TY - GEN
T1 - Black-box separations on fiat-shamir-type signatures in the non-programmable random oracle model
AU - Fukumitsu, Masayuki
AU - Hasegawa, Shingo
N1 - Funding Information:
We would like to thank anonymous reviewers for their valuable comments and suggestions. A part of this work is supported by JSPS KAKENHI Grant Number 15K16001.
Publisher Copyright:
© Springer International Publishing Switzerland 2015.
PY - 2015
Y1 - 2015
N2 - In recent years, Fischlin and Fleischhacker showed the impossibility of proving the security of specific types of FS-type signatures, the signatures constructed by the Fiat-Shamir transformation, via a single-instance reduction in the non-programmable random oracle model (NPROM, for short). In this paper, we pose a question whether or not the impossibility of proving the security of any FS-type signature can be shown in the NPROM. For this question, we show that each FS-type signature cannot be proven to be secure via a key-preserving reduction in the NPROM from the security against the impersonation of the underlying identification scheme under the passive attack, as long as the identification scheme is secure against the impersonation under the active attack. We also show the security incompatibility between the discrete logarithm assumption and the security of the Schnorr signature via a singleinstance key-preserving reduction, whereas Fischlin and Fleischhacker showed that such an incompatibility cannot be proven via a non-keypreserving reduction.
AB - In recent years, Fischlin and Fleischhacker showed the impossibility of proving the security of specific types of FS-type signatures, the signatures constructed by the Fiat-Shamir transformation, via a single-instance reduction in the non-programmable random oracle model (NPROM, for short). In this paper, we pose a question whether or not the impossibility of proving the security of any FS-type signature can be shown in the NPROM. For this question, we show that each FS-type signature cannot be proven to be secure via a key-preserving reduction in the NPROM from the security against the impersonation of the underlying identification scheme under the passive attack, as long as the identification scheme is secure against the impersonation under the active attack. We also show the security incompatibility between the discrete logarithm assumption and the security of the Schnorr signature via a singleinstance key-preserving reduction, whereas Fischlin and Fleischhacker showed that such an incompatibility cannot be proven via a non-keypreserving reduction.
KW - Fiat-Shamir transformation
KW - Meta-reduction
KW - Non-programmable random oracle model
KW - The schnorr signature
UR - http://www.scopus.com/inward/record.url?scp=84945939143&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84945939143&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-23318-5_1
DO - 10.1007/978-3-319-23318-5_1
M3 - Conference contribution
AN - SCOPUS:84945939143
SN - 9783319233178
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 3
EP - 20
BT - Information Security - 18th International Conference, ISC 2015, Proceedings
A2 - Lopez, Javier
A2 - Mitchell, Chris J.
PB - Springer Verlag
T2 - 18th International Conference on Information Security, ISC 2015
Y2 - 9 September 2015 through 11 September 2015
ER -