Paper 2016/1039

A Fiat-Shamir Implementation Note

Simon Cogliani, Rémi Géraud, and David Naccache

Abstract

In the Micali-Shamir paper improving the efficiency of the original Fiat-Shamir protocol, the authors state that "(...) not all of the vi's will be quadratic residues mod n. We overcome this technical difficulty with an appropriate perturbation technique (...)" This perturbation technique is made more explicit in the associated patent application: "Each entity is allowed to modify the standard which are QNRs. A particularly simple way to achieve this is to pick a modulus where and , since then exactly one of is a QR mod for any . The appropriate variant of each can be (...) deduced by the verifier himself during the verification of given signatures." In this short note we clarify the way in which the verifier can infer by himself the appropriate variant of each during verification.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Preprint. MINOR revision.
Keywords
fiat-shamirarithmetics
Contact author(s)
remi geraud @ ens fr
History
2016-11-03: received
Short URL
https://ia.cr/2016/1039
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2016/1039,
      author = {Simon Cogliani and Rémi Géraud and David Naccache},
      title = {A Fiat-Shamir Implementation Note},
      howpublished = {Cryptology {ePrint} Archive, Paper 2016/1039},
      year = {2016},
      url = {https://eprint.iacr.org/2016/1039}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.