From Identification to Signatures Via the Fiat-Shamir Transform: Necessary and Sufficient Conditions for Security and Forward-Security

Abstract : The Fiat-Shamir paradigm for transforming identification schemes into signature schemes has been popular since its introduction because it yields efficient signature schemes, and has been receiving renewed interest of late as the main tool in deriving forward-secure signature schemes. In this paper, minimal (meaning necessary and sufficient) conditions on the identification scheme to ensure security of the signature scheme in the random oracle model are determined, both in the usual and in the forward-secure cases. Specifically, it is shown that the signature scheme is secure (respectively, forward-secure) against chosen-message attacks in the random oracle model if and only if the underlying identification scheme is secure (respectively, forward-secure) against impersonation under passive (i.e., eavesdropping only) attacks, and has its commitments drawn at random from a large space. An extension is proven incorporating a random seed into the Fiat-Shamir transform so that the commitment space assumption may be removed.
Type de document :
Article dans une revue
IEEE Transactions on Information Theory, Institute of Electrical and Electronics Engineers, 2008, 54 (8), pp.3631-3646. 〈10.1109/TIT.2008.926303〉
Liste complète des métadonnées

https://hal.inria.fr/hal-00917092
Contributeur : Michel Abdalla <>
Soumis le : mercredi 11 décembre 2013 - 12:03:29
Dernière modification le : vendredi 25 mai 2018 - 12:02:05

Identifiants

Collections

Citation

Michel Abdalla, Jee Hea An, Mihir Bellare, Chanathip Namprempre. From Identification to Signatures Via the Fiat-Shamir Transform: Necessary and Sufficient Conditions for Security and Forward-Security. IEEE Transactions on Information Theory, Institute of Electrical and Electronics Engineers, 2008, 54 (8), pp.3631-3646. 〈10.1109/TIT.2008.926303〉. 〈hal-00917092〉

Partager

Métriques

Consultations de la notice

152