10,337 Hits in 4.9 sec

Security of BLS and BGLS signatures in a multi-user setting

Marie-Sarah Lacharité
2017 Cryptography and Communications  
We obtain a tight reduction from the security of multi-user key-prefixed BGLS to the security of multi-user key-prefixed BLS.  ...  We obtain a tight reduction from the security of key-prefixed BLS in the multi-user model to normal BLS in the single-user model.  ...  The result is a security reduction for BGLS-KP based on the co-CDH problem that has a tightness gap of about q s .  ... 
doi:10.1007/s12095-017-0253-6 fatcat:dbrpfrcpevc6pa4ako66ody3hu

On Tight Security Proofs for Schnorr Signatures [chapter]

Nils Fleischhacker, Tibor Jager, Dominique Schröder
2014 Lecture Notes in Computer Science  
The Schnorr signature scheme is the most efficient signature scheme based on the discrete logarithm problem and a long line of research investigates the existence of a tight security reduction for this  ...  All previous works in this direction rule out tight reductions from the (one-more) discrete logarithm problem.  ...  Nils Fleischhacker and Dominique Schröder were supported by the German Federal Ministry of Education and Research (BMBF) through funding for the Center for IT-Security, Privacy, and Accountability (CISPA  ... 
doi:10.1007/978-3-662-45611-8_27 fatcat:cquvpg3adrcexc4lspffscwtu4

Optimal Security Proofs for Signatures from Identification Schemes [chapter]

Eike Kiltz, Daniel Masny, Jiaxin Pan
2016 Lecture Notes in Computer Science  
X Z − → Y means that X-security implies Y-security under condition Z. Trivial implications are denoted with green arrows. All implications are tight except the one marked with red.  ...  The reduction loses a factor of roughly Q h , the number of hash queries. Previous security reductions incorporated an additional multiplicative loss of N , the number of users in the system.  ...  However, the security reduction is not tight: it has a loss of a non-constant factor N .  ... 
doi:10.1007/978-3-662-53008-5_2 fatcat:gxdadpjgwvbcheiefdlhzrdv5m

The Hierarchy of Key Evolving Signatures and a Characterization of Proxy Signatures [chapter]

Tal Malkin, Satoshi Obana, Moti Yung
2004 Lecture Notes in Computer Science  
On the other hand, various notions of the key-evolving signature paradigms (forward-secure, key-insulated, and intrusion-resilient signatures) have been suggested in the last few years for protecting the  ...  In this work we relate the various notions via direct and concrete security reductions that are tight.  ...  among them (tight in the sense of no security loss in the reductions).  ... 
doi:10.1007/978-3-540-24676-3_19 fatcat:ilwknuqlgbfdxaudsanxxq37ym

Memory-Tight Reductions [chapter]

Benedikt Auerbach, David Cash, Manuel Fersch, Eike Kiltz
2017 Lecture Notes in Computer Science  
In this work we initiate the study of memory efficiency in reductions.  ...  Cryptographic reductions typically aim to be tight by transforming an adversary A into an algorithm that uses essentially the same resources as A.  ...  The motivation of considering memory in the context of security reductions stems from the talk "Practical LPN Cryptanalysis", given by Alexander May at the Dagstuhl Seminar 16371 on Public-Key Cryptography  ... 
doi:10.1007/978-3-319-63688-7_4 fatcat:mhn6mmbgtbgtvb3xxn223s3iva

Tighter Reductions for Forward-Secure Signature Schemes [chapter]

Michel Abdalla, Fabrice Ben Hamouda, David Pointcheval
2013 Lecture Notes in Computer Science  
Next, we show how to extend these results to the forward-security setting based on ideas from the Itkis-Reyzin forwardsecure signature scheme.  ...  In this paper, we revisit the security of factoring-based signature schemes built via the Fiat-Shamir transform and show that they can admit tighter reductions to certain decisional complexity assumptions  ...  Acknowledgments We would like to thank Mihir Bellare and Eike Kiltz for their helpful comments on a preliminary version of this paper and the anonymous referees of PKC 2013 for their valuable input.  ... 
doi:10.1007/978-3-642-36362-7_19 fatcat:maay2um3unch3htxbrwtqqz3uy

Optimal Security Reductions for Unique Signatures: Bypassing Impossibilities with a Counterexample [chapter]

Fuchun Guo, Rongmao Chen, Willy Susilo, Jianchang Lai, Guomin Yang, Yi Mu
2017 Lecture Notes in Computer Science  
The given counterexample in this work is of an independent interest as it implies a generic way of constructing a digital signature scheme (including unique signatures) with a tight reduction in the random  ...  scheme must loose a factor of at least qs in the security model of existential unforgeability against chosen-message attacks (EU-CMA), where qs denotes the number of signature queries.  ...  Finally, we would like to thank anonymous reviewers of CRYPTO 2017 for their insightful comments which help us improve the quality of this work.  ... 
doi:10.1007/978-3-319-63715-0_18 fatcat:rlorpkrtabhidprmzu337mewva

Practical and Tightly-Secure Digital Signatures and Authenticated Key Exchange [chapter]

Kristian Gjøsteen, Tibor Jager
2018 Lecture Notes in Computer Science  
The scheme is based on a new way of applying the Fiat-Shamir approach to construct tightly-secure signatures from certain identification schemes.  ...  efficiency by compensating the security loss of a reduction with larger parameters.  ...  The proof is a straightforward reduction to the MU-EUF-CMA corr -security of the signature scheme.  ... 
doi:10.1007/978-3-319-96881-0_4 fatcat:vly43n24jvehhfyc3ihpswstta

On the Impossibility of Tight Cryptographic Reductions [chapter]

Christoph Bader, Tibor Jager, Yong Li, Sven Schäge
2016 Lecture Notes in Computer Science  
At Eurocrypt 2002, Coron described a meta-reduction technique that allows to prove the impossibility of tight reductions for certain digital signature schemes.  ...  The existence of tight reductions in cryptographic security proofs is an important question, motivated by the theoretical search for cryptosystems whose security guarantees are truly independent of adversarial  ...  There exists several different, but polynomial-time equivalent [11] security models for NIKE. Of course the tightness of a reduction depends on the choice of the security model.  ... 
doi:10.1007/978-3-662-49896-5_10 fatcat:hqtk4koaz5gthonpcna2upgf5e

Tight Proofs for Signature Schemes without Random Oracles [chapter]

Sven Schäge
2011 Lecture Notes in Computer Science  
We present the first tight security proofs for two general classes of Strong RSA based signature schemes.  ...  In contrast to previous proofs, our security reduction does not lose a factor of q here.  ...  I would like to thank Mathias Herrmann, Tibor Jager, Eike Kiltz, and Maike Ritzenhofen for useful comments on earlier drafts of this paper and the anonymous referees of EUROCRYPT'11 for helpful comments  ... 
doi:10.1007/978-3-642-20465-4_12 fatcat:myl6mi6s7jeuzdvik7j2bzql5e

Versatile padding schemes for joint signature and encryption

Yevgeniy Dodis, Michael J. Freedman, Stanislaw Jarecki, Shabsi Walfish
2004 Proceedings of the 11th ACM conference on Computer and communications security - CCS '04  
of the three composition paradigms for either signature, encryption, or signcryption.  ...  , key reuse for sending/receiving data, optimally-low message expansion, "backward" use for plain signature/encryption, long message and associated data support, the strongest-known qualitative security  ...  Thus, a tight reduction to "claw-freeness" of such families implies a tight reduction to inverting them.  ... 
doi:10.1145/1030083.1030129 dblp:conf/ccs/DodisFJW04 fatcat:zkv427awmjc2vk63gd6mvmw37y

An Efficient MQ-based Signature with Tight Security Proof

Hiroki Furue, Dung Hoang Duong, Tsuyoshi Takagi
2020 International Journal of Networking and Computing  
At PKC 2018, Chen et al. proposed SOFIA, the first MQ-based digital signature scheme having tight security in the quantum random oracle model (QROM).  ...  The signature size of our digital signature scheme decreases by about 35% compared with SOFIA in the level I of NIST PQC security category, and is supposed to be the shortest among that of MQ-based signatures  ...  However, the tightness of the security reduction in [8, 14] depends on the construction of IDS, and the proof of MUDFISH in the QROM is not tight.  ... 
doi:10.15803/ijnc.10.2_308 fatcat:tm44tidasvgpfmbz7kspdqj5ki

Improving security of q-SDH based digital signatures

Fuchun Guo, Yi Mu, Willy Susilo
2011 Journal of Systems and Software  
On the other hand, the q-SDH assumption exhibits the nice feature of tight reduction in security proof.  ...  We propose a new digital signature scheme that can tightly reduce the security to the proposed assumption in the standard model.  ...  Compared to digital signatures based on the CDH assumption [20, 16] , these q-SDH based signatures give the nice feature of tight notion in security proof.  ... 
doi:10.1016/j.jss.2011.05.023 fatcat:2gmjgzkhqvasvenrmf6xizjn5m

An Identity Based-Identification Scheme with Tight Security against Active and Concurrent Adversaries

Jason Chia, Ji-Jian Chin
2020 IEEE Access  
We show tight security reduction against active and concurrent attackers (imp-aa/ca) on our scheme that is obtained from the same transform.  ...  We demonstrate the tight security of our scheme which allows usage of even shorter key sizes.  ...  ACKNOWLEDGMENT The authors would like to first thank the anonymous reviewers for their helpful suggestions to improve the quality of this article. They would also like to thank Dr.  ... 
doi:10.1109/access.2020.2983750 fatcat:gxsznxewr5fkvasru4sx5gjari

Impossibility on the Schnorr Signature from the One-more DL Assumption in the Non-programmable Random Oracle Model

2021 IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences  
However, it remains open whether or not the impossibility of the provable security of the Schnorr signature from a strong assumption via a non-tight and reasonable reduction.  ...  Fleischhacker, Jager, and Schröder showed that the tight security of the Schnorr signature is unprovable from a strong cryptographic assumption, such as the One-More DL (OM-DL) assumption and the computational  ...  Table 2 2 The impossibility results on proving the security of the Schnorr signature Assumed reduction R Resulting meta-reduction M Model Security Tight Assumption Type Assumption [5], [21], [22  ... 
doi:10.1587/transfun.2020dmp0008 fatcat:mtv4e7ilfnfyzpmx4dlvzjwyqu
« Previous Showing results 1 — 15 out of 10,337 results