The Community for Technology Leaders
48th Annual IEEE Symposium on Foundations of Computer Science (FOCS'07) (2007)
Providence, Rhode Island
Oct. 21, 2007 to Oct. 23, 2007
ISSN: 0272-5428
ISBN: 0-7695-3010-9
pp: 680-688
ABSTRACT
<p>We show that every black-box construction of one-time signature schemes from a random oracle achieves security at most poly(q)2^q, where q is the total number of queries to the oracle by the generation, signing, and verification algorithms. That is, any such scheme can be broken with probability close to 1 by a (computationally unbounded) adversary making poly(q)2^q queries to the oracle. This is tight up to a constant factor in the number of queries, since a simple modification of Lamport?s scheme achieves 2^{(0.812 - o(1))q} security using q queries.</p><p> Our results extend (with a loss of a constant factor in the number of queries) also to the random permutation and idealcipher oracles, and so can be taken as evidence of an inherent efficiency gap between signature schemes and symmetric primitives such as block ciphers, hash functions, and message authentication codes.</p>
INDEX TERMS
null
CITATION

B. Barak and M. Mahmoody-Ghidary, "Lower Bounds on Signatures From Symmetric Primitives," 48th Annual IEEE Symposium on Foundations of Computer Science (FOCS'07)(FOCS), Providence, Rhode Island, 2007, pp. 680-688.
doi:10.1109/FOCS.2007.71
91 ms
(Ver 3.3 (11022016))