Paper 2025/115

Signatures with Tight Adaptive Corruptions from Search Assumptions

Keitaro Hashimoto, National Institute of Advanced Industrial Science and Technology (AIST)
Wakaha Ogata, Institute of Science Tokyo
Yusuke Sakai, National Institute of Advanced Industrial Science and Technology (AIST)
Abstract

We construct the \emph{first} tightly secure signature schemes in the multi-user setting with adaptive corruptions from static search assumptions, such as classical discrete logarithm, RSA, factoring, or post-quantum group action discrete logarithm assumptions. In contrast to our scheme, the previous tightly secure schemes are based on decisional assumptions (e.g., (group action) DDH) or interactive search assumptions (e.g., one-more CDH). The security of our schemes is independent of the number of users, signing queries, and random oracle queries, and forging our signatures is as hard as solving the underlying static search problems. Our signature schemes are based on an identification scheme with multiple secret keys per public key and ``second-key recovery resistance,'' difficulty of finding another secret key of a given public and secret key pair (e.g., Okamoto identification (CRYPTO'92) and Parallel-OR identification (CRYPTO'94)). These properties allow a reduction in solving a search problem while answering signing and corruption queries for all users in the signature security game. To convert such an identification scheme into a signature scheme tightly, we employ randomized Fischlin transformation introduced by Kondi and shelat (Asiacrypt 2022) that provides straight-line extraction. Klooss et al. (Asiacrypt 2024) showed that randomized Fischlin transformation satisfies the zero-knowledge property in the programmable ROM if an exponential-size challenge space is used. This fact intuitively implies that the transformation with a large challenge space guarantees the tight security of our signature scheme in the programmable random oracle model, but we successfully prove its tight security in the \emph{non-programmable} random oracle model \emph{without enlarging the challenge size}. Also, as a side contribution, we reconsider the zero-knowledge property of randomized Fischlin transformation, and show that the transformation with a polynomial size challenge space has zero-knowledge if the underlying Sigma protocol satisfies certain properties.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Preprint.
Keywords
Digital signatureMulti-user setting with corruptionTight securitySearch assumptions
Contact author(s)
keitaro hashimoto @ aist go jp
ogata w aa @ m titech ac jp
yusuke sakai @ aist go jp
History
2025-05-16: last of 3 revisions
2025-01-24: received
See all versions
Short URL
https://ia.cr/2025/115
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2025/115,
      author = {Keitaro Hashimoto and Wakaha Ogata and Yusuke Sakai},
      title = {Signatures with Tight Adaptive Corruptions from Search Assumptions},
      howpublished = {Cryptology {ePrint} Archive, Paper 2025/115},
      year = {2025},
      url = {https://eprint.iacr.org/2025/115}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.