Paper 2014/188
A Second Look at Fischlin's Transformation
Özgür Dagdelen and Daniele Venturi
Abstract
Fischlin’s transformation is an alternative to the standard Fiat-Shamir transform to turn a certain class of public key identification schemes into digital signatures (in the random oracle model). We show that signatures obtained via Fischlin’s transformation are existentially unforgeable even in case the adversary is allowed to get arbitrary (yet bounded) information on the entire state of the signer (including the signing key and the random coins used to generate signatures). A similar fact was already known for the Fiat-Shamir transform, however, Fischlin’s transformation allows for a significantly higher leakage parameter than Fiat-Shamir. Moreover, in contrast to signatures obtained via Fiat-Shamir, signatures obtained via Fischlin enjoy a tight reduction to the underlying hard problem. We use this observation to show (via simulations) that Fischlin’s transformation, usually considered less efficient, outperforms the Fiat-Shamir transform in verification time for a reasonable choice of parameters. In terms of signing Fiat-Shamir is faster for equal signature sizes. Nonetheless, our experiments show that the signing time of Fischlin’s transformation becomes, e.g., 22% of the one via Fiat-Shamir if one allows the signature size to be doubled.
Metadata
- Available format(s)
-
PDF
- Category
- Public-key cryptography
- Publication info
- Published elsewhere. Africacrypt 2014
- Keywords
- Fischlin’s transformationleakagetightnessrandom oracle
- Contact author(s)
- oezguer dagdelen @ cased de
- History
- 2014-03-12: received
- Short URL
- https://ia.cr/2014/188
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2014/188,
author = {Özgür Dagdelen and Daniele Venturi},
title = {A Second Look at Fischlin's Transformation},
howpublished = {Cryptology {ePrint} Archive, Paper 2014/188},
year = {2014},
url = {https://eprint.iacr.org/2014/188}
}
