A detailed analysis of Fiat-Shamir with aborts
J Devevey, P Fallahpour, A Passelègue… - Annual International …, 2023 - Springer
Lyubashevky's signatures are based on the Fiat-Shamir with Aborts paradigm. It transforms
an interactive identification protocol that has a non-negligible probability of aborting into a …
an interactive identification protocol that has a non-negligible probability of aborting into a …
Online-extractability in the quantum random-oracle model
We show the following generic result: When a quantum query algorithm in the quantum
random-oracle model outputs a classical value t that is promised to be in some tight relation …
random-oracle model outputs a classical value t that is promised to be in some tight relation …
Haetae: Shorter lattice-based fiat-shamir signatures
We present HAETAE (Hyperball bimodAl modulE rejecTion signAture schemE), a new lattice-
based signature scheme. Like the NIST-selected Dilithium signature scheme, HAETAE is …
based signature scheme. Like the NIST-selected Dilithium signature scheme, HAETAE is …
Shorter signatures based on tailor-made minimalist symmetric-key crypto
Signature schemes based on the MPC-in-the-head approach (MPCitH) have either been
designed by taking a proof system and selecting a suitable symmetric-key primitive (Picnic …
designed by taking a proof system and selecting a suitable symmetric-key primitive (Picnic …
Post-quantum security of the Even-Mansour cipher
Abstract The Even-Mansour cipher is a simple method for constructing a (keyed)
pseudorandom permutation E from a public random permutation P:{0, 1} n→{0, 1} n. It is …
pseudorandom permutation E from a public random permutation P:{0, 1} n→{0, 1} n. It is …
On the (in) security of the BUFF transform
The BUFF transform is a generic transformation for digital signature schemes, with the
purpose of obtaining additional security properties beyond standard unforgeability, eg …
purpose of obtaining additional security properties beyond standard unforgeability, eg …
Probabilistic hash-and-sign with retry in the quantum random oracle model
H Kosuge, K Xagawa - IACR International Conference on Public-Key …, 2024 - Springer
A hash-and-sign signature based on a preimage-sampleable function (Gentry et al., STOC
2008) is secure in the quantum random oracle model if the preimage-sampleable function is …
2008) is secure in the quantum random oracle model if the preimage-sampleable function is …
Cutting the grass: threshold group action signature schemes
M Battagliola, G Borin, A Meneghetti… - Cryptographers' Track at …, 2024 - Springer
Group actions are fundamental mathematical tools, with a long history of use in
cryptography. Indeed, the action of finite groups at the basis of the discrete logarithm …
cryptography. Indeed, the action of finite groups at the basis of the discrete logarithm …
G+ G: a Fiat-Shamir lattice signature based on convolved Gaussians
J Devevey, A Passelègue, D Stehlé - … on the Theory and Application of …, 2023 - Springer
We describe an adaptation of Schnorr's signature to the lattice setting, which relies on
Gaussian convolution rather than flooding or rejection sampling as previous approaches. It …
Gaussian convolution rather than flooding or rejection sampling as previous approaches. It …
Merkle tree ladder mode: reducing the size impact of NIST PQC signature algorithms in practice
A Fregly, J Harvey, BS Kaliski Jr, S Sheth - Cryptographers' Track at the …, 2023 - Springer
Abstract We introduce the Merkle Tree Ladder (MTL) mode of operation for signature
schemes. MTL mode signs messages using an underlying signature scheme in such a way …
schemes. MTL mode signs messages using an underlying signature scheme in such a way …