Started with related work
This commit is contained in:
@@ -26,79 +26,6 @@ This means that the advantage to distinguish between two identical-until-bad gam
|
||||
|
||||
\input{sections/security_notions}
|
||||
|
||||
\subsection{Fiat-Shamir Transformation}
|
||||
|
||||
The Fiat-Schamir transformation is a transformation which creates a digital signature scheme from a canonical identification scheme. The transformation was introduces by Fiat-Schmir in 1986 \cite{C:FiaSha86}. To transform a canonical identification scheme into a signature scheme it has to be become non-interactive. The role of the verifier in the canonical identification scheme (besides verifying the solution) is to provide a challenge to the proofer. This is a crucial part for the security of the scheme since otherwise the proofer might be able to choose a commitment and solution in a way that lets him generate a valid transcript without being in the possession of the secret key.
|
||||
|
||||
The Fiat-Schamir transformation replaces the verifier by a pseudorandom function. This pseudorandom function takes the commitment and a a message as input and outputs the challenge. Now the challenge is computable by the proofer without the need to interact with another party. With this the proofer is able to calculate the response. The commitment together with the solution can now be considered a signature for that message. To verify the signature a verifier can use the same pseudorandom function to calculate the challenge based on the commitment and the message and apply the verification algorithm from the canonical identification scheme to verify the solution and thereby the validity of the signature. In practice a hash function is often used as the pseudorandom function. The Fiat-Schamir transformation is depicted in figure \ref{fig:fs-transformation}.
|
||||
|
||||
If the canonical identification scheme is IMP-PA secure then the digital signature scheme, resulting from the Fiat-Schamir transformation of that canonical identification scheme, is UF-CMA secure in the random oracle model (the meaning of the random oracle model will be explained in section \ref{sec:rom}) \cite{EC:PoiSte96}. %TODO: Ist das das richtige Paper?
|
||||
|
||||
\begin{figure}[H]
|
||||
\hrule
|
||||
\vspace{1mm}
|
||||
\begin{multicols}{3}
|
||||
\begin{algorithmic}[1]
|
||||
\Statex \underline{\textbf{KeyGen}(par)}
|
||||
\State $(\pubkey, \privkey) \randomassign \keygen(1^\secparamter)$
|
||||
\State \Return $(\pubkey, \privkey)$
|
||||
\end{algorithmic}
|
||||
\columnbreak
|
||||
\begin{algorithmic}[1]
|
||||
\Statex \underline{\textbf{Sign}(\privkey, \m)}
|
||||
\State $(R, st) \randomassign P_1(\privkey)$
|
||||
\State $\ch \assign F(R|\m)$
|
||||
\State $s \assign P_2(\privkey, R, \ch, st)$
|
||||
\State \Return $(R, s)$
|
||||
\end{algorithmic}
|
||||
\columnbreak
|
||||
\begin{algorithmic}[1]
|
||||
\Statex \underline{\textbf{Verify}(\pubkey, \m, $\signature \assign (R,s)$)}
|
||||
\State $\ch \assign F(R|\m)$
|
||||
\State \Return $V(\pubkey, R, \ch, s)$
|
||||
\end{algorithmic}
|
||||
\end{multicols}
|
||||
|
||||
\hrule
|
||||
\caption{Fiat-Schamir transformation of a CID \assign (KeyGen, P, V)}
|
||||
\label{fig:fs-transformation}
|
||||
\end{figure}
|
||||
|
||||
\subsection{Schnorr Signatures}
|
||||
|
||||
The Schnorr signature scheme is a signature scheme which was introduced by Claus Peter Schnorr in 1991 \cite{JC:Schnorr91}. The Schnorr signature scheme proved to be a robust and efficient signature scheme. For two prime numbers $p$ and $q$ with $q|p-1$ and and element $g \in \field{p}$ with order $q$ the Schnorr signature scheme is depicted in figure \ref{fig:schorr}. Since the scheme is defined on $\field{p}$ multiplicative notation is used for this scheme as an exception.
|
||||
|
||||
\begin{figure}[H]
|
||||
\hrule
|
||||
\vspace{1mm}
|
||||
\begin{multicols}{3}
|
||||
\begin{algorithmic}[1]
|
||||
\Statex \underline{\textbf{KeyGen}(par)}
|
||||
\State $x \randomsample \field{q}$
|
||||
\State \Return $(X \assign g^x, x)$
|
||||
\end{algorithmic}
|
||||
\columnbreak
|
||||
\begin{algorithmic}[1]
|
||||
\Statex \underline{\textbf{Sign}($s$, \m)}
|
||||
\State $r \randomsample \field{q}$
|
||||
\State $R \assign g^r$
|
||||
\State $\ch \assign H(R|m)$
|
||||
\State $s \assign r + s \ch \pmod q$
|
||||
\State \Return $(R, s)$
|
||||
\end{algorithmic}
|
||||
\columnbreak
|
||||
\begin{algorithmic}[1]
|
||||
\Statex \underline{\textbf{Verify}(\pubkey, \m, $\signature \assign (R,s)$)}
|
||||
\State $\ch \assign F(R|\m)$
|
||||
\State \Return $R \test g^s X^{-H(R|m)}$
|
||||
\end{algorithmic}
|
||||
\end{multicols}
|
||||
|
||||
\hrule
|
||||
\caption{Schnorr Signature Scheme}
|
||||
\label{fig:schorr}
|
||||
\end{figure}
|
||||
|
||||
\subsection{Elliptic Curves}
|
||||
|
||||
\subsection{Random Oracle Model (ROM)}
|
||||
|
||||
Reference in New Issue
Block a user