2019
DOI: 10.1007/s00145-019-09311-5
|View full text |Cite
|
Sign up to set email alerts
|

On Tight Security Proofs for Schnorr Signatures

Abstract: The Schnorr signature scheme is the most efficient signature scheme based on the discrete logarithm problem and a long line of research investigates the existence of a tight security reduction for this scheme in the random oracle model. Almost all recent works present lower tightness bounds and most recently Seurin (Eurocrypt 2012) showed that under certain assumptions the non-tight security proof for Schnorr signatures in the random oracle by Pointcheval and Stern (Eurocrypt 1996) is essentially optimal. All … Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
4
1

Citation Types

0
18
0

Year Published

2019
2019
2022
2022

Publication Types

Select...
5
2
1

Relationship

1
7

Authors

Journals

citations
Cited by 22 publications
(18 citation statements)
references
References 31 publications
0
18
0
Order By: Relevance
“…If the probability of breaking the scheme approaches closely to the probability of solving the hard problem, the reduction is considered tight. Tight security reduction not only gives stronger security guarantees, but also allows secure use of smaller sized parameters [28].…”
Section: Our Contributionmentioning
confidence: 99%
“…If the probability of breaking the scheme approaches closely to the probability of solving the hard problem, the reduction is considered tight. Tight security reduction not only gives stronger security guarantees, but also allows secure use of smaller sized parameters [28].…”
Section: Our Contributionmentioning
confidence: 99%
“…Our strategy allows us to retrieve several AGM results (from [ 21 , 22 ]) in the standard model, in the sense that the group can be concretely implemented from falsifiable assumptions. 3 In particular, we show that in our group, the discrete logarithm assumption, the computational Diffie-Hellman assumption, the square Diffie-Hellman assumption, and the linear-combination Diffie-Hellman assumption (see [ 21 ]) are all equivalent, the security of the Schnorr signature scheme [ 37 ] can be tightly reduced to the discrete logarithm assumption escaping impossibility results due to [ 19 ]. 4 …”
Section: Introductionmentioning
confidence: 98%
“…the security of the Schnorr signature scheme [ 37 ] can be tightly reduced to the discrete logarithm assumption escaping impossibility results due to [ 19 ]. 4…”
Section: Introductionmentioning
confidence: 99%
“…Another standard solution is to use cryptographic digital signatures, which allow receivers to verify the origin of a message using a 'public' key so that it can be secure in a verifier breach. Although there are many online efficient (computationally secure) digital signature schemes, such as ElGamal signature [7] and Schnorr signature [8,9], they require expensive cryptographic operations like modular exponentiation which is too complex for resourceconstrained CPS devices.…”
Section: Introductionmentioning
confidence: 99%