A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2018; you can also visit the original URL.
The file type is application/pdf
.
Why "Fiat-Shamir for Proofs" Lacks a Proof
[chapter]
2013
Lecture Notes in Computer Science
The Fiat-Shamir heuristic [CRYPTO '86] is used to convert any 3-message public-coin proof or argument system into a noninteractive argument, by hashing the prover's first message to select the verifier's challenge. It is known that this heuristic is sound when the hash function is modeled as a random oracle. On the other hand, the surprising result of Goldwasser and Kalai [FOCS '03] shows that there exists a computationally sound argument on which the Fiat-Shamir heuristic is never sound, when
doi:10.1007/978-3-642-36594-2_11
fatcat:wa6argayqramfnwwbo2zutmcqu