You are looking at a specific version 20210327:071819 of this paper. See the latest version.

Paper 2021/404

Chain Reductions for Multi-Signatures

Mihir Bellare and Wei Dai

Abstract

Current proofs of current multi-signature schemes yield bounds on adversary advantage that are loose, failing to match the indications of cryptanalysis, and failing to justify security of implementations of the schemes in the 256-bit groups that are the choice of practioners. We bridge this gap via proofs in the Algebraic Group Model (AGM). For classical 3-round schemes we give AGM proofs with tight bounds. We then give a new 2-round multi-signature scheme, as efficient as prior ones, for which we prove a tight AGM bound. These results are obtained via a framework in which a reduction is broken into a chain of sub-reductions involving intermediate problems. By giving as many as possible of the sub-reductions tightly in the standard model, we minimize use of the AGM, and also hedge the AGM proofs with standard-model ones from different starting points.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Preprint.
Keywords
Signaturesreduction tightnessAlgebraic Group Model
Contact author(s)
mihir @ eng ucsd edu,weidai @ eng ucsd edu
History
2021-09-16: last of 7 revisions
2021-03-27: received
See all versions
Short URL
https://ia.cr/2021/404
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.