Paper 2014/188

A Second Look at Fischlin's Transformation

Özgür Dagdelen and Daniele Venturi

Abstract

Fischlin’s transformation is an alternative to the standard Fiat-Shamir transform to turn a certain class of public key identification schemes into digital signatures (in the random oracle model). We show that signatures obtained via Fischlin’s transformation are existentially unforgeable even in case the adversary is allowed to get arbitrary (yet bounded) information on the entire state of the signer (including the signing key and the random coins used to generate signatures). A similar fact was already known for the Fiat-Shamir transform, however, Fischlin’s transformation allows for a significantly higher leakage parameter than Fiat-Shamir. Moreover, in contrast to signatures obtained via Fiat-Shamir, signatures obtained via Fischlin enjoy a tight reduction to the underlying hard problem. We use this observation to show (via simulations) that Fischlin’s transformation, usually considered less efficient, outperforms the Fiat-Shamir transform in verification time for a reasonable choice of parameters. In terms of signing Fiat-Shamir is faster for equal signature sizes. Nonetheless, our experiments show that the signing time of Fischlin’s transformation becomes, e.g., 22% of the one via Fiat-Shamir if one allows the signature size to be doubled.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Published elsewhere. Africacrypt 2014
Keywords
Fischlin’s transformationleakagetightnessrandom oracle
Contact author(s)
oezguer dagdelen @ cased de
History
2014-03-12: received
Short URL
https://ia.cr/2014/188
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2014/188,
      author = {Özgür Dagdelen and Daniele Venturi},
      title = {A Second Look at Fischlin's Transformation},
      howpublished = {Cryptology {ePrint} Archive, Paper 2014/188},
      year = {2014},
      url = {https://eprint.iacr.org/2014/188}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.