A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2018; you can also visit the original URL.
The file type is application/pdf.
Filters
Security of BLS and BGLS signatures in a multi-user setting
2017
Cryptography and Communications
Preserved Fulltext
We obtain a tight reduction from the security of multi-user key-prefixed BGLS to the security of multi-user key-prefixed BLS. ...
We obtain a tight reduction from the security of key-prefixed BLS in the multi-user model to normal BLS in the single-user model. ...
The result is a security reduction for BGLS-KP based on the co-CDH problem that has a tightness gap of about q s . ...
doi:10.1007/s12095-017-0253-6
fatcat:dbrpfrcpevc6pa4ako66ody3hu
On Tight Security Proofs for Schnorr Signatures
[chapter]
2014
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL.
The file type is application/pdf.
The Schnorr signature scheme is the most efficient signature scheme based on the discrete logarithm problem and a long line of research investigates the existence of a tight security reduction for this ...
All previous works in this direction rule out tight reductions from the (one-more) discrete logarithm problem. ...
Nils Fleischhacker and Dominique Schröder were supported by the German Federal Ministry of Education and Research (BMBF) through funding for the Center for IT-Security, Privacy, and Accountability (CISPA ...
doi:10.1007/978-3-662-45611-8_27
fatcat:cquvpg3adrcexc4lspffscwtu4
Optimal Security Proofs for Signatures from Identification Schemes
[chapter]
2016
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2016; you can also visit the original URL.
The file type is application/pdf.
X Z − → Y means that X-security implies Y-security under condition Z. Trivial implications are denoted with green arrows. All implications are tight except the one marked with red. ...
The reduction loses a factor of roughly Q h , the number of hash queries. Previous security reductions incorporated an additional multiplicative loss of N , the number of users in the system. ...
However, the security reduction is not tight: it has a loss of a non-constant factor N . ...
doi:10.1007/978-3-662-53008-5_2
fatcat:gxdadpjgwvbcheiefdlhzrdv5m
The Hierarchy of Key Evolving Signatures and a Characterization of Proxy Signatures
[chapter]
2004
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
On the other hand, various notions of the key-evolving signature paradigms (forward-secure, key-insulated, and intrusion-resilient signatures) have been suggested in the last few years for protecting the ...
In this work we relate the various notions via direct and concrete security reductions that are tight. ...
among them (tight in the sense of no security loss in the reductions). ...
doi:10.1007/978-3-540-24676-3_19
fatcat:ilwknuqlgbfdxaudsanxxq37ym
Memory-Tight Reductions
[chapter]
2017
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL.
The file type is application/pdf.
In this work we initiate the study of memory efficiency in reductions. ...
Cryptographic reductions typically aim to be tight by transforming an adversary A into an algorithm that uses essentially the same resources as A. ...
The motivation of considering memory in the context of security reductions stems from the talk "Practical LPN Cryptanalysis", given by Alexander May at the Dagstuhl Seminar 16371 on Public-Key Cryptography ...
doi:10.1007/978-3-319-63688-7_4
fatcat:mhn6mmbgtbgtvb3xxn223s3iva
Tighter Reductions for Forward-Secure Signature Schemes
[chapter]
2013
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
Next, we show how to extend these results to the forward-security setting based on ideas from the Itkis-Reyzin forwardsecure signature scheme. ...
In this paper, we revisit the security of factoring-based signature schemes built via the Fiat-Shamir transform and show that they can admit tighter reductions to certain decisional complexity assumptions ...
Acknowledgments We would like to thank Mihir Bellare and Eike Kiltz for their helpful comments on a preliminary version of this paper and the anonymous referees of PKC 2013 for their valuable input. ...
doi:10.1007/978-3-642-36362-7_19
fatcat:maay2um3unch3htxbrwtqqz3uy
Optimal Security Reductions for Unique Signatures: Bypassing Impossibilities with a Counterexample
[chapter]
2017
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
The given counterexample in this work is of an independent interest as it implies a generic way of constructing a digital signature scheme (including unique signatures) with a tight reduction in the random ...
scheme must loose a factor of at least qs in the security model of existential unforgeability against chosen-message attacks (EU-CMA), where qs denotes the number of signature queries. ...
Finally, we would like to thank anonymous reviewers of CRYPTO 2017 for their insightful comments which help us improve the quality of this work. ...
doi:10.1007/978-3-319-63715-0_18
fatcat:rlorpkrtabhidprmzu337mewva
Practical and Tightly-Secure Digital Signatures and Authenticated Key Exchange
[chapter]
2018
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL.
The file type is application/pdf.
The scheme is based on a new way of applying the Fiat-Shamir approach to construct tightly-secure signatures from certain identification schemes. ...
efficiency by compensating the security loss of a reduction with larger parameters. ...
The proof is a straightforward reduction to the MU-EUF-CMA corr -security of the signature scheme. ...
doi:10.1007/978-3-319-96881-0_4
fatcat:vly43n24jvehhfyc3ihpswstta
On the Impossibility of Tight Cryptographic Reductions
[chapter]
2016
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2015; you can also visit the original URL.
The file type is application/pdf.
At Eurocrypt 2002, Coron described a meta-reduction technique that allows to prove the impossibility of tight reductions for certain digital signature schemes. ...
The existence of tight reductions in cryptographic security proofs is an important question, motivated by the theoretical search for cryptosystems whose security guarantees are truly independent of adversarial ...
There exists several different, but polynomial-time equivalent [11] security models for NIKE. Of course the tightness of a reduction depends on the choice of the security model. ...
doi:10.1007/978-3-662-49896-5_10
fatcat:hqtk4koaz5gthonpcna2upgf5e
Tight Proofs for Signature Schemes without Random Oracles
[chapter]
2011
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL.
The file type is application/pdf.
We present the first tight security proofs for two general classes of Strong RSA based signature schemes. ...
In contrast to previous proofs, our security reduction does not lose a factor of q here. ...
I would like to thank Mathias Herrmann, Tibor Jager, Eike Kiltz, and Maike Ritzenhofen for useful comments on earlier drafts of this paper and the anonymous referees of EUROCRYPT'11 for helpful comments ...
doi:10.1007/978-3-642-20465-4_12
fatcat:myl6mi6s7jeuzdvik7j2bzql5e
Versatile padding schemes for joint signature and encryption
2004
Proceedings of the 11th ACM conference on Computer and communications security - CCS '04
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2016; you can also visit the original URL.
The file type is application/pdf.
of the three composition paradigms for either signature, encryption, or signcryption. ...
, key reuse for sending/receiving data, optimally-low message expansion, "backward" use for plain signature/encryption, long message and associated data support, the strongest-known qualitative security ...
Thus, a tight reduction to "claw-freeness" of such families implies a tight reduction to inverting them. ...
doi:10.1145/1030083.1030129
dblp:conf/ccs/DodisFJW04
fatcat:zkv427awmjc2vk63gd6mvmw37y
An Efficient MQ-based Signature with Tight Security Proof
2020
International Journal of Networking and Computing
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
At PKC 2018, Chen et al. proposed SOFIA, the first MQ-based digital signature scheme having tight security in the quantum random oracle model (QROM). ...
The signature size of our digital signature scheme decreases by about 35% compared with SOFIA in the level I of NIST PQC security category, and is supposed to be the shortest among that of MQ-based signatures ...
However, the tightness of the security reduction in [8, 14] depends on the construction of IDS, and the proof of MUDFISH in the QROM is not tight. ...
doi:10.15803/ijnc.10.2_308
fatcat:tm44tidasvgpfmbz7kspdqj5ki
Improving security of q-SDH based digital signatures
2011
Journal of Systems and Software
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
On the other hand, the q-SDH assumption exhibits the nice feature of tight reduction in security proof. ...
We propose a new digital signature scheme that can tightly reduce the security to the proposed assumption in the standard model. ...
Compared to digital signatures based on the CDH assumption [20, 16] , these q-SDH based signatures give the nice feature of tight notion in security proof. ...
doi:10.1016/j.jss.2011.05.023
fatcat:2gmjgzkhqvasvenrmf6xizjn5m
An Identity Based-Identification Scheme with Tight Security against Active and Concurrent Adversaries
2020
IEEE Access
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
We show tight security reduction against active and concurrent attackers (imp-aa/ca) on our scheme that is obtained from the same transform. ...
We demonstrate the tight security of our scheme which allows usage of even shorter key sizes. ...
ACKNOWLEDGMENT The authors would like to first thank the anonymous reviewers for their helpful suggestions to improve the quality of this article. They would also like to thank Dr. ...
doi:10.1109/access.2020.2983750
fatcat:gxsznxewr5fkvasru4sx5gjari
Impossibility on the Schnorr Signature from the One-more DL Assumption in the Non-programmable Random Oracle Model
2021
IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
However, it remains open whether or not the impossibility of the provable security of the Schnorr signature from a strong assumption via a non-tight and reasonable reduction. ...
Fleischhacker, Jager, and Schröder showed that the tight security of the Schnorr signature is unprovable from a strong cryptographic assumption, such as the One-More DL (OM-DL) assumption and the computational ...
Table 2 2 The impossibility results on proving the security of the Schnorr signature Assumed reduction R
Resulting meta-reduction M
Model
Security
Tight Assumption
Type
Assumption
[5], [21], [22 ...
doi:10.1587/transfun.2020dmp0008
fatcat:mtv4e7ilfnfyzpmx4dlvzjwyqu
« Previous
Showing results 1 — 15 out of 10,337 results