Revisiting TESLA in the Quantum Random Oracle Model
نویسندگان
چکیده
We study a scheme of Bai and Galbraith (CT-RSA’14), also known as TESLA. TESLA was thought to have a tight security reduction from the learning with errors problem (LWE) in the random oracle model (ROM). Moreover, a variant using chameleon hash functions was lifted to the quantum random oracle model (QROM). However, both reductions were later found to be flawed and hence it remained unresolved until now whether TESLA can be proven to be tightly secure in the (Q)ROM. In the present paper we provide an entirely new, tight security reduction for TESLA from LWE in the QROM (and thus in the ROM). Our security reduction involves the adaptive re-programming of a quantum oracle. Furthermore, we propose parameter sets targeting 128 bits of security against both classical and quantum adversaries and compare TESLA’s performance with state-of-the-art signature schemes.
منابع مشابه
TESLA: Tightly-Secure Efficient Signatures from Standard Lattices
Generally, lattice-based cryptographic primitives offer good performance and allow for strong security reductions. However, the most efficient current lattice-based signature schemes sacrifice (part of its) security to achieve good performance: first, security is based on ideal lattice problems, that might not be as hard as standard lattice problems. Secondly, the security reductions of the mos...
متن کاملRandom Oracles in a Quantum World
The interest in post-quantum cryptography — classical systems that remain secure in the presence of a quantum adversary — has generated elegant proposals for new cryptosystems. Some of these systems are set in the random oracle model and are proven secure relative to adversaries that have classical access to the random oracle. We argue that to prove post-quantum security one needs to prove secu...
متن کاملSecure Identity-Based Encryption in the Quantum Random Oracle Model
We give the first proof of security for an identity-based encryption scheme in the quantum random oracle model. This is the first proof of security for any scheme in this model that requires no additional assumptions. Our techniques are quite general and we use them to obtain security proofs for two random oracle hierarchical identity-based encryption schemes and a random oracle signature schem...
متن کاملMaking Existential-unforgeable Signatures Strongly Unforgeable in the Quantum Random-oracle Model
Strongly unforgeable signature schemes provide a more stringent security guarantee than the standard existential unforgeability. It requires that not only forging a signature on a new message is hard, it is infeasible as well to produce a new signature on a message for which the adversary has seen valid signatures before. Strongly unforgeable signatures are useful both in practice and as a buil...
متن کاملImproved identification protocol in the quantum random oracle model
Boneh et al. [6] proposed an identification protocol in Asiacrypt 2011 that is secure in the classical random oracle model but insecure in the quantum random oracle model. This paper finds that a constant parameter plays a significant role in the security of the protocol and the variation of this parameter changes the security greatly. Therefore, an improved identification protocol that replace...
متن کامل