Skip to main content
SpringerLink
Log in

Extended security arguments for signature schemes

Designs, Codes and Cryptography volume 78pages 441–461 (2016)Cite this article

Abstract

It is known how to transform certain canonical three-pass identification schemes into signature schemes via the Fiat–Shamir transform. Pointcheval and Stern showed that those schemes are existentially unforgeable in the random-oracle model leveraging the, at that time, novel forking lemma. Recently, a number of 5-pass identification protocols have been proposed. Extending the above technique to capture 5-pass identification schemes would allow to obtain novel unforgeable signature schemes. In this paper, we provide an extension of the forking lemma (and the Fiat–Shamir transform) in order to assess the security of what we call \(n\)-generic signature schemes. These include signature schemes that are derived from certain \((2n+1)\)-pass identification schemes. In doing so, we put forward a generic methodology for proving the security of a number of signature schemes derived from \((2n+1)\)-pass identification schemes for \(n\ge 2\). As an application of this methodology, we obtain two new code-based existentially-unforgeable signature schemes, along with a security reduction. In particular, we solve an open problem in multivariate cryptography posed by Sakumoto, Shirai and Hiwatari at CRYPTO 2011.

This is a preview of subscription content, access via your institution.

Access options

Buy single article

Instant access to the full article PDF.

USD 39.95

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Fig. 1
Fig. 2
Fig. 3
Fig. 4

Notes

  1. Alternatively, one could use Fischlin’s transformation [13] in order to derive signature schemes. A comparison between Fiat–Shamir and Fischlin’s transformation can be found in [11].

  2. This requirement is necessary for Lemma 3.

  3. Since \(l\) is the index of \(\mathcal {A}\)’s query and there are only polynomially number of queries made by \(\mathcal {A}\), our success probability remains non-negligible when picking \(l\) randomly.

  4. By \(\mathcal {V}.\mathsf {Vf}(\mathsf {pk},m,\sigma )\) we mean the verification algorithm performed by the verifier from the underlying identification scheme \(\textsc {IS}\).

  5. In the conference version of this work [3] a simpler security argument was given that turned out to be flawed.

References

  1. Abdalla M., An J.H., Bellare M., Namprempre C.: From identification to signatures via the Fiat–Shamir transform: Minimizing assumptions for security and forward-security. In: EUROCRYPT’02, pp. 418–433. Springer, Heidelberg (2002).

  2. Aguilar Melchor C., Gaborit P., Schrek J.: A new zero-knowledge code based identification scheme with reduced communication, CoRR (2011). arXiv:1111.1644.

  3. Alaoui S.M.E.Y., Dagdelen Ö., Véron P., Galindo D., Cayrel P.L.: Extended security arguments for signature schemes. In: Mitrokotsa A., Vaudenay S. (eds.) AFRICACRYPT. Lecture Notes in Computer Science, vol. 7374, pp. 19–34. Springer, Heidelberg (2012).

  4. Bellare M., Neven G.: Multi-signatures in the plain public-key model and a general forking lemma. In: Proceedings of the 13th ACM Conference on Computer and Communications Security (CCS’06), pp. 390–399. ACM, New York (2006).

  5. Bitansky N., Dachman-Soled D., Garg S., Jain A., Kalai Y., Lpez-Alt A., Wichs D.: Why Fiat–Shamir for proofs lacks a proof. In: Sahai A. (ed.) Theory of Cryptography. Lecture Notes in Computer Science, vol. 7785, pp. 182–201. Springer, Berlin (2013).

  6. Boneh D., Dagdelen Ö., Fischlin M., Lehmann A., Schaffner C., Zhandry M.: Random oracles in a quantum world. In: ASIACRYPT, pp. 41–69 (2011).

  7. Cayrel P.L., Lindner R., Rückert M., Silva R.: Improved zero-knowledge identification with lattices. In: ProvSec’10, pp. 1–17. Springer, Berlin (2010).

  8. Cayrel P.L., Véron P., El Yousfi Alaoui S.M.: A zero-knowledge identification scheme based on the \(q\)-ary syndrome decoding problem. In: SAC’2010. LNCS, pp. 170–186. Springer, Berlin (2010).

  9. Cramer R.: Modular design of secure, yet practical cryptographic protocols. Ph.D. thesis, University of Amsterdam (1996).

  10. Dagdelen Ö., Fischlin M., Gagliardoni T.: The Fiat–Shamir transformation in a quantum world. Adv. Cryptol 2, 62–81 (2013).

  11. Dagdelen Ö., Venturi D.: A second look at Fischlin’s transformation. In: AFRICACRYPT, pp. 356–376 (2014).

  12. Fiat A., Shamir F.: How to prove yourself: practical solutions to identification and signature problems. In: CRYPTO’86, pp. 186–194. Springer, Berlin (1987).

  13. Fischlin M.: Communication-efficient non-interactive proofs of knowledge with online extractors. In: CRYPTO, pp. 152–168 (2005).

  14. Gamal T.E.: A public key cryptosystem and a signature scheme based on discrete logarithms. In: CRYPTO’84, pp. 10–18. Springer, Berlin (1985).

  15. Goldwasser S., Kalai Y.: On the (in)security of the Fiat–Shamir paradigm. In: Proceedings on 44th Annual IEEE Symposium on Foundations of Computer Science, pp. 102–113 (2003).

  16. Goldwasser S., Micali S., Rackoff C.: The knowledge complexity of interactive proof-systems. In: STOC’85, pp. 291–304. ACM, New York (1985).

  17. Lampe R., Patarin J.: Analysis of some natural variants of the PKP algorithm. In: Pierangela Samarati Wenjing Lou J.Z.E. (ed.) SECRYPT 2012—Proceedings of the International Conference on Security and Cryptography, pp. 209–2014. SciTePress, Lisbon (2012).

  18. Ohta K., Okamoto T.: On concrete security treatment of signatures derived from identification. In: CRYPTO’98, pp. 354–369 (1998).

  19. Pointcheval D.: A new identification scheme based on the perceptrons problem. In: EUROCRYPT’95, pp. 319–328. Springer, Berlin (1995).

  20. Pointcheval D., Poupard G.: A new NP-complete problem and public-key identification. Des. Codes Cryptogr. 28, 5–31 (2003).

  21. Pointcheval D., Stern J.: Security proofs for signature schemes. In: EUROCRYPT’96, pp. 387–398. Springer, Berlin (1996).

  22. Pointcheval D., Stern J.: Security arguments for digital signatures and blind signatures. J. Cryptol. 13(3), 361–396 (2000).

  23. Sakumoto K., Shirai T., Hiwatari H.: Public-key identification schemes based on multivariate quadratic polynomials. In: CRYPTO’11. LNCS, vol. 6841, pp. 706–723. Springer, Berlin (2011).

  24. Shamir A.: An efficient identification scheme based on permuted kernels (extended abstract). In: CRYPTO’89, pp. 606–609. Springer, Berlin (1990).

  25. Silva R., Cayrel P.L., Lindner R.: Zero-knowledge identification based on lattices with low communication costs. XI Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais 8, 95–107 (2011).

  26. Stern J.: A new identification scheme based on syndrome decoding. In: CRYPTO’93, pp. 13–21. Springer, Berlin (1993).

  27. Stern J.: Designing identification schemes with keys of short size. In: CRYPTO’94, pp. 164–173. Springer, Berlin (1994).

  28. Yao A.C.C., Zhao Y.: Online/offline signatures for low-power devices. IEEE Trans. Inf. Forensics Secur. 8(2), 283–294 (2013).

Download references

Acknowledgments

We are thankful to an anonymous reviewer for pointing out that our security reduction for the MQ signature scheme in the conference version of this manuscript was incomplete. This observation lead us to a new reshaping of our previous work. This work was supported by the German Federal Ministry of Education and Research (BMBF) within EC SPRIDE and by the Hessian LOEWE excellence initiative within CASED.

Author information

Authors and Affiliations

  1. Darmstadt University of Technology, Darmstadt, Germany

    Özgür Dagdelen & Sidi Mohamed El Yousfi Alaoui

  2. LORIA/CNRS, Nancy, France

    David Galindo

  3. IML/IMATH, Université du Sud Toulon-Var, La Garde Cedex, France

    Pascal Véron

  4. Laboratoire Hubert Curien, Université de Saint-Etienne, Saint-Étienne, France

    Pierre-Louis Cayrel

Authors
  1. Özgür Dagdelen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. David Galindo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Pascal Véron
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Sidi Mohamed El Yousfi Alaoui
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Pierre-Louis Cayrel
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Özgür Dagdelen.

Additional information

Communicated by K. Matsuura.

Rights and permissions

Reprints and Permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Dagdelen, Ö., Galindo, D., Véron, P. et al. Extended security arguments for signature schemes. Des. Codes Cryptogr. 78, 441–461 (2016). https://doi.org/10.1007/s10623-014-0009-7

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10623-014-0009-7

Keywords

Mathematics Subject Classification

search

Navigation