On the Impossibility of Instantiating PSS in the Standard Model

  • Rishiraj Bhattacharyya
  • Avradip Mandal
Conference paper

DOI: 10.1007/978-3-642-19379-8_22

Part of the Lecture Notes in Computer Science book series (LNCS, volume 6571)
Cite this paper as:
Bhattacharyya R., Mandal A. (2011) On the Impossibility of Instantiating PSS in the Standard Model. In: Catalano D., Fazio N., Gennaro R., Nicolosi A. (eds) Public Key Cryptography – PKC 2011. PKC 2011. Lecture Notes in Computer Science, vol 6571. Springer, Berlin, Heidelberg


In this paper we consider the problem of securely instantiating Probabilistic Signature Scheme (PSS) in the standard model. PSS, proposed by Bellare and Rogaway [3] is a widely deployed randomized signature scheme, provably secure (unforgeable under adaptively chosen message attacks) in Random Oracle Model.

Our main result is a black-box impossibility result showing that one can not prove unforgeability of PSS against chosen message attacks using blackbox techniques even assuming existence of ideal trapdoor permutations (a strong abstraction of trapdoor permutations which inherits all security properties of a random permutation, introduced by Kiltz and Pietrzak in Eurocrypt 2009) or the recently proposed lossy trapdoor permutations [20]. Moreover, we show onewayness, the most common security property of a trapdoor permutation does not suffice to prove even the weakest security criteria, namely unforgeability under zero message attack. Our negative results can easily be extended to any randomized signature scheme where one can recover the random string from a valid signature.


PSS Blackbox Reductions Randomized Signature Standard Model 

Copyright information

© International Association for Cryptologic Research 2011

Authors and Affiliations

  • Rishiraj Bhattacharyya
    • 1
  • Avradip Mandal
    • 2
  1. 1.Cryptology Research Group, Applied Statistics UnitIndian Statistical InstituteKolkataIndia
  2. 2.Université du LuxembourgLuxembourg

Personalised recommendations