5 results sorted by ID
Possible spell-corrected query: Schnorr-type signature
Concrete Analysis of Schnorr-type Signatures with Aborts
Theo Fanuela Prabowo, Chik How Tan
Attacks and cryptanalysis
Lyubashevsky’s signature can be viewed as a lattice-based adapation of the Schnorr signature, with the core difference being the use of aborts during signature generation process. Since the proposal of Lyubashevsky’s signature, a number of other variants of Schnorr-type signatures with aborts have been proposed, both in lattice-based and code-based setting. In this paper, we examine the security of Schnorr-type signature schemes with aborts. We give a detailed analysis of when the expected...
M&M'S: Mix and Match Attacks on Schnorr-type Blind Signatures with Repetition
Khue Do, Lucjan Hanzlik, Eugenio Paracucchi
Attacks and cryptanalysis
Blind signatures allow the issuing of signatures on messages chosen by the user so that they ensure $\mathit{blindness}$ of the message against the signer. Moreover, a malicious user cannot output $\ell+1$ signatures while only finishing $\ell$ signing sessions. This notion, called $\mathit{one}$-$\mathit{more}$ unforgeability, comes in two flavors supporting either $\mathit{sequential}$ or $\mathit{concurrent}$ sessions.
In this paper, we investigate the security of a class of blind...
SPRINT: High-Throughput Robust Distributed Schnorr Signatures
Fabrice Benhamouda, Shai Halevi, Hugo Krawczyk, Yiping Ma, Tal Rabin
Cryptographic protocols
We describe high-throughput threshold protocols with guaranteed output delivery for generating Schnorr-type signatures. The protocols run a single message-independent interactive ephemeral randomness generation procedure (e.g., DKG) followed by a \emph{non-interactive} multi-message signature generation procedure. The protocols offer significant increase in throughput already for as few as ten parties while remaining highly-efficient for many hundreds of parties with thousands of signatures...
On the Exact Security of Schnorr-Type Signatures in the Random Oracle Model
Yannick Seurin
Public-key cryptography
The Schnorr signature scheme has been known to be provably secure in the Random Oracle Model under the Discrete Logarithm (DL) assumption since the work of Pointcheval and Stern (EUROCRYPT '96), at the price of a very loose reduction though: if there is a forger making at most $q_h$ random oracle queries, and forging signatures with probability $\varepsilon_F$, then the Forking Lemma tells that one can compute discrete logarithms with constant probability by rewinding the forger...
Identity Based Partial Aggregate Signature Scheme Without Pairing
S. Sharmila Deva Selvi, S. Sree Vivek, J. Shriram, C. Pandu Rangan
An identity based signature allows users to sign their documents using their private keys and the signature can be verified by any one, using the identity of the signer and public parameters of the system. An aggregate signature scheme is a digital signature scheme which allows aggregation of different signatures by different users on different messages. The primary objective of aggregate signature scheme is to achieve both computational and communication efficiency. Here, we propose an...
Lyubashevsky’s signature can be viewed as a lattice-based adapation of the Schnorr signature, with the core difference being the use of aborts during signature generation process. Since the proposal of Lyubashevsky’s signature, a number of other variants of Schnorr-type signatures with aborts have been proposed, both in lattice-based and code-based setting. In this paper, we examine the security of Schnorr-type signature schemes with aborts. We give a detailed analysis of when the expected...
Blind signatures allow the issuing of signatures on messages chosen by the user so that they ensure $\mathit{blindness}$ of the message against the signer. Moreover, a malicious user cannot output $\ell+1$ signatures while only finishing $\ell$ signing sessions. This notion, called $\mathit{one}$-$\mathit{more}$ unforgeability, comes in two flavors supporting either $\mathit{sequential}$ or $\mathit{concurrent}$ sessions. In this paper, we investigate the security of a class of blind...
We describe high-throughput threshold protocols with guaranteed output delivery for generating Schnorr-type signatures. The protocols run a single message-independent interactive ephemeral randomness generation procedure (e.g., DKG) followed by a \emph{non-interactive} multi-message signature generation procedure. The protocols offer significant increase in throughput already for as few as ten parties while remaining highly-efficient for many hundreds of parties with thousands of signatures...
The Schnorr signature scheme has been known to be provably secure in the Random Oracle Model under the Discrete Logarithm (DL) assumption since the work of Pointcheval and Stern (EUROCRYPT '96), at the price of a very loose reduction though: if there is a forger making at most $q_h$ random oracle queries, and forging signatures with probability $\varepsilon_F$, then the Forking Lemma tells that one can compute discrete logarithms with constant probability by rewinding the forger...
An identity based signature allows users to sign their documents using their private keys and the signature can be verified by any one, using the identity of the signer and public parameters of the system. An aggregate signature scheme is a digital signature scheme which allows aggregation of different signatures by different users on different messages. The primary objective of aggregate signature scheme is to achieve both computational and communication efficiency. Here, we propose an...