How to prove yourself: practical solutions to identification and signature problems
Proceedings on Advances in cryptology---CRYPTO '86
Meta-ElGamal signature schemes
CCS '94 Proceedings of the 2nd ACM Conference on Computer and communications security
Separating Random Oracle Proofs from Complexity Theoretic Proofs: The Non-committing Encryption Case
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
A "Paradoxical" Indentity-Based Signature Scheme Resulting from Zero-Knowledge
CRYPTO '88 Proceedings of the 8th Annual International Cryptology Conference on Advances in Cryptology
Efficient Identification and Signatures for Smart Cards
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
Adapting the Weaknesses of the Random Oracle Model to the Generic Group Model
ASIACRYPT '02 Proceedings of the 8th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Design Validations for Discrete Logarithm Based Signature Schemes
PKC '00 Proceedings of the Third International Workshop on Practice and Theory in Public Key Cryptography: Public Key Cryptography
On the (In)security of the Fiat-Shamir Paradigm
FOCS '03 Proceedings of the 44th Annual IEEE Symposium on Foundations of Computer Science
The random oracle methodology, revisited
Journal of the ACM (JACM)
Generic Groups, Collision Resistance, and ECDSA
Designs, Codes and Cryptography
Lower bounds for discrete logarithms and related problems
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
On the power of claw-free permutations
SCN'02 Proceedings of the 3rd international conference on Security in communication networks
A synthetic indifferentiability analysis of some block-cipher-based hash functions
Designs, Codes and Cryptography
Tweaking TBE/IBE to PKE Transforms with Chameleon Hash Functions
ACNS '07 Proceedings of the 5th international conference on Applied Cryptography and Network Security
Gradually Convertible Undeniable Signatures
ACNS '07 Proceedings of the 5th international conference on Applied Cryptography and Network Security
Improved Bounds on Security Reductions for Discrete Log Based Signatures
CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
Cryptanalysis of EC-RAC, a RFID Identification Protocol
CANS '08 Proceedings of the 7th International Conference on Cryptology and Network Security
General Conversion for Obtaining Strongly Existentially Unforgeable Signatures
IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
Anonymity from Public Key Encryption to Undeniable Signatures
AFRICACRYPT '09 Proceedings of the 2nd International Conference on Cryptology in Africa: Progress in Cryptology
On Generic Constructions of Designated Confirmer Signatures
INDOCRYPT '09 Proceedings of the 10th International Conference on Cryptology in India: Progress in Cryptology
Decryptable searchable encryption
ProvSec'07 Proceedings of the 1st international conference on Provable security
Separation results on the "one-more" computational problems
CT-RSA'08 Proceedings of the 2008 The Cryptopgraphers' Track at the RSA conference on Topics in cryptology
Linearly homomorphic signatures over binary fields and new tools for lattice-based signatures
PKC'11 Proceedings of the 14th international conference on Practice and theory in public key cryptography conference on Public key cryptography
Efficient CDH-based verifiably encrypted signatures with optimal bandwidth in the standard model
ADHOC-NOW'11 Proceedings of the 10th international conference on Ad-hoc, mobile, and wireless networks
ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
Another look at “provable security”. II
INDOCRYPT'06 Proceedings of the 7th international conference on Cryptology in India
On related-secret pseudorandomness
TCC'10 Proceedings of the 7th international conference on Theory of Cryptography
Collision-Resistant no more: hash-and-sign paradigm revisited
PKC'06 Proceedings of the 9th international conference on Theory and Practice of Public-Key Cryptography
Impossibility proofs for RSA signatures in the standard model
CT-RSA'07 Proceedings of the 7th Cryptographers' track at the RSA conference on Topics in Cryptology
A practical and tightly secure signature scheme without hash function
CT-RSA'07 Proceedings of the 7th Cryptographers' track at the RSA conference on Topics in Cryptology
Separating short structure-preserving signatures from non-interactive assumptions
ASIACRYPT'11 Proceedings of the 17th international conference on The Theory and Application of Cryptology and Information Security
SAC'11 Proceedings of the 18th international conference on Selected Areas in Cryptography
On the joint security of encryption and signature in EMV
CT-RSA'12 Proceedings of the 12th conference on Topics in Cryptology
On the instantiability of hash-and-sign RSA signatures
TCC'12 Proceedings of the 9th international conference on Theory of Cryptography
A pre-computable signature scheme with efficient verification for RFID
ISPEC'12 Proceedings of the 8th international conference on Information Security Practice and Experience
On the exact security of schnorr-type signatures in the random oracle model
EUROCRYPT'12 Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques
Security and Communication Networks
Black-box reductions and separations in cryptography
AFRICACRYPT'12 Proceedings of the 5th international conference on Cryptology in Africa
ISC'07 Proceedings of the 10th international conference on Information Security
Optimal reductions of some decisional problems to the rank problem
ASIACRYPT'12 Proceedings of the 18th international conference on The Theory and Application of Cryptology and Information Security
Why “fiat-shamir for proofs” lacks a proof
TCC'13 Proceedings of the 10th theory of cryptography conference on Theory of Cryptography
Hi-index | 0.00 |
We provide evidence that the unforgeability of several discrete-log based signatures like Schnorr signatures cannot be equivalent to the discrete log problem in the standard model. This contradicts in nature well-known proofs standing in weakened proof methodologies, in particular proofs employing various formulations of the Forking Lemma in the random oracle Model. Our impossibility proofs apply to many discrete-log-based signatures like ElGamal signatures and their extensions, DSA, ECDSA and KCDSA as well as standard generalizations of these, and even RSA-based signatures like GQ. We stress that our work sheds more light on the provable (in)security of popular signature schemes but does not explicitly lead to actual attacks on these.