Limits on the provable consequences of one-way permutations
STOC '89 Proceedings of the twenty-first annual ACM symposium on Theory of computing
Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
The random oracle methodology, revisited (preliminary version)
STOC '98 Proceedings of the thirtieth annual ACM symposium on Theory of computing
On the Security of Joint Signature and Encryption
EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
Optimal Security Proofs for PSS and Other Signature Schemes
EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
Lower bounds on the efficiency of generic cryptographic constructions
FOCS '00 Proceedings of the 41st Annual Symposium on Foundations of Computer Science
The relationship between public key encryption and oblivious transfer
FOCS '00 Proceedings of the 41st Annual Symposium on Foundations of Computer Science
On the Impossibility of Basing Trapdoor Functions on Trapdoor Predicates
FOCS '01 Proceedings of the 42nd IEEE symposium on Foundations of Computer Science
On the (In)security of the Fiat-Shamir Paradigm
FOCS '03 Proceedings of the 44th Annual IEEE Symposium on Foundations of Computer Science
The random oracle methodology, revisited
Journal of the ACM (JACM)
Lossy trapdoor functions and their applications
STOC '08 Proceedings of the fortieth annual ACM symposium on Theory of computing
EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
PSS Is Secure against Random Fault Attacks
ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
The exact security of digital signatures-how to sign with RSA and Rabin
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Instantiability of RSA-OAEP under chosen-plaintext attack
CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
On the generic insecurity of the full domain hash
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
On the impossibility of three-move blind signature schemes
EUROCRYPT'10 Proceedings of the 29th Annual international conference on Theory and Applications of Cryptographic Techniques
Impossibility proofs for RSA signatures in the standard model
CT-RSA'07 Proceedings of the 7th Cryptographers' track at the RSA conference on Topics in Cryptology
| Hi-index | 0.00 |
In this paper we consider the problem of securely instantiating Probabilistic Signature Scheme (PSS) in the standard model. PSS, proposed by Bellare and Rogaway [3] is a widely deployed randomized signature scheme, provably secure (unforgeable under adaptively chosen message attacks) in Random Oracle Model. Our main result is a black-box impossibility result showing that one can not prove unforgeability of PSS against chosen message attacks using blackbox techniques even assuming existence of ideal trapdoor permutations (a strong abstraction of trapdoor permutations which inherits all security properties of a random permutation, introduced by Kiltz and Pietrzak in Eurocrypt 2009) or the recently proposed lossy trapdoor permutations [20]. Moreover, we show onewayness, the most common security property of a trapdoor permutation does not suffice to prove even the weakest security criteria, namely unforgeability under zero message attack. Our negative results can easily be extended to any randomized signature scheme where one can recover the random string from a valid signature.