The Fiat–Shamir Transformation in a Quantum World

Dagdelen, Özgür; Fischlin, Marc; Gagliardoni, Tommaso

doi:10.1007/978-3-642-42045-0_4

Cited by 33 publications

(21 citation statements)

References 46 publications

(60 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Although making the DSSs less efficient, schemes by Gentry et al [2008] and Lyubashevsky [2012] are respectively shown by Boneh and Zhandry [2013] and Dagdelen et al [2013] to be secure to such an adversary, creating the quantum random oracle model. This could also motivate an important area for future research, such as proving security for more DSSs to a quantum adversary or possibly creating a generic technique that could turn a DSS secure in the random oracle model to one secure in the quantum random oracle model.…”

Section: Future Workmentioning

confidence: 99%

Practical Lattice-Based Digital Signature Schemes

Howe

Pöppelmann

O’Neill

et al. 2015

ACM Trans. Embed. Comput. Syst.

View full text Add to dashboard Cite

Digital signatures are an important primitive for building secure systems and are used in most real-world security protocols. However, almost all popular signature schemes are either based on the factoring assumption (RSA) or the hardness of the discrete logarithm problem (DSA/ECDSA). In the case of classical cryptanalytic advances or progress on the development of quantum computers, the hardness of these closely related problems might be seriously weakened. A potential alternative approach is the construction of signature schemes based on the hardness of certain lattice problems that are assumed to be intractable by quantum computers. Due to significant research advancements in recent years, lattice-based schemes have now become practical and appear to be a very viable alternative to number-theoretic cryptography. In this article, we focus on recent developments and the current state of the art in lattice-based digital signatures and provide a comprehensive survey discussing signature schemes with respect to practicality. Additionally, we discuss future research areas that are essential for the continued development of lattice-based cryptography.

show abstract

Section: Future Workmentioning

confidence: 99%

Practical Lattice-Based Digital Signature Schemes

Howe

Pöppelmann

O’Neill

et al. 2015

ACM Trans. Embed. Comput. Syst.

View full text Add to dashboard Cite

show abstract

“…Let X 2 be the set of all N 2 size-two subsets of X. In addition to (14), we are also interested in the following two representations of W defined by its action on the sets Y × X and Y × X 2 , respectively: (σ, π) : (y, x) → (π(y), σ π(y) (x)),…”

Section: Definition 43 ([25 Chapter 4])mentioning

confidence: 99%

“…They also do not allow the extractor to use a purified (i.e., unitary) adversary to avoid measurements that introduce randomness. 3 The unforgeability proof from [14] is already almost a proof of the proof of knowledge property. And the techniques from [33] can probably be applied to show that the protocol form [14] is zero-knowledge.…”

Section: Introductionmentioning

confidence: 99%

Quantum Attacks on Classical Proof Systems: The Hardness of Quantum Rewinding

Ambainis

Rosmanis

Unruh

2014

2014 IEEE 55th Annual Symposium on Foundations of Computer Science

113

View full text Add to dashboard Cite

Quantum zero-knowledge proofs and quantum proofs of knowledge are inherently difficult to analyze because their security analysis uses rewinding. Certain cases of quantum rewinding are handled by the results by Watrous (SIAM J Comput, 2009) and Unruh (Eurocrypt 2012), yet in general the problem remains elusive. We show that this is not only due to a lack of proof techniques: relative to an oracle, we show that classically secure proofs and proofs of knowledge are insecure in the quantum setting.More specifically, sigma-protocols, the Fiat-Shamir construction, and Fischlin's proof system are quantum insecure under assumptions that are sufficient for classical security. Additionally, we show that for similar reasons, computationally binding commitments provide almost no security guarantees in a quantum setting.To show these results, we develop the "pick-one trick", a general technique that allows an adversary to find one value satisfying a given predicate, but not two.

show abstract

“…Isogeny-based cryptosystems to date have dealt primarily with encryption, with the exception of the entity authentication protocol of [13, §3.1]. We remark that, although entity authentication in the classical setting enables data authentication via the Fiat-Shamir transformation [14], the Fiat-Shamir transformation fails against a quantum adversary [10]. This work, together with Sun et al's construction of strong designated verifier signatures [30], provides some evidence that isogenies can also be used as the basis for signatures and data authentication in the post-quantum setting.…”

Section: Related Workmentioning

confidence: 99%

Isogeny-Based Quantum-Resistant Undeniable Signatures

Jao

Soukharev

2014

Post-Quantum Cryptography

View full text Add to dashboard Cite

Abstract. We propose an undeniable signature scheme based on elliptic curve isogenies, and prove its security under certain reasonable number-theoretic computational assumptions for which no efficient quantum algorithms are known. Our proposal represents only the second known quantum-resistant undeniable signature scheme, and the first such scheme secure under a number-theoretic complexity assumption.

show abstract

The Fiat–Shamir Transformation in a Quantum World

Cited by 33 publications

References 46 publications

Practical Lattice-Based Digital Signature Schemes

Practical Lattice-Based Digital Signature Schemes

Quantum Attacks on Classical Proof Systems: The Hardness of Quantum Rewinding

Isogeny-Based Quantum-Resistant Undeniable Signatures

Contact Info

Product

Resources

About