rixxc/masterthesis
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add Dlog' ggm proof

Browse Source
This commit is contained in:
Aaron Kaiser
2023-05-09 10:01:01 +02:00
parent 8a7b0d4d75
commit 56f6c785bb
9 changed files with 280 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
thesis/citation.bib
View File

@@ -188,3 +188,39 @@
pages = {115--129},
file = {Full Text PDF:/home/rixxc/Zotero/storage/WKJLTLKJ/Karpfinger and Meyberg - 2021 - Die Sätze von Sylow.pdf:application/pdf},
}
@incollection{hutchison_exact_2012,
address = {Berlin, Heidelberg},
title = {On the {Exact} {Security} of {Schnorr}-{Type} {Signatures} in the {Random} {Oracle} {Model}},
volume = {7237},
isbn = {978-3-642-29010-7 978-3-642-29011-4},
url = {http://link.springer.com/10.1007/978-3-642-29011-4_33},
abstract = {The Schnorr signature scheme has been known to be provably secure in the Random Oracle Model under the Discrete Logarithm (DL) assumption since the work of Pointcheval and Stern (EUROCRYPT 96), at the price of a very loose reduction though: if there is a forger making at most qh random oracle queries, and forging signatures with probability εF , then the Forking Lemma tells that one can compute discrete logarithms with constant probability by rewinding the forger O(qh/εF ) times. In other words, the security reduction loses a factor O(qh) in its time-to-success ratio. This is rather unsatisfactory since qh may be quite large. Yet Paillier and Vergnaud (ASIACRYPT 2005) later showed that under the One More Discrete Logarithm (OMDL) assumption, any algebraic reduction must lose a factor at least qh1/2 in its time-to-success ratio. This was later improved by Garg et al. (CRYPTO 2008) to a factor qh2/3. Up to now, the gap between qh2/3 and qh remained open. In this paper, we show that the security proof using the Forking Lemma is essentially the best possible. Namely, under the OMDL assumption, any algebraic reduction must lose a factor f (εF )qh in its time-to-success ratio, where f ≤ 1 is a function that remains close to 1 as long as εF is noticeably smaller than 1. Using a formulation in terms of expected-time and queries algorithms, we obtain an optimal loss factor Ω(qh), independently of εF . These results apply to other signature schemes based on one-way group homomorphisms, such as the Guillou-Quisquater signature scheme.},
language = {en},
urldate = {2023-04-30},
booktitle = {Advances in {Cryptology} {EUROCRYPT} 2012},
publisher = {Springer Berlin Heidelberg},
author = {Seurin, Yannick},
editor = {Hutchison, David and Kanade, Takeo and Kittler, Josef and Kleinberg, Jon M. and Mattern, Friedemann and Mitchell, John C. and Naor, Moni and Nierstrasz, Oscar and Pandu Rangan, C. and Steffen, Bernhard and Sudan, Madhu and Terzopoulos, Demetri and Tygar, Doug and Vardi, Moshe Y. and Weikum, Gerhard and Pointcheval, David and Johansson, Thomas},
year = {2012},
doi = {10.1007/978-3-642-29011-4_33},
note = {Series Title: Lecture Notes in Computer Science},
pages = {554--571},
file = {Seurin - 2012 - On the Exact Security of Schnorr-Type Signatures i.pdf:/home/rixxc/Zotero/storage/5CWR5JYA/Seurin - 2012 - On the Exact Security of Schnorr-Type Signatures i.pdf:application/pdf},
}
@article{schwartz_fast_1980,
title = {Fast {Probabilistic} {Algorithms} for {Verification} of {Polynomial} {Identities}},
volume = {27},
issn = {0004-5411},
url = {https://dl.acm.org/doi/10.1145/322217.322225},
doi = {10.1145/322217.322225},
number = {4},
urldate = {2023-05-08},
journal = {Journal of the ACM},
author = {Schwartz, J. T.},
month = oct,
year = {1980},
pages = {701--717},
file = {Full Text PDF:/home/rixxc/Zotero/storage/9XIETZ49/Schwartz - 1980 - Fast Probabilistic Algorithms for Verification of .pdf:application/pdf},
}