Article

On the (In)security of the Fiat-Shamir Paradigm

Authors:

Shafi Goldwasser,

Yael Tauman KalaiAuthors Info & Claims

FOCS '03: Proceedings of the 44th Annual IEEE Symposium on Foundations of Computer Science

Page 102

Published: 11 October 2003 Publication History

Publisher Site

Abstract

In 1986, Fiat and Shamir proposed a general method for transforming secure 3-round public-coin identification schemes into digital signature schemes. The idea of the transformation was to replace the random message of the veri.er in the identification scheme, with the value of some deterministic"hash" function evaluated on various quantities in the protocol and on the message to be signed.The Fiat-Shamir methodology for producing digital signature schemes quickly gained popularity as it yields efficient and easy to implement digital signature schemes. The most important question however remained open: are the digital signatures produced by the Fiat-Shamir methodology secure__ __In this paper, we answer this question negatively. We show that there exist secure 3-round public-coin identification schemes for which the Fiat-Shamir transformation yields insecure digital signature schemes for any "hash" function used by the transformation. This is in contrast to the work of Pointcheval and Stern which proved that the Fiat-Shamir methodology always produces digital signatures secure against chosen message attack in the "Random Oracle Model" when the hash function is modelled by a random oracle.Among other things, we make new usage of Barak's technique for taking advantage of non black-box access to a program, this time in the context of digital signatures.

Cited By

View all

Komargodski INaor MYogev E(2019)White-Box vs. Black-Box Complexity of Search ProblemsJournal of the ACM10.1145/334110666:5(1-28)Online publication date: 23-Jul-2019
https://dl.acm.org/doi/10.1145/3341106
Canetti RChen YHolmgren JLombardi ARothblum GRothblum RWichs DCharikar MCohen E(2019)Fiat-Shamir: from practice to theoryProceedings of the 51st Annual ACM SIGACT Symposium on Theory of Computing10.1145/3313276.3316380(1082-1090)Online publication date: 23-Jun-2019
https://dl.acm.org/doi/10.1145/3313276.3316380
Abe MCamenisch JDowsley RDubovitskaya M(2019)On the Impossibility of Structure-Preserving Deterministic PrimitivesJournal of Cryptology10.1007/s00145-018-9292-132:1(239-264)Online publication date: 1-Jan-2019
https://dl.acm.org/doi/10.1007/s00145-018-9292-1
Show More Cited By

Index Terms

On the (In)security of the Fiat-Shamir Paradigm

Recommendations

Fiat-Shamir: from practice to theory
STOC 2019: Proceedings of the 51st Annual ACM SIGACT Symposium on Theory of Computing

We give new instantiations of the Fiat-Shamir transform using explicit, efficiently computable hash functions. We improve over prior work by reducing the security of these protocols to qualitatively simpler and weaker computational hardness assumptions. ...
Attacks on the fiat-shamir paradigm and program obfuscation
Attribute-based signatures without pairings via the fiat-shamir paradigm
ASIAPKC '14: Proceedings of the 2nd ACM workshop on ASIA public-key cryptography

We propose the first practical attribute-based signature (ABS) scheme with attribute privacy without pairings in the random oracle model. Our strategy is in the Fiat-Shamir paradigm; we first provide a generic construction of a boolean proof system of ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

FOCS '03: Proceedings of the 44th Annual IEEE Symposium on Foundations of Computer Science

October 2003

ISBN:0769520405

Publisher

IEEE Computer Society

United States

Publication History

Published: 11 October 2003

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

80
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 19 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Komargodski INaor MYogev E(2019)White-Box vs. Black-Box Complexity of Search ProblemsJournal of the ACM10.1145/334110666:5(1-28)Online publication date: 23-Jul-2019
https://dl.acm.org/doi/10.1145/3341106
Canetti RChen YHolmgren JLombardi ARothblum GRothblum RWichs DCharikar MCohen E(2019)Fiat-Shamir: from practice to theoryProceedings of the 51st Annual ACM SIGACT Symposium on Theory of Computing10.1145/3313276.3316380(1082-1090)Online publication date: 23-Jun-2019
https://dl.acm.org/doi/10.1145/3313276.3316380
Abe MCamenisch JDowsley RDubovitskaya M(2019)On the Impossibility of Structure-Preserving Deterministic PrimitivesJournal of Cryptology10.1007/s00145-018-9292-132:1(239-264)Online publication date: 1-Jan-2019
https://dl.acm.org/doi/10.1007/s00145-018-9292-1
Haitner IOmri EZarosim H(2016)Limits on the Usefulness of Random OraclesJournal of Cryptology10.1007/s00145-014-9194-929:2(283-335)Online publication date: 1-Apr-2016
https://dl.acm.org/doi/10.1007/s00145-014-9194-9
Fauzi PLipmaa HZając M(2016)A Shuffle Argument Secure in the Generic ModelProceedings, Part II, of the 22nd International Conference on Advances in Cryptology --- ASIACRYPT 2016 - Volume 1003210.1007/978-3-662-53890-6_28(841-872)Online publication date: 4-Dec-2016
https://dl.acm.org/doi/10.1007/978-3-662-53890-6_28
Bellare MPoettering BStebila D(2016)From Identification to Signatures, TightlyProceedings, Part II, of the 22nd International Conference on Advances in Cryptology --- ASIACRYPT 2016 - Volume 1003210.1007/978-3-662-53890-6_15(435-464)Online publication date: 4-Dec-2016
https://dl.acm.org/doi/10.1007/978-3-662-53890-6_15
Ben-Sasson EChiesa ASpooner N(2016)Interactive Oracle ProofsProceedings, Part II, of the 14th International Conference on Theory of Cryptography - Volume 998610.1007/978-3-662-53644-5_2(31-60)Online publication date: 31-Oct-2016
https://dl.acm.org/doi/10.1007/978-3-662-53644-5_2
Goldwasser STauman Kalai Y(2016)Cryptographic AssumptionsProceedings, Part I, of the 13th International Conference on Theory of Cryptography - Volume 956210.1007/978-3-662-49096-9_21(505-522)Online publication date: 10-Jan-2016
https://dl.acm.org/doi/10.1007/978-3-662-49096-9_21
Green MKatz JMalozemoff AZhou H(2016)A Unified Approach to Idealized Model Separations via Indistinguishability ObfuscationProceedings of the 10th International Conference on Security and Cryptography for Networks - Volume 984110.1007/978-3-319-44618-9_31(587-603)Online publication date: 31-Aug-2016
https://dl.acm.org/doi/10.1007/978-3-319-44618-9_31
Mittelbach AVenturi D(2016)Fiat---Shamir for Highly Sound Protocols Is InstantiableProceedings of the 10th International Conference on Security and Cryptography for Networks - Volume 984110.1007/978-3-319-44618-9_11(198-215)Online publication date: 31-Aug-2016
https://dl.acm.org/doi/10.1007/978-3-319-44618-9_11
Show More Cited By

Abstract

Cited By

Index Terms

Recommendations

Fiat-Shamir: from practice to theory

Attacks on the fiat-shamir paradigm and program obfuscation

Attribute-based signatures without pairings via the fiat-shamir paradigm

Comments

Information

Published In

Publisher

Publication History

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Share

Share this Publication link

Share on social media

Affiliations