The Fiat-Shamir Zoo: Relating the Security of Different Signature Variants

Paper 2018/775

The Fiat-Shamir Zoo: Relating the Security of Different Signature Variants

Matilda Backendal, Mihir Bellare, Jessica Sorrell, and Jiahao Sun

Abstract

The Fiat-Shamir paradigm encompasses many different ways of turning a given identification scheme into a signature scheme. Security proofs pertain sometimes to one variant, sometimes to another. We systematically study three variants that we call the challenge (signature is challenge and response), commit (signature is commitment and response) and transcript (signature is challenge, commitment and response) variants. Our framework captures the variants via transforms that determine the signature scheme as a function of not only the identification scheme and hash function (to cover both standard and random oracle model hashing), but also what we call a signing algorithm, to cover both classical and with-abort signing. We relate the security of the signature schemes produced by these transforms, giving minimal conditions under which uf-security of one transfers to the other. To apply this comprehensively, we formalize linear identification schemes, show that many schemes in the literature are linear, and show that any linear scheme meets our conditions for the signature schemes given by the three transforms to have equivalent uf-security. Our results give a comprehensive picture of the Fiat-Shamir zoo and allow proofs of security in the literature to be transferred automatically from one variant to another.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Published elsewhere. Major revision. NordSec 2018
Contact author(s)
mihir @ eng ucsd edu
History
2018-09-18: last of 3 revisions
2018-08-27: received
See all versions
Short URL
https://ia.cr/2018/775
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2018/775,
      author = {Matilda Backendal and Mihir Bellare and Jessica Sorrell and Jiahao Sun},
      title = {The Fiat-Shamir Zoo: Relating the Security of Different Signature Variants},
      howpublished = {Cryptology {ePrint} Archive, Paper 2018/775},
      year = {2018},
      url = {https://eprint.iacr.org/2018/775}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.