Black-box separations of hash-and-sign signatures in the non-programmable random oracle model

Zongyang Zhang; Yu Chen; Sherman S.M. Chow; Goichiro Hanaoka; Zhenfu Cao; Yunlei Zhao

doi:10.1007/978-3-319-26059-4_24

Black-box separations of hash-and-sign signatures in the non-programmable random oracle model

Zongyang Zhang
, Yu Chen^*
, Sherman S.M. Chow
, Goichiro Hanaoka
, Zhenfu Cao
, Yunlei Zhao

^*Corresponding author for this work

Software Engineering Institute

Research output: Chapter in Book/Report/Conference proceeding › Chapter › peer-review

10 Scopus citations

Abstract

A popular methodology of designing cryptosystems with practical efficiency is to give a security proof in the random oracle (RO) model. The work of Fischlin and Fleischhacker (Eurocrypt’13) investigated the case of Schnorr signature (and generally, Fiat-Shamir signatures) and showed the reliance of RO model is inherent. We generalize their results to a large class of “malleable” hash-andsign signatures, where one can efficiently “maul”any two valid signatures between two signature instances with different public keys if it can get the difference between the secret keys.We follow the technique of Fischlin and Fleischhacker to show that the security of malleable hash-and-sign signature cannot be reduced to its related hard cryptographic problem without programming the RO. Our proof assumes the hardness of a onemore cryptographic problem (depending on the signature instantiation). Our result applies to single-instance black-box reductions, subsuming those reductions used in existing proofs. Our framework not only encompasses Fiat-Shamir signatures as special cases, but also covers Γ-signature (Yao and Zhao, IEEE Transactions on Information Forensics and Security’13), and other schemes which implicitly used malleable hash-and-sign signatures, including Boneh-Franklin identity-based encryption, and Sakai-Ohgishi-Kasahara non-interactive identity-based key exchange.

Original language	English
Title of host publication	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Publisher	Springer Verlag
Pages	435-454
Number of pages	20
DOIs	https://doi.org/10.1007/978-3-319-26059-4_24
State	Published - 2015

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	9451
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Keywords

Black-box separations
Hash-and-sign signatures
Meta-reduction
Random oracle model

Access to Document

10.1007/978-3-319-26059-4_24

Cite this

Zhang, Z., Chen, Y., Chow, S. S. M., Hanaoka, G., Cao, Z., & Zhao, Y. (2015). Black-box separations of hash-and-sign signatures in the non-programmable random oracle model. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (pp. 435-454). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9451). Springer Verlag. https://doi.org/10.1007/978-3-319-26059-4_24

Zhang, Zongyang ; Chen, Yu ; Chow, Sherman S.M. et al. / Black-box separations of hash-and-sign signatures in the non-programmable random oracle model. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Springer Verlag, 2015. pp. 435-454 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inbook{4124f9a2e2504ae9829adf8725abc40d,

title = "Black-box separations of hash-and-sign signatures in the non-programmable random oracle model",

abstract = "A popular methodology of designing cryptosystems with practical efficiency is to give a security proof in the random oracle (RO) model. The work of Fischlin and Fleischhacker (Eurocrypt{\textquoteright}13) investigated the case of Schnorr signature (and generally, Fiat-Shamir signatures) and showed the reliance of RO model is inherent. We generalize their results to a large class of “malleable” hash-andsign signatures, where one can efficiently “maul”any two valid signatures between two signature instances with different public keys if it can get the difference between the secret keys.We follow the technique of Fischlin and Fleischhacker to show that the security of malleable hash-and-sign signature cannot be reduced to its related hard cryptographic problem without programming the RO. Our proof assumes the hardness of a onemore cryptographic problem (depending on the signature instantiation). Our result applies to single-instance black-box reductions, subsuming those reductions used in existing proofs. Our framework not only encompasses Fiat-Shamir signatures as special cases, but also covers Γ-signature (Yao and Zhao, IEEE Transactions on Information Forensics and Security{\textquoteright}13), and other schemes which implicitly used malleable hash-and-sign signatures, including Boneh-Franklin identity-based encryption, and Sakai-Ohgishi-Kasahara non-interactive identity-based key exchange.",

keywords = "Black-box separations, Hash-and-sign signatures, Meta-reduction, Random oracle model",

author = "Zongyang Zhang and Yu Chen and Chow, \{Sherman S.M.\} and Goichiro Hanaoka and Zhenfu Cao and Yunlei Zhao",

note = "Publisher Copyright: {\textcopyright} Springer International Publishing Switzerland 2015.",

year = "2015",

doi = "10.1007/978-3-319-26059-4\_24",

language = "英语",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "435--454",

booktitle = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

address = "德国",

}

Zhang, Z, Chen, Y, Chow, SSM, Hanaoka, G, Cao, Z & Zhao, Y 2015, Black-box separations of hash-and-sign signatures in the non-programmable random oracle model. in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 9451, Springer Verlag, pp. 435-454. https://doi.org/10.1007/978-3-319-26059-4_24

Black-box separations of hash-and-sign signatures in the non-programmable random oracle model. / Zhang, Zongyang; Chen, Yu; Chow, Sherman S.M. et al.
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Springer Verlag, 2015. p. 435-454 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9451).

Research output: Chapter in Book/Report/Conference proceeding › Chapter › peer-review

TY - CHAP

T1 - Black-box separations of hash-and-sign signatures in the non-programmable random oracle model

AU - Zhang, Zongyang

AU - Chen, Yu

AU - Chow, Sherman S.M.

AU - Hanaoka, Goichiro

AU - Cao, Zhenfu

AU - Zhao, Yunlei

PY - 2015

Y1 - 2015

N2 - A popular methodology of designing cryptosystems with practical efficiency is to give a security proof in the random oracle (RO) model. The work of Fischlin and Fleischhacker (Eurocrypt’13) investigated the case of Schnorr signature (and generally, Fiat-Shamir signatures) and showed the reliance of RO model is inherent. We generalize their results to a large class of “malleable” hash-andsign signatures, where one can efficiently “maul”any two valid signatures between two signature instances with different public keys if it can get the difference between the secret keys.We follow the technique of Fischlin and Fleischhacker to show that the security of malleable hash-and-sign signature cannot be reduced to its related hard cryptographic problem without programming the RO. Our proof assumes the hardness of a onemore cryptographic problem (depending on the signature instantiation). Our result applies to single-instance black-box reductions, subsuming those reductions used in existing proofs. Our framework not only encompasses Fiat-Shamir signatures as special cases, but also covers Γ-signature (Yao and Zhao, IEEE Transactions on Information Forensics and Security’13), and other schemes which implicitly used malleable hash-and-sign signatures, including Boneh-Franklin identity-based encryption, and Sakai-Ohgishi-Kasahara non-interactive identity-based key exchange.

AB - A popular methodology of designing cryptosystems with practical efficiency is to give a security proof in the random oracle (RO) model. The work of Fischlin and Fleischhacker (Eurocrypt’13) investigated the case of Schnorr signature (and generally, Fiat-Shamir signatures) and showed the reliance of RO model is inherent. We generalize their results to a large class of “malleable” hash-andsign signatures, where one can efficiently “maul”any two valid signatures between two signature instances with different public keys if it can get the difference between the secret keys.We follow the technique of Fischlin and Fleischhacker to show that the security of malleable hash-and-sign signature cannot be reduced to its related hard cryptographic problem without programming the RO. Our proof assumes the hardness of a onemore cryptographic problem (depending on the signature instantiation). Our result applies to single-instance black-box reductions, subsuming those reductions used in existing proofs. Our framework not only encompasses Fiat-Shamir signatures as special cases, but also covers Γ-signature (Yao and Zhao, IEEE Transactions on Information Forensics and Security’13), and other schemes which implicitly used malleable hash-and-sign signatures, including Boneh-Franklin identity-based encryption, and Sakai-Ohgishi-Kasahara non-interactive identity-based key exchange.

KW - Black-box separations

KW - Hash-and-sign signatures

KW - Meta-reduction

KW - Random oracle model

UR - https://www.scopus.com/pages/publications/84948767255

U2 - 10.1007/978-3-319-26059-4_24

DO - 10.1007/978-3-319-26059-4_24

M3 - 章节

AN - SCOPUS:84948767255

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 435

EP - 454

BT - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

PB - Springer Verlag

ER -

Zhang Z, Chen Y, Chow SSM, Hanaoka G, Cao Z, Zhao Y. Black-box separations of hash-and-sign signatures in the non-programmable random oracle model. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Springer Verlag. 2015. p. 435-454. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-319-26059-4_24

Black-box separations of hash-and-sign signatures in the non-programmable random oracle model

Abstract

Publication series

Keywords

Access to Document

Other files and links

Fingerprint

Cite this