Skip to Main content Skip to Navigation
Preprints, Working Papers, ...

Quantum security of the Fiat-Shamir transform of commit and open protocols

Abstract : Applying the Fiat-Shamir transform on identification schemes is one of the main ways of constructing signature schemes. While the classical security of this transformation is well understood, it is only very recently that generic results for the quantum case has been proposed [DFMS19,LZ19]. In this paper, we show that if we start from a commit-and-open identification scheme, where the prover first commits to several strings and then as a second message opens a subset of them depending on the verifier's message, then the Fiat-Shamir transform is quantum secure, for a suitable choice of commitment scheme. Unlike previous generic results, our transformation doesn't require to reprogram the random function H used in the Fiat-Shamir transform and we actually only require a quantum one-wayness property. Our techniques can in some cases lead to a much tighter security reduction. To illustrate this, we apply our techniques to identifications schemes at the core of the MQDSS signature scheme, the Picnic scheme (both present in the round 2 of the post quantum NIST competition) and the Stern signature scheme. For all these schemes, we show that our technique can be applied with essentially tight results.
Complete list of metadata
Contributor : André Chailloux <>
Submitted on : Friday, January 3, 2020 - 1:17:22 PM
Last modification on : Thursday, January 7, 2021 - 3:38:03 PM

Links full text


  • HAL Id : hal-02427223, version 1
  • ARXIV : 1906.05415



André Chailloux. Quantum security of the Fiat-Shamir transform of commit and open protocols. 2019. ⟨hal-02427223⟩



Record views