Generalized First Pre-image Tractable Random Oracle Model and Signature Schemes

Weakened Random Oracle Models (WROMs) are variants of the Random Oracle Model (ROM) under some weakened collision resistance assumptions. Cryptographic schemes proven secure in WROMs can ensure security even when the underlying random oracles are susceptible to certain extent of collision attacks, second pre-image attacks, or first pre-image attacks. In this paper, we show that a WROM variant called FPT-ROM (First Pre-Image Tractable ROM) can further be weakened to a Generalized FPT-ROM which can capture more practical attacks, for example, the chosen prefix collision attack by Stevens et al. (CRYPTO2009). This type of attacks has never been captured by any existing WROMs. Achieving security against FPT-ROM has been known as one of the most challenging problems in constructing cryptographic schemes in WROMs. In the second part of this paper, we propose a generic transformation which converts a large class of signature schemes secure in ROM to a class of variants, which can be proven secure in all the WROMs, including our newly proposed Generalized FPT-ROM. The transformation does not increase the signature size, and it can apply to many practical and highly efficient signature schemes such as the Full-Domain Hash signature, Schnorr signature, and many others.