interactive with the Fiat-Shamir transform is presented, finding the attack succeeds against PKP-DSS and other schemes that may be affected.
Optimal Tightness for Chain-Based Unique Signatures
TLDR
A meta reduction is used to prove that the proposed chain-based unique signature scheme by Guo et al. must have the reduction loss q 1 /n for q signature queries when each unique signature consists of n BLS signatures, and the meta-reduction is also applicable in the random oracle model.
Hierarchical Identity-Based Encryption with Tight Multi-Challenge Security
We construct the first hierarchical identity-based encryption (HIBE) scheme with tight adaptive security in the multi-challenge setting, where adversaries are allowed to ask for ciphertexts for
SOFIA: MQ MQ -Based Signatures in the QROM
TLDR
SOFIA is proposed, the first \(\mathcal {MQ}\)-based signature scheme provably secure in the quantum-accessible random oracle model (QROM) and it is proved secure both in the ROM and QROM.

References

SHOWING 1-10 OF 55 REFERENCES
Optimal Security Proofs for Signatures from Identification Schemes
TLDR
If the identification scheme is random self-reducible and satisfies the weakest possible security notion hardness of key-recoverability, then the signature scheme obtained via Fiat-Shamir is unforgeable against chosen-message attacks in the multi-user setting.
Extended security arguments for signature schemes
TLDR
This paper provides an extension of the forking lemma (and the Fiat–Shamir transform) in order to assess the security of what they call n-generic signature schemes, which include signature schemes that are derived from certain $$(2n+1)$$(2 n+1)-pass identification schemes.
From Identification to Signatures via the Fiat-Shamir Transform: Minimizing Assumptions for Security and Forward-Security
TLDR
It is shown that the signature scheme is secure against chosen-message attacks in the random oracle model if and only if the underlying identification scheme isSecure, and has its commitments drawn at random from a large space.
Tightly-Secure Signatures from Chameleon Hash Functions
TLDR
This work shows that any Chameleon Hash function can be transformed into a (binary) tree-based signature scheme with tight security and obtains the first tightly secure signature scheme from the SIS assumption and several schemes based on Diffie-Hellman in the standard model.
Tighter Reductions for Forward-Secure Signature Schemes
In this paper, we revisit the security of factoring-based signature schemes built via the Fiat-Shamir transform and show that they can admit tighter reductions to certain decisional complexity
A Signature Scheme as Secure as the Diffie-Hellman Problem
TLDR
A signature scheme whose security is tightly related to the Computational Diffie-Hellman (CDH) assumption in the Random Oracle Model is shown, which offers better security guarantees than existing discrete-log based signature schemes.
An Efficient CDH-Based Signature Scheme with a Tight Security Reduction
TLDR
This paper proposes a new signature scheme that also has a tight security reduction to CDH but whose resulting signatures are smaller than EDL signatures, and which represents to date the most efficient scheme of any signature scheme with a tightSecurity reduction in the discrete-log setting.
From Identification to Signatures, Tightly: A Framework and Generic Transforms
This paper provides a framework to treat the problem of building signature schemes from identification schemes in a unified and systematic way. The outcomes are 1 Alternatives to the Fiat-Shamir
Tightly secure signatures and public-key encryption
We construct the first public-key encryption (PKE) scheme whose chosen-ciphertext (i.e., IND-CCA) security can be proved under a standard assumption and does not degrade in either the number of users
Efficiency improvements for signature schemes with tight security reductions
TLDR
Two approaches are shown which improve both the computational efficiency and signature length of some recently-proposed schemes: Diffie-Hellman signatures and PSS-R, a version of PSS with message recovery with optimal message length.
...
...