Filters








190 Hits in 4.1 sec

A tight security reduction in the quantum random oracle model for code-based signature schemes [article]

André Chailloux, Thomas Debris-Alazard
2017 arXiv   pre-print
In this paper, we show that code-based signature schemes based on the full domain hash paradigm can behave very well in the QROM i.e. that we can have tight security reductions.  ...  However, only few signature schemes can have concrete quantum security because of technical difficulties associated with the Quantum Random Oracle Model (QROM).  ...  our trust in quantum secure schemes. random oracle model -ROM.  ... 
arXiv:1709.06870v1 fatcat:xeefupp6pra2xhmtz2ccvyt5ny

Revisiting TESLA in the Quantum Random Oracle Model [chapter]

Erdem Alkim, Nina Bindel, Johannes Buchmann, Özgür Dagdelen, Edward Eaton, Gus Gutoski, Juliane Krämer, Filip Pawlega
2017 Lecture Notes in Computer Science  
TESLA was thought to have a tight security reduction from the learning with errors problem (LWE) in the random oracle model (ROM).  ...  In the present paper we provide an entirely new, tight security reduction for TESLA from LWE in the QROM (and thus in the ROM).  ...  We thank Chris Peikert for pointing out a flaw in previous security reductions for TESLA in the random oracle model.  ... 
doi:10.1007/978-3-319-59879-6_9 fatcat:qd3gs6qknban5jbkq2fq45fz6i

A Note on Quantum Security for Post-Quantum Cryptography [chapter]

Fang Song
2014 Lecture Notes in Computer Science  
For example, many signature schemes are designed in the random-oracle (RO) model, where all users, including the attacker, can query a truly random function.  ...  As a result, when we consider quantum attacks on these schemes, there seems no reason not to allow a quantum adversary to query the random-oracle in quantum superposition.  ...  F.S. would like to thank the anonymous reviewers for valuable comments and John Schank for joyful discussions on latticebased signature schemes.  ... 
doi:10.1007/978-3-319-11659-4_15 fatcat:ychqxck2bvhr5p3pl6kpuyyogm

Tight quantum security of the Fiat-Shamir transform for commit-and-open identification schemes with applications to post-quantum signature schemes [article]

André Chailloux
2021 arXiv   pre-print
the verifier's message, then there is a tight quantum reduction for the the Fiat-Shamir transform to special soundness notions.  ...  These results are asymptotic and therefore can't be used to derive the concrete security of these signature schemes without a significant loss in parameters.  ...  Quantum security reductions for signature schemes In this paper, we focus on quantum security reductions for signature schemes.  ... 
arXiv:1906.05415v6 fatcat:xe5jsgez7rfyve5zckh3nzkake

A Note on Quantum Security for Post-Quantum Cryptography [article]

Fang Song
2014 arXiv   pre-print
Finally we demonstrate the generality of our framework by showing that several existing works (Full-Domain hash in the quantum random-oracle model Zha12ibe and the simple hybrid arguments framework in  ...  We characterize sufficient conditions such that a classical reduction can be "lifted" to the quantum setting. We then apply our lifting theorems to post-quantum signature schemes.  ...  F.S. would like to thank the anonymous reviewers for valuable comments and John Schank for joyful discussions on latticebased signature schemes.  ... 
arXiv:1409.2187v1 fatcat:rfkx2unyijew7pf7vd7uqrds5y

Tightly Secure Ring-LWE Based Key Encapsulation with Short Ciphertexts [chapter]

Martin R. Albrecht, Emmanuela Orsini, Kenneth G. Paterson, Guy Peer, Nigel P. Smart
2017 Lecture Notes in Computer Science  
Such a tight reduction is not known for the generic construction.  ...  We provide a tight security proof for an IND-CCA Ring-LWE based Key Encapsulation Mechanism that is derived from a generic construction of Dent (IMA Cryptography and Coding, 2003).  ...  Acknowledgements This work has been supported in part by ERC Advanced Grant ERC-2015-AdG-IMPaCT, and by EPSRC via grants EP/N021940/1, EP/M012824, EP/M013472/1, EP/L018543/1 and EP/P009417/1.  ... 
doi:10.1007/978-3-319-66402-6_4 fatcat:aod4umhsy5clbft74jyjrub6ei

The SPHINCS+ Signature Framework

Daniel J. Bernstein, Andreas Hülsing, Stefan Kölbl, Ruben Niederhagen, Joost Rijneveld, Peter Schwabe
2019 Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security - CCS '19  
We give a security reduction for SPHINCS + using this abstraction and derive secure parameters in accordance with the resulting bound.  ...  Our second main contribution is the introduction of tweakable hash functions and a demonstration how they allow for a unified security analysis of hash-based signature schemes.  ...  A SECURITY MODELS AND DEFINITIONS In the following we discuss post-quantum security and the quantumaccessible random oracle model (QROM).  ... 
doi:10.1145/3319535.3363229 dblp:conf/ccs/BernsteinHKNRS19 fatcat:izvoarblrjgndd7fzildws7gny

Another Look at Tightness II: Practical Issues in Cryptography [chapter]

Sanjit Chatterjee, Neal Koblitz, Alfred Menezes, Palash Sarkar
2017 Lecture Notes in Computer Science  
How to deal with large tightness gaps in security proofs is a vexing issue in cryptography.  ...  We discuss nontightness in connection with complexity leveraging, HMAC, lattice-based cryptography, identity-based encryption, and hybrid encryption.  ...  Of course, none of them is responsible for any of the opinions expressed in this article.  ... 
doi:10.1007/978-3-319-61273-7_3 fatcat:auyw65hh2rfh3k3hphhrf6mcra

An Efficient Lattice-Based Signature Scheme with Provably Secure Instantiation [chapter]

Sedat Akleylek, Nina Bindel, Johannes Buchmann, Juliane Krämer, Giorgia Azzurra Marson
2016 Lecture Notes in Computer Science  
To this end, we provide a tight security reduction for the new scheme from the ring learning with errors problem which allows for provably secure and efficient instantiations.  ...  In this paper, we present the first lattice-based signature scheme with good performance when provably secure instantiated.  ...  We summarize benchmarks for our proposed parameter sets and state-of-the-art ideal-lattice-based signature schemes in Table ? ?.  ... 
doi:10.1007/978-3-319-31517-1_3 fatcat:olcpz626wbglvhqaamk2ix7ngu

Critical perspectives on provable security: Fifteen years of "another look" papers

Neal Koblitz, Alfred Menezes
2019 Advances in Mathematics of Communications  
We give an overview of our critiques of "proofs" of security and a guide to our papers on the subject that have appeared over the past decade and a half.  ...  We also provide numerous additional examples and a few updates and errata. 2010 Mathematics Subject Classification: Primary: 94A60.  ...  for editorial corrections and comments.  ... 
doi:10.3934/amc.2019034 fatcat:gpftyd4hxjebfpzdqwdes345na

Practical Lattice-Based Digital Signature Schemes

James Howe, Thomas Pöppelmann, Máire O'neill, Elizabeth O'sullivan, Tim Güneysu
2015 ACM Transactions on Embedded Computing Systems  
Among the various post-quantum techniques that exist (such as multivariate, code or hash-based), the most promising is lattice-based cryptography, which has become a very viable alternative to number-theoretic  ...  The focus of this presentation will be to survey recent developments in lattice-based digital signature schemes and in particular practical schemes that have been shown to improve upon the performance  ...  the random oracle model to that in the quantum random oracle model.  ... 
doi:10.1145/2724713 fatcat:2cck3r7y3rb7jghfuinosibixu

On the security of the Courtois-Finiasz-Sendrier signature

Kirill Morozov, Partha Sarathi Roy, Rainer Steinwandt, Rui Xu
2018 Open Mathematics  
We prove that a variant of the Courtois-Finiasz-Sendrier signature is strongly existentially unforgeable under chosen message attack in the random oracle model, assuming hardness of the Permuted Goppa  ...  In addition, we explicitly show that security against key substitution attacks can be arranged by a standard technique of Menezes and Smart, hashing the public key.  ...  Kirill Morozov was supported in part by a Kakenhi Grant-in-Aid for Scienti c Research (C) 15K00186 from Japan Society for the Promotion of Science.  ... 
doi:10.1515/math-2018-0011 fatcat:k5vurmgpwnc7zn72fpcg522tna

CRYSTALS-Dilithium: A Lattice-Based Digital Signature Scheme

Léo Ducas, Eike Kiltz, Tancrède Lepoint, Vadim Lyubashevsky, Peter Schwabe, Gregor Seiler, Damien Stehlé
2018 Transactions on Cryptographic Hardware and Embedded Systems  
In this paper, we present the lattice-based signature scheme Dilithium, which is a component of the CRYSTALS (Cryptographic Suite for Algebraic Lattices) suite that was submitted to NIST's call for post-quantum  ...  For the same security levels, our scheme has a public key that is 2.5X smaller than the previously most efficient lattice-based schemes that did not use Gaussians, while having essentially the same signature  ...  quantum random oracle model -QROM).  ... 
doi:10.13154/tches.v2018.i1.238-268 dblp:journals/tches/DucasKLLSSS18 fatcat:skxxtodhvfcwrfb3vq7sqwrjue

MQ Signatures for PKI [chapter]

Alan Szepieniec, Ward Beullens, Bart Preneel
2017 Lecture Notes in Computer Science  
The security of our transformation reduces to that of the underlying MQ signature scheme in the random oracle model.  ...  This paper explains how to transform any MQ signature scheme into one with a much smaller public key at the cost of a larger signature.  ...  The authors would like to thank the reviewers for their helpful feedback. This work was supported in part by the Research Council  ... 
doi:10.1007/978-3-319-59879-6_13 fatcat:maoyshufvjaprknjscuiic3zvi

Post-Quantum Zero-Knowledge and Signatures from Symmetric-Key Primitives

Melissa Chase, David Derler, Steven Goldfeder, Claudio Orlandi, Sebastian Ramacher, Christian Rechberger, Daniel Slamanig, Greg Zaverucha
2017 Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security - CCS '17  
The former has smaller signatures, while the latter has a security analysis in the quantum-accessible random oracle model.  ...  We propose a new class of post-quantum digital signature schemes that: (a) derive their security entirely from the security of symmetric-key primitives, believed to be quantum-secure, and (b) have extremely  ...  On a 128 bit post-quantum security level, signatures are about 41 kB in size, and keys are of size about 1 kB each. Code-Based Signatures (ROM).  ... 
doi:10.1145/3133956.3133997 dblp:conf/ccs/ChaseDGORRSZ17 fatcat:zz67tvgotzfs7kjhwtj7kmi7ry
« Previous Showing results 1 — 15 out of 190 results