The Fiat-Shamir transformation is a famous technique to turn identification schemes into signature schemes. The derived scheme is provably secure in the random-oracle model against classical adversaries. Still, the technique has also been suggested to be used in connection with quantum-immune identification schemes, in order to get quantum-immune signature schemes. However, a recent paper by Bo...

Abstract: On the basis of the signatures scheme without trapdoors from lattice, which is proposed by Vadim Lyubashevsky in 2012, we present a new ring signature scheme from lattice. The proposed ring signature scheme is an extension of the signatures scheme without trapdoors. We proved that our scheme is strongly unforgeable against adaptive chosen message in the random oracle model, and proved...

Most approaches to the formal analysis of cryptography protocols make the perfect cryptographic assumption, which entails for example that there is no way to obtain knowledge about the plaintext pertaining to a ciphertext without knowing the key. Ideally, one would prefer to abandon the perfect cryptography hypothesis and reason about the computational cost of breaking a cryptographic scheme by...

We study a scheme of Bai and Galbraith (CT-RSA’14), also known as TESLA. TESLA was thought to have a tight security reduction from the learning with errors problem (LWE) in the random oracle model (ROM). Moreover, a variant using chameleon hash functions was lifted to the quantum random oracle model (QROM). However, both reductions were later found to be flawed and hence it remained unresolved ...

Group signatures are cryptographic primitives where users can anonymously sign messages in the name of a population they belong to. Gordon et al. (Asiacrypt 2010) suggested the first realization of group signatures based on lattice assumptions in the random oracle model. A significant drawback of their scheme is its linear signature size in the cardinality N of the group. A recent extension pro...

We prove that every key exchange protocol in the random oracle model in which the honest users make at most n queries to the oracle can be broken by an adversary making O(n) queries to the oracle. This improves on the previous Ω̃(n) query attack given by Impagliazzo and Rudich (STOC ’89). Our bound is optimal up to a constant factor since Merkle (CACM ’78) gave an n query key exchange protocol i...

We prove that every key exchange protocol in the random oracle model in which the honest users make at most n queries to the oracle can be broken by an adversary making O(n) queries to the oracle. This improves on the previous Ω̃(n) query attack given by Impagliazzo and Rudich (STOC ’89), and answers an open question posed by them. Our bound is optimal up to a constant factor since Merkle (CACM ...

We prove that every key exchange protocol in the random oracle model in which the honest users make at most n queries to the oracle can be broken by an adversary making O(n) queries to the oracle. This improves on the previous Ω̃(n) query attack given by Impagliazzo and Rudich (STOC ’89). Our bound is optimal up to a constant factor since Merkle (CACM ’78) gave an n query key exchange protocol i...

We improve on the Bresson–Stern–Szydlo threshold ring signature scheme which uses Shamir secret sharing scheme [6] by showing that the security can be proved under a strictly weaker assumption, that is the random oracle model rather than the ideal cipher model. Then we propose an efficient (n− t)-out-of-n threshold ring signature scheme which is efficient when t is small compared with n. Our sc...

A time-lock puzzle is a mechanism for sending messages “to the future”. The sender publishes a puzzle whose solution is the message to be sent, thus hiding it until enough time has elapsed for the puzzle to be solved. For timelock puzzles to be useful, generating a puzzle should take less time than solving it. Since adversaries may have access to many more computers than honest solvers, massive...