Cryptology ePrint Archive: Report 2014/188

A Second Look at Fischlin's Transformation

÷zgŁr Dagdelen and Daniele Venturi

Abstract: Fischlinís transformation is an alternative to the standard Fiat-Shamir transform to turn a certain class of public key identification schemes into digital signatures (in the random oracle model).

We show that signatures obtained via Fischlinís transformation are existentially unforgeable even in case the adversary is allowed to get arbitrary (yet bounded) information on the entire state of the signer (including the signing key and the random coins used to generate signatures). A similar fact was already known for the Fiat-Shamir transform, however, Fischlinís transformation allows for a significantly higher leakage parameter than Fiat-Shamir.

Moreover, in contrast to signatures obtained via Fiat-Shamir, signatures obtained via Fischlin enjoy a tight reduction to the underlying hard problem. We use this observation to show (via simulations) that Fischlinís transformation, usually considered less efficient, outperforms the Fiat-Shamir transform in verification time for a reasonable choice of parameters. In terms of signing Fiat-Shamir is faster for equal signature sizes. Nonetheless, our experiments show that the signing time of Fischlinís transformation becomes, e.g., 22% of the one via Fiat-Shamir if one allows the signature size to be doubled.

Category / Keywords: public-key cryptography / Fischlinís transformation, leakage, tightness, random oracle

Original Publication (in the same form): Africacrypt 2014

Date: received 11 Mar 2014

Contact author: oezguer dagdelen at cased de

Available format(s): PDF | BibTeX Citation

Version: 20140312:183617 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]