Artigos de revistas sobre o tema "Fiat-Shamir transform with aborts"
Siga este link para ver outros tipos de publicações sobre o tema: Fiat-Shamir transform with aborts.
Crie uma referência precisa em APA, MLA, Chicago, Harvard, e outros estilos
Veja os 17 melhores artigos de revistas para estudos sobre o assunto "Fiat-Shamir transform with aborts".
Ao lado de cada fonte na lista de referências, há um botão "Adicionar à bibliografia". Clique e geraremos automaticamente a citação bibliográfica do trabalho escolhido no estilo de citação de que você precisa: APA, MLA, Harvard, Chicago, Vancouver, etc.
Você também pode baixar o texto completo da publicação científica em formato .pdf e ler o resumo do trabalho online se estiver presente nos metadados.
Veja os artigos de revistas das mais diversas áreas científicas e compile uma bibliografia correta.
1
Cheon, Jung Hee, Hyeongmin Choe, Julien Devevey, Tim Güneysu, Dongyeon Hong, Markus Krausz, Georg Land, Marc Möller, Damien Stehlé e MinJune Yi. "HAETAE: Shorter Lattice-Based Fiat-Shamir Signatures". IACR Transactions on Cryptographic Hardware and Embedded Systems 2024, n.º 3 (18 de julho de 2024): 25–75. http://dx.doi.org/10.46586/tches.v2024.i3.25-75.
Texto completo da fonteResumo:
We present HAETAE (Hyperball bimodAl modulE rejecTion signAture schemE), a new lattice-based signature scheme. Like the NIST-selected Dilithium signature scheme, HAETAE is based on the Fiat-Shamir with Aborts paradigm, but our design choices target an improved complexity/compactness compromise that is highly relevant for many space-limited application scenarios. We primarily focus on reducing signature and verification key sizes so that signatures fit into one TCP or UDP datagram while preserving a high level of security against a variety of attacks. As a result, our scheme has signature and verification key sizes up to 39% and 25% smaller, respectively, compared than Dilithium. We provide a portable, constanttime reference implementation together with an optimized implementation using AVX2 instructions and an implementation with reduced stack size for the Cortex-M4. Moreover, we describe how to efficiently protect HAETAE against implementation attacks such as side-channel analysis, making it an attractive candidate for use in IoT and other embedded systems.
2
Linh, Võ Đình. "Xây dựng lược đồ chữ ký số an toàn từ các lược đồ định danh". Journal of Science and Technology on Information security 8, n.º 2 (9 de abril de 2020): 27–33. http://dx.doi.org/10.54654/isj.v8i2.30.
Texto completo da fonteResumo:
Tóm tắt— Trong tài liệu [3], khi trình bày về phương pháp xây dựng lược đồ chữ ký số dựa trên các lược đồ định danh chính tắc nhờ phép biến đổi Fiat-Shamir, tác giả đã chỉ ra “điều kiện đủ” để nhận được một lược đồ chữ ký số an toàn dưới tấn công sử dụng thông điệp được lựa chọn thích nghi là lược đồ định danh chính tắc phải an toàn dưới tấn công bị động. Tuy nhiên, tác giả của [3] chưa chỉ ra “điều kiện cần” đối với các lược đồ định danh chính tắc nhằm đảm bảo tính an toàn cho lược đồ chữ ký số được xây dựng. Do đó, trong bài báo này, chúng tôi hoàn thiện kết quả của [3] bằng việc chỉ ra điều kiện đủ đó cũng chính là điều kiện cần.Abstract— In [3], the author shows that, in order to the digital signature scheme Π' resulting from the Fiat-Shamir transform applied to a canonical identification scheme Π is existentially unforgeable under chosen-message attack then a “sufficient” condition is that the scheme Π has to be secure against a passive attack. However, the author of [3] has not shown the “necessary” conditions for the canonical identification schemes to ensure security of the digital signature scheme Π'. In this paper, we complete this result by showing that sufficient condition is also necessary.
3
Brier, Éric, Houda Ferradi, Marc Joye e David Naccache. "New number-theoretic cryptographic primitives". Journal of Mathematical Cryptology 14, n.º 1 (1 de agosto de 2020): 224–35. http://dx.doi.org/10.1515/jmc-2019-0035.
Texto completo da fonteResumo:
AbstractThis paper introduces new prq-based one-way functions and companion signature schemes. The new signature schemes are interesting because they do not belong to the two common design blueprints, which are the inversion of a trapdoor permutation and the Fiat–Shamir transform. In the basic signature scheme, the signer generates multiple RSA-like moduli ni = pi2qi and keeps their factors secret. The signature is a bounded-size prime whose Jacobi symbols with respect to the ni’s match the message digest. The generalized signature schemes replace the Jacobi symbol with higher-power residue symbols. Given of their very unique design, the proposed signature schemes seem to be overlooked “missing species” in the corpus of known signature algorithms.
4
Ye, Qing, Yongkang Lang, Zongqu Zhao, Qingqing Chen e Yongli Tang. "Efficient Lattice-Based Ring Signature Scheme without Trapdoors for Machine Learning". Computational Intelligence and Neuroscience 2022 (19 de setembro de 2022): 1–13. http://dx.doi.org/10.1155/2022/6547464.
Texto completo da fonteResumo:
Machine learning (ML) and privacy protection are inseparable. On the one hand, ML can be the target of privacy protection; on the other hand, it can also be used as an attack tool for privacy protection. Ring signature (RS) is an effective way for privacy protection in cryptography. In particular, lattice-based RS can still protect the privacy of users even in the presence of quantum computers. However, most current lattice-based RS schemes are based on a strong trapdoor like hash-and-sign, and in such constructions, there is a hidden algebraic structure, that is, added to lattice so that the trapdoor shape is not leaked, which greatly affects the computational efficiency of RS. In this study, utilizing Lyubashevsky collision-resistant hash function over lattice, we construct an RS scheme without trapdoors based on ideal lattice via Fiat‒Shamir with aborts (FSwA) protocol. Regarding security, the proposed scheme satisfies unconditional anonymity against chosen setting attacks (UA-CSA), which is stronger than anonymity against full key exposure (anonymity-FKE), and moreover, our scheme satisfies unforgeability with respect to insider corruption (EU-IC). Regarding computational overhead, compared with other RS schemes that satisfy the same degree of security, our scheme has the highest computational efficiency, the signing and verification time costs of the proposed scheme are obviously better than those of other lattice-based RS schemes without trapdoors, which is more suitable for ML scenarios.
5
Bellare, M., e S. Shoup. "Two-tier signatures from the Fiat–Shamir transform, with applications to strongly unforgeable and one-time signatures". IET Information Security 2, n.º 2 (2008): 47. http://dx.doi.org/10.1049/iet-ifs:20070089.
Texto completo da fonte
6
Bellini, Emanuele, Chiara Marcolla e Nadir Murru. "An Application of p-Fibonacci Error-Correcting Codes to Cryptography". Mathematics 9, n.º 7 (6 de abril de 2021): 789. http://dx.doi.org/10.3390/math9070789.
Texto completo da fonteResumo:
In addition to their usefulness in proving one’s identity electronically, identification protocols based on zero-knowledge proofs allow designing secure cryptographic signature schemes by means of the Fiat–Shamir transform or other similar constructs. This approach has been followed by many cryptographers during the NIST (National Institute of Standards and Technology) standardization process for quantum-resistant signature schemes. NIST candidates include solutions in different settings, such as lattices and multivariate and multiparty computation. While error-correcting codes may also be used, they do not provide very practical parameters, with a few exceptions. In this manuscript, we explored the possibility of using the error-correcting codes proposed by Stakhov in 2006 to design an identification protocol based on zero-knowledge proofs. We showed that this type of code offers a valid alternative in the error-correcting code setting to build such protocols and, consequently, quantum-resistant signature schemes.
7
Abdalla, Michel, Jee Hea An, Mihir Bellare e Chanathip Namprempre. "From Identification to Signatures Via the Fiat–Shamir Transform: Necessary and Sufficient Conditions for Security and Forward-Security". IEEE Transactions on Information Theory 54, n.º 8 (agosto de 2008): 3631–46. http://dx.doi.org/10.1109/tit.2008.926303.
Texto completo da fonte
8
Zheng, Zhongxiang, Anyu Wang e Lingyue Qin. "Rejection Sampling Revisit: How to Choose Parameters in Lattice-Based Signature". Mathematical Problems in Engineering 2021 (7 de junho de 2021): 1–12. http://dx.doi.org/10.1155/2021/9948618.
Texto completo da fonteResumo:
Rejection sampling technology is a core tool in the design of lattice-based signatures with ‘Fiat–Shamir with Aborts’ structure, and it is related to signing efficiency and signature, size as well as security. In the rejection sampling theorem proposed by Lyubashevsky, the masking vector of rejection sampling is chosen from discrete Gaussian distribution. However, in practical designs, the masking vector is more likely to be chosen from bounded uniform distribution due to better efficiency and simpler implementation. Besides, as one of the third-round candidate signatures in the NIST postquantum cryptography standardization process, the 3rd round version of CRYSTALS-Dilithium has proposed a new method to decrease the rejection probability in order to achieve better efficiency and smaller signature size by decreasing the number of nonzero coefficients of the challenge polynomial according to the security levels. However, it is seen that small entropies in this new method may lead to higher risk of forgery attack compared with former schemes proposed in its 2nd version. Thus, in this paper, we first analyze the complexity of forgery attack for small entropies and then introduce a new method to decrease the rejection probability without loss of security including the security against forgery attack. This method is achieved by introducing a new rejection sampling theorem with tighter bound by utilizing Rényi divergence where masking vector follows uniform distribution. By observing large gaps between the security claim and actual security bound in CRYSTALS-Dilithium, we propose two series of adapted parameters for CRYSTALS-Dilithium. The first set can improve the efficiency of the signing process in CRYSTALS-Dilithium by factors of 61.7 % and 41.7 % , according to the security levels, and ensure the security against known attacks, including forgery attack. And, the second set can reduce the signature size by a factor of 14.09 % with small improvements in efficiency at the same security level.
9
Lee, Youngkyung, Dong Hoon Lee e Jong Hwan Park. "Revisiting NIZK-Based Technique for Chosen-Ciphertext Security: Security Analysis and Corrected Proofs". Applied Sciences 11, n.º 8 (8 de abril de 2021): 3367. http://dx.doi.org/10.3390/app11083367.
Texto completo da fonteResumo:
Non-interactive zero-knowledge (NIZK) proofs for chosen-ciphertext security are generally considered to give an impractical construction. An interesting recent work by Seo, Abdalla, Lee, and Park (Information Sciences, July 2019) proposed an efficient semi-generic conversion method for achieving chosen-ciphertext security based on NIZK proofs in the random oracle model. The recent work by Seo et al. demonstrated that the semi-generic conversion method transforms a one-way (OW)-secure key encapsulation mechanism (KEM) into a chosen-ciphertext secure KEM while preserving tight security reduction. This paper shows that the security analysis of the semi-generic conversion method has a flaw, which comes from the OW security condition of the underlying KEM. Without changing the conversion method, this paper presents a revised security proof under the changed conditions that (1) the underlying KEM must be chosen-plaintext secure in terms of indistinguishability and (2) an NIZK proof derived from the underlying KEM via the Fiat–Shamir transform must have the properties of zero-knowledge and simulation soundness. This work extended the security proof strategy to the case of identity-based KEM (IBKEM) and also revise the security proof for IBKEM of previous method by Seo et al. Finally, this work gives a corrected security proof by applying the new proofs to several existing (IB)KEMs.
10
Ulitzsch, Vincent Quentin, Soundes Marzougui, Alexis Bagia, Mehdi Tibouchi e Jean-Pierre Seifert. "Loop Aborts Strike Back: Defeating Fault Countermeasures in Lattice Signatures with ILP". IACR Transactions on Cryptographic Hardware and Embedded Systems, 31 de agosto de 2023, 367–92. http://dx.doi.org/10.46586/tches.v2023.i4.367-392.
Texto completo da fonteResumo:
At SAC 2016, Espitau et al. presented a loop-abort fault attack against lattice-based signature schemes following the Fiat–Shamir with aborts paradigm. Their attack recovered the signing key by injecting faults in the sampling of the commitment vector (also called masking vector) y, leaving its coefficients at their initial zero value. As possible countermeasures, they proposed to carry out the sampling of the coefficients of y in shuffled order, or to ensure that the masking polynomials in y are not of low degree. In this paper, we show that both of these countermeasures are insufficient. We demonstrate a new loop-abort fault injection attack against Fiat–Shamir with aborts lattice-based signatures that can recover the secret key from faulty signatures even when the proposed countermeasures are implemented. The key idea of our attack is that faulted signatures give rise to a noisy linear system of equations, which can be solved using integer linear programming. We present an integer linear program that recovers the secret key efficiently in practice, and validate the efficacy of our attack by conducting a practical end-to-end attack against a shuffled version of the Dilithium reference implementation, mounted on an ARM Cortex M4. We achieve a full (equivalent) key recovery in under 3 minutes total execution time (including signature generation), using only 5 faulted signatures. In addition, we conduct extensive theoretical simulations of the attack against Dilithium. We find that our method can achieve key recovery in under 5 minutes given a (sufficiently large) set of signatures where just one of the coefficients of y is zeroed out (or left at its initial value of zero). Furthermore, we find that our attack works against all security levels of Dilithium. Our attack shows that protecting Fiat–Shamir with aborts lattice-based signatures against fault injection attacks cannot be achieved using the simple countermeasures proposed by Espitau et al. and likely requires significantly more expensive countermeasures.
11
Zhang, Pingyuan, Han Jiang, Zhihua Zheng, Hao Wang e Qiuliang Xu. "A New and Efficient Lattice-Based Online/Offline Signature From Perspective of Abort". Computer Journal, 31 de maio de 2021. http://dx.doi.org/10.1093/comjnl/bxab074.
Texto completo da fonteResumo:
Abstract Lattice-based online/offline signature is attractive for the merit of resisting quantum attacks besides the short online response time. Prior to this work, the hash-sign-switch paradigm lattice-based online/offline signatures usually increase the length of each signature, and the Fiat–Shamir candidates are highly inefficient due to multiple aborts in online signing phase. In this work we mainly address its efficient issue and propose a new paradigm of its construction in the perspective of abort. In this paradigm, one tries to remove one or more aborts from online to offline signing phase by $\Gamma $-transformation. Specifically, this work proposes an efficient lattice-based online/offline signature scheme with fewer online aborts and thus allows the signer to obtain a valid signature by fewer online repetitions. Through this way, the resulting scheme can reduce much online signing time with the same signature size. The performance evaluation shows that our scheme is efficient and practical.
12
Chaudhary, Dharminder, M. S. P. Durgarao, Dheerendra Mishra e Saru Kumari. "A module lattice based construction of post quantum secure blockchain architecture". Transactions on Emerging Telecommunications Technologies, 12 de setembro de 2023. http://dx.doi.org/10.1002/ett.4855.
Texto completo da fonteResumo:
AbstractThe Fiat–Shamir with Aborts paradigm of Lyubashevsky introduced efficient lattice based signatures. A lattice‐based signature is used to design post quantum secure blockchain architecture. But, a blockchain is always consisting of multiple nodes, and then we need an efficient aggregate signature to verify nodes in one‐step. We have designed a blockchain using module lattices. Blockchain security relies upon two assumptions, (1) module learning with errors and (2) module short integer solution. The proposed design ensures security against quantum attacks. The design is simulated in ns‐3 to capture latency and throughput, respectively.
13
Chen, Yi-Hsiu, e Yehuda Lindell. "Optimizing and Implementing Fischlin's Transform for UC-Secure Zero Knowledge". IACR Communications in Cryptology, 8 de julho de 2024. http://dx.doi.org/10.62056/a66chey6b.
Texto completo da fonteResumo:
Fischlin's transform (CRYPTO 2005) is an alternative to the Fiat-Shamir transform that enables straight-line extraction when proving knowledge. In this work we focus on the problem of using the Fischlin transform to construct UC-secure zero-knowledge from Sigma protocols, since UC security – that guarantees security under general concurrent composition – requires straight-line (non-rewinding) simulators. We provide a slightly simplified transform that is much easier to understand, and present algorithmic and implementation optimizations that significantly improve the running time. It appears that the main obstacles to the use of Fischlin in practice is its computational cost and implementation complexity (with multiple parameters that need to be chosen). We provide clear guidelines and a simple methodology for choosing parameters, and show that with our optimizations the running-time is far lower than expected. For just one example, on a 2023 MacBook, the cost of proving the knowledge of discrete log with Fischlin is only 0.41ms (on a single core). This is 15 times slower than plain Fiat-Shamir on the same machine, which is a significant multiple but objectively not significant in many applications. We also extend the transform so that it can be applied to batch proofs, and show how this can be much more efficient than individually proving each statement. We hope that this paper will both encourage and help practitioners implement the Fischlin transform where relevant.
14
Fesenko, Andrii, e Yuliia Lytvynenko. "Cryptanalysis of the «Vershyna» digital signature algorithm". Theoretical and Applied Cybersecurity 5, n.º 2 (6 de novembro de 2023). http://dx.doi.org/10.20535/tacs.2664-29132023.2.288499.
Texto completo da fonteResumo:
The CRYSTALS-Dilithium digital signature algorithm, which was selected as the prototype of the new «Vershyna» digital signature algorithm, is analyzed in this paper. The characteristics of the National Digital Signature Standard Project and the construction of the «Vershyna» algorithm are also presented. During the analysis of the project, the predicted number of iterations that the algorithm must perform to create the correct signature was calculated. In addition, basic theoretical information about the structure of Fiat-Shamir with aborts and its security in quantum and classical models oracle models is also provided. We obtain our own results on the resistance of the «Vershyna» algorithm to the attack without the use of a message in classical and quantum oracle models. The resistance of the «Vershyna» algorithm to a key recovery attack is based on the assumption of the hardness of the MLWE~problem, and the resistance to existential signature forgery is based on the assumption of the hardness of the MSIS~problem. In this work, the expected level of hardness of SIS~and LWE~problems is calculated, to which there are reductions from MSIS~and MLWE~problems.
15
Boudgoust, Katharina, e Adeline Roux-Langlois. "Overfull: Too Large Aggregate Signatures Based on Lattices". Computer Journal, 17 de março de 2023. http://dx.doi.org/10.1093/comjnl/bxad013.
Texto completo da fonteResumo:
AbstractThe Fiat-Shamir with Aborts paradigm of Lyubashevsky has given rise to efficient lattice-based signature schemes. One popular implementation is Dilithium, which has been selected for standardization by the US National Institute of Standards and Technology (NIST). Informally, it can be seen as a lattice analog of the well-known discrete-logarithm-based Schnorr signature. An interesting research question is whether it is possible to combine several unrelated signatures, issued from different signing parties on different messages, into one single aggregated signature. Of course, its size should be significantly smaller than the trivial concatenation of all signatures. Ideally, the aggregation can be done offline by a third party, called public aggregation. Previous works have shown that it is possible to half-aggregate Schnorr signatures, but it was left open if the underlying techniques can be adapted to the lattice setting. In this work, we show that, indeed, we can use similar strategies to obtain a signature scheme allowing for public aggregation whose hardness is proven assuming the intractability of well-studied problems on module lattices. Unfortunately, our scheme produces aggregated signatures that are larger than the trivial solution of concatenating. This is due to peculiarities that seem inherent to lattice-based cryptography. Its motivation is thus mainly pedagogical.
16
Jurkiewicz, Mariusz. "Quantum-Resistant Forward-Secure Digital Signature Scheme Based on q-ary Lattices". Journal of Telecommunications and Information Technology, 10 de junho de 2024, 90–103. http://dx.doi.org/10.26636/jtit.2024.2.1581.
Texto completo da fonteResumo:
In this paper, we design and consider a new digital signature scheme with an evolving secret key, using random q-ary lattices as its domain. It is proved that, in addition to offering classic eu-cma security, the scheme is existentially forward unforgeable under an adaptive chosen message attack (fu-cma). We also prove that the secret keys are updated without revealing anything about any of the keys from the prior periods. Therefore, we design a polynomial-time reduction and use it to show that the ability to create a forgery leads to a feasible method of solving the well-known small integer solution (SIS) problem. Since the security of the scheme is based on computational hardness of a SIS problem, it turns out to be resistant to both classic and quantum methods. In addition, the scheme is based on the "Fiat-Shamir with aborts" approach that foils a transcript attack. As for the key-updating mechanism, it is based on selected properties of binary trees, with the number of leaves being the same as the number of time periods in the scheme. Forward security is gained under the assumption that one out of two hash functions is modeled as a random oracle.
17
SHEİKHİ GARJAN, Maryam, N. Gamze ORHON KILIÇ e Murat CENK. "Supersingular Isogeny-based Ring Signature". International Journal of Information Security Science, 29 de janeiro de 2023. http://dx.doi.org/10.55859/ijiss.1187756.
Texto completo da fonteResumo:
The increasing demand for secure and anonymous transactions raises the popularity of ring signatures, which is a digital signature scheme that allows identifying a group of possible signers without revealing the identity of the actual signer. This paper presents efficient supersingular isogeny-based ring signature and linkable ring signature schemes that will find potential applications in post-quantum technologies. We develop the ring signature scheme by applying the Fiat-Shamir transform on the sigma protocol for a ring which we obtain from the supersingular isogeny-based interactive zero-knowledge identification scheme by adopting the scheme for a ring. We also extend our ring signature protocol with an additional parameter, i.e., a tag that provides to detect if a signer issues two signatures concerning the same ring by preserving anonymity and linkable anonymity. The signature size of our ring signature protocols increases logarithmically in the size of the ring thanks to the Merkle trees. We show the security proofs and efficiency analyses of the protocols offered. Moreover, we provide the implementation results of the supersingular isogeny-based ring signature, which offers small signature sizes for NIST post-quantum security levels.