Our results are not only relevant for established schemes: for example, the ongoing NIST PQC competition towards standardizing post-quantum signature schemes has six finalists in its third round. We perform an in-depth analysis of the candidates with respect to their security properties beyond unforgeability. We show that many of them do not yet offer these stronger guarantees, which implies that the security guarantees of these post-quantum schemes are not strictly stronger than, but instead incomparable to, classical signature schemes. We show how applying our transformation would efficiently solve this, paving the way for the standardized schemes to provide these additional guarantees and thereby making them harder to misuse.
Category / Keywords: public-key cryptography / Digital signature scheme, exclusive ownership, DSKS attack, non re-signability, message-bound signatures, NIST PQC candidates Original Publication (with major differences): IEEE Symposium on Security and Privacy (S&P 2021) Date: received 4 Dec 2020, last revised 27 Apr 2021 Contact author: cremers at cispa de Available format(s): PDF | BibTeX Citation Version: 20210427:130432 (All versions of this report) Short URL: ia.cr/2020/1525