{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,26]],"date-time":"2025-03-26T16:26:05Z","timestamp":1743006365647,"version":"3.40.3"},"publisher-location":"Cham","reference-count":40,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319233178"},{"type":"electronic","value":"9783319233185"}],"license":[{"start":{"date-parts":[[2015,1,1]],"date-time":"2015-01-01T00:00:00Z","timestamp":1420070400000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015]]},"DOI":"10.1007\/978-3-319-23318-5_1","type":"book-chapter","created":{"date-parts":[[2015,8,26]],"date-time":"2015-08-26T17:50:33Z","timestamp":1440611433000},"page":"3-20","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":6,"title":["Black-Box Separations on Fiat-Shamir-Type Signatures in the Non-Programmable Random Oracle Model"],"prefix":"10.1007","author":[{"given":"Masayuki","family":"Fukumitsu","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Shingo","family":"Hasegawa","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2015,8,27]]},"reference":[{"issue":"8","key":"1_CR1","doi-asserted-by":"publisher","first-page":"3631","DOI":"10.1109\/TIT.2008.926303","volume":"54","author":"M Abdalla","year":"2008","unstructured":"Abdalla, M., An, J.H., Bellare, M., Namprempre, C.: From identification to signatures via the Fiat-Shamir transform: necessary and sufficient conditions for security and forward-security. IEEE Trans. Inf. Theory 54(8), 3631\u20133646 (2008). Conference Ver.: Proc. EUROCRYPT 2002, LNCS, vol. 2332, pp. 418\u2013433, 2002","journal-title":"IEEE Trans. Inf. Theory"},{"key":"1_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"628","DOI":"10.1007\/978-3-642-25385-0_34","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2011","author":"M Abe","year":"2011","unstructured":"Abe, M., Groth, J., Ohkubo, M.: Separating short structure-preserving signatures from non-interactive assumptions. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 628\u2013646. Springer, Heidelberg (2011)"},{"key":"1_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"82","DOI":"10.1007\/978-3-642-42045-0_5","volume-title":"Advances in Cryptology - ASIACRYPT 2013","author":"F Baldimtsi","year":"2013","unstructured":"Baldimtsi, F., Lysyanskaya, A.: On the security of one-witness blind signature schemes. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013, Part II. LNCS, vol. 8270, pp. 82\u201399. Springer, Heidelberg (2013)"},{"issue":"3","key":"1_CR4","doi-asserted-by":"publisher","first-page":"185","DOI":"10.1007\/s00145-002-0120-1","volume":"16","author":"M Bellare","year":"2003","unstructured":"Bellare, M., Namprempre, C., Pointcheval, D., Semanko, M.: The one-more-RSA-inversion problems and the security of Chaum\u2019s blind signature scheme. J. Cryptology 16(3), 185\u2013215 (2003). Conference Ver.: Proc. Financial Cryptography 2001, LNCS, vol. 2339, 2002","journal-title":"J. Cryptology"},{"issue":"1","key":"1_CR5","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/s00145-008-9028-8","volume":"22","author":"M Bellare","year":"2009","unstructured":"Bellare, M., Namprempre, C., Neven, G.: Security proofs for identity-based identification and signature schemes. J. Cryptology 22(1), 1\u201361 (2009)","journal-title":"J. Cryptology"},{"key":"1_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"162","DOI":"10.1007\/3-540-45708-9_11","volume-title":"Advances in Cryptology - CRYPTO 2002","author":"M Bellare","year":"2002","unstructured":"Bellare, M., Palacio, A.: GQ and Schnorr identification schemes: proofs of security against impersonation under active and concurrent attacks. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 162\u2013177. Springer, Heidelberg (2002)"},{"key":"1_CR7","doi-asserted-by":"crossref","unstructured":"Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: Proceedings of ACM CCS 1993, Fairfax, Virginia, USA, pp. 62\u201373. ACM Press, New York (1993)","DOI":"10.1145\/168588.168596"},{"key":"1_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"59","DOI":"10.1007\/BFb0054117","volume-title":"Advances in Cryptology - EUROCRYPT 1998","author":"D Boneh","year":"1998","unstructured":"Boneh, D., Venkatesan, R.: Breaking RSA may not be equivalent to factoring. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 59\u201371. Springer, Heidelberg (1998)"},{"key":"1_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"71","DOI":"10.1007\/978-3-540-79263-5_5","volume-title":"Topics in Cryptology \u2013 CT-RSA 2008","author":"E Bresson","year":"2008","unstructured":"Bresson, E., Monnerat, J., Vergnaud, D.: Separation results on the \u201cone-more\u201d computational problems. In: Malkin, T. (ed.) CT-RSA 2008. LNCS, vol. 4964, pp. 71\u201387. Springer, Heidelberg (2008)"},{"key":"1_CR10","unstructured":"Brown, D.R.L.: What hashes make RSA-OAEP secure? Cryptology ePrint Archive, Report 2006\/223 (2006). http:\/\/eprint.iacr.org\/"},{"key":"1_CR11","unstructured":"Camenisch, J., Stadler, M.: Proof systems for general statements about discrete logarithms. Technical report (1997)"},{"key":"1_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"127","DOI":"10.1007\/3-540-39118-5_13","volume-title":"Advances in Cryptology - EUROCRYPT 1987","author":"D Chaum","year":"1988","unstructured":"Chaum, D., Evertse, J.-H., van de Graaf, J.: An improved protocol for demonstrating possession of discrete logarithms and some generalizations. In: Price, W.L., Chaum, D. (eds.) EUROCRYPT 1987. LNCS, vol. 304, pp. 127\u2013141. Springer, Heidelberg (1988)"},{"key":"1_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"274","DOI":"10.1007\/978-3-319-08344-5_18","volume-title":"Information Security and Privacy","author":"Y Chen","year":"2014","unstructured":"Chen, Y., Huang, Q., Zhang, Z.: Sakai-Ohgishi-Kasahara identity-based non-interactive key exchange scheme, revisited. In: Susilo, W., Mu, Y. (eds.) ACISP 2014. LNCS, vol. 8544, pp. 274\u2013289. Springer, Heidelberg (2014)"},{"key":"1_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"272","DOI":"10.1007\/3-540-46035-7_18","volume-title":"Advances in Cryptology - EUROCRYPT 2002","author":"J-S Coron","year":"2002","unstructured":"Coron, J.-S.: Optimal security proofs for PSS and other signature schemes. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 272\u2013287. Springer, Heidelberg (2002)"},{"key":"1_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"62","DOI":"10.1007\/978-3-642-42045-0_4","volume-title":"Advances in Cryptology - ASIACRYPT 2013","author":"\u00d6 Dagdelen","year":"2013","unstructured":"Dagdelen, \u00d6., Fischlin, M., Gagliardoni, T.: The Fiat\u2013Shamir transformation in a quantum world. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013, Part II. LNCS, vol. 8270, pp. 62\u201381. Springer, Heidelberg (2013)"},{"key":"1_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"343","DOI":"10.1007\/978-3-642-10628-6_23","volume-title":"Progress in Cryptology - INDOCRYPT 2009","author":"L El Aimani","year":"2009","unstructured":"El Aimani, L.: On generic constructions of designated confirmer signatures. In: Roy, B., Sendrier, N. (eds.) INDOCRYPT 2009. LNCS, vol. 5922, pp. 343\u2013362. Springer, Heidelberg (2009)"},{"key":"1_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"87","DOI":"10.1007\/978-3-642-16280-0_6","volume-title":"Provable Security","author":"L El Aimani","year":"2010","unstructured":"El Aimani, L.: Efficient confirmer signatures from the \u201csignature of a commitment\u201d paradigm. In: Heng, S.-H., Kurosawa, K. (eds.) ProvSec 2010. LNCS, vol. 6402, pp. 87\u2013101. Springer, Heidelberg (2010)"},{"key":"1_CR18","series-title":"Lecture Notes in Computer Science","first-page":"186","volume-title":"Advances in Cryptology - CRYPTO 1986","author":"A Fiat","year":"1987","unstructured":"Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186\u2013194. Springer, Heidelberg (1987)"},{"key":"1_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"444","DOI":"10.1007\/978-3-642-38348-9_27","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2013","author":"M Fischlin","year":"2013","unstructured":"Fischlin, M., Fleischhacker, N.: Limitations of the meta-reduction technique: the case of schnorr signatures. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 444\u2013460. Springer, Heidelberg (2013). Full Ver.: Cryptology ePrint Archive, Report 2013\/140"},{"key":"1_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"303","DOI":"10.1007\/978-3-642-17373-8_18","volume-title":"Advances in Cryptology - ASIACRYPT 2010","author":"M Fischlin","year":"2010","unstructured":"Fischlin, M., Lehmann, A., Ristenpart, T., Shrimpton, T., Stam, M., Tessaro, S.: Random oracles with(out) programmability. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 303\u2013320. Springer, Heidelberg (2010)"},{"key":"1_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"512","DOI":"10.1007\/978-3-662-45611-8_27","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2014","author":"N Fleischhacker","year":"2014","unstructured":"Fleischhacker, N., Jager, T., Schr\u00f6der, D.: On tight security proofs for schnorr signatures. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 512\u2013531. Springer, Heidelberg (2014)"},{"key":"1_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"72","DOI":"10.1007\/978-3-642-39059-3_6","volume-title":"Information Security and Privacy","author":"M Fukumitsu","year":"2013","unstructured":"Fukumitsu, M., Hasegawa, S., Isobe, S., Koizumi, E., Shizuya, H.: Toward separating the strong adaptive pseudo-freeness from the strong RSA assumption. In: Boyd, C., Simpson, L. (eds.) ACISP 2013. LNCS, vol. 7959, pp. 72\u201387. Springer, Heidelberg (2013)"},{"key":"1_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"290","DOI":"10.1007\/978-3-319-08344-5_19","volume-title":"Information Security and Privacy","author":"M Fukumitsu","year":"2014","unstructured":"Fukumitsu, M., Hasegawa, S., Isobe, S., Shizuya, H.: On the impossibility of proving security of strong-RSA signatures via the RSA assumption. In: Susilo, W., Mu, Y. (eds.) ACISP 2014. LNCS, vol. 8544, pp. 290\u2013305. Springer, Heidelberg (2014)"},{"key":"1_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"93","DOI":"10.1007\/978-3-540-85174-5_6","volume-title":"Advances in Cryptology \u2013 CRYPTO 2008","author":"S Garg","year":"2008","unstructured":"Garg, S., Bhaskar, R., Lokam, S.V.: Improved bounds on security reductions for discrete log based signatures. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 93\u2013107. Springer, Heidelberg (2008)"},{"issue":"4","key":"1_CR25","doi-asserted-by":"publisher","first-page":"493","DOI":"10.1007\/s00145-007-0549-3","volume":"20","author":"EJ Goh","year":"2007","unstructured":"Goh, E.J., Jarecki, S., Katz, J., Wang, N.: Efficient signature schemes with tight reductions to the Diffie-Hellman problems. J. Cryptology 20(4), 493\u2013514 (2007)","journal-title":"J. Cryptology"},{"issue":"2","key":"1_CR26","doi-asserted-by":"publisher","first-page":"281","DOI":"10.1137\/0217017","volume":"17","author":"S Goldwasser","year":"1988","unstructured":"Goldwasser, S., Micali, S., Rivest, R.L.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Comput. 17(2), 281\u2013308 (1988)","journal-title":"SIAM J. Comput."},{"key":"1_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"123","DOI":"10.1007\/3-540-45961-8_11","volume-title":"Advances in Cryptology - EUROCRYPT 1988","author":"LC Guillou","year":"1988","unstructured":"Guillou, L.C., Quisquater, J.-J.: A practical zero-knowledge protocol fitted to security microprocessor minimizing both transmission and memory. In: Barstow, D., et al. (eds.) EUROCRYPT 1988. LNCS, vol. 330, pp. 123\u2013128. Springer, Heidelberg (1988)"},{"key":"1_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"812","DOI":"10.1007\/978-3-642-32009-5_47","volume-title":"Advances in Cryptology \u2013 CRYPTO 2012","author":"G Hanaoka","year":"2012","unstructured":"Hanaoka, G., Matsuda, T., Schuldt, J.C.N.: On the impossibility of constructing efficient key encapsulation and programmable hash functions in prime order groups. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 812\u2013831. Springer, Heidelberg (2012)"},{"key":"1_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"537","DOI":"10.1007\/978-3-642-29011-4_32","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2012","author":"SA Kakvi","year":"2012","unstructured":"Kakvi, S.A., Kiltz, E.: Optimal security proofs for full domain hash, revisited. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 537\u2013553. Springer, Heidelberg (2012)"},{"issue":"2\/3","key":"1_CR30","first-page":"125","volume":"1","author":"Y Kawai","year":"2011","unstructured":"Kawai, Y., Sakai, Y., Kunihiro, N.: On the (im)possibility results for strong attack models for public key cryptsystems. JISIS 1(2\/3), 125\u2013139 (2011)","journal-title":"JISIS"},{"key":"1_CR31","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"111","DOI":"10.1007\/3-540-45708-9_8","volume-title":"Advances in Cryptology - CRYPTO 2002","author":"JB Nielsen","year":"2002","unstructured":"Nielsen, J.B.: Separating random oracle proofs from complexity theoretic proofs: the non-committing encryption case. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 111\u2013126. Springer, Heidelberg (2002)"},{"key":"1_CR32","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"31","DOI":"10.1007\/3-540-48071-4_3","volume-title":"Advances in Cryptology - CRYPTO 1992","author":"T Okamoto","year":"1993","unstructured":"Okamoto, T.: Provably secure and practical identification schemes and corresponding signature schemes. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 31\u201353. Springer, Heidelberg (1993)"},{"key":"1_CR33","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"31","DOI":"10.1007\/11967668_3","volume-title":"Topics in Cryptology \u2013 CT-RSA 2007","author":"P Paillier","year":"2006","unstructured":"Paillier, P.: Impossibility proofs for RSA signatures in the standard model. In: Abe, M. (ed.) CT-RSA 2007. LNCS, vol. 4377, pp. 31\u201348. Springer, Heidelberg (2006)"},{"key":"1_CR34","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/11593447_1","volume-title":"Advances in Cryptology - ASIACRYPT 2005","author":"P Paillier","year":"2005","unstructured":"Paillier, P., Vergnaud, D.: Discrete-log-based signatures may not be equivalent to discrete log. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 1\u201320. Springer, Heidelberg (2005)"},{"key":"1_CR35","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"252","DOI":"10.1007\/11935230_17","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2006","author":"P Paillier","year":"2006","unstructured":"Paillier, P., Villar, J.L.: Trading one-wayness against chosen-ciphertext security in factoring-based encryption. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 252\u2013266. Springer, Heidelberg (2006)"},{"issue":"3","key":"1_CR36","doi-asserted-by":"publisher","first-page":"361","DOI":"10.1007\/s001450010003","volume":"13","author":"D Pointcheval","year":"2000","unstructured":"Pointcheval, D., Stern, J.: Security arguments for digital signatures and blind signatures. J. Cryptology 13(3), 361\u2013396 (2000)","journal-title":"J. Cryptology"},{"issue":"3","key":"1_CR37","doi-asserted-by":"publisher","first-page":"161","DOI":"10.1007\/BF00196725","volume":"4","author":"C Schnorr","year":"1991","unstructured":"Schnorr, C.: Efficient signature generation by smart cards. J. Cryptology 4(3), 161\u2013174 (1991)","journal-title":"J. Cryptology"},{"key":"1_CR38","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"554","DOI":"10.1007\/978-3-642-29011-4_33","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2012","author":"Y Seurin","year":"2012","unstructured":"Seurin, Y.: On the exact security of schnorr-type signatures in the random oracle model. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 554\u2013571. Springer, Heidelberg (2012)"},{"key":"1_CR39","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"80","DOI":"10.1007\/978-3-642-34961-4_7","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2012","author":"JL Villar","year":"2012","unstructured":"Villar, J.L.: Optimal reductions of some decisional problems to the rank problem. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 80\u201397. Springer, Heidelberg (2012)"},{"key":"1_CR40","series-title":"Lecture Notes in Computer Science","first-page":"366","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2014","author":"J Zhang","year":"2014","unstructured":"Zhang, J., Zhang, Z., Chen, Y., Guo, Y., Zhang, Z.: Black-box separations for one-more (static) CDH and its generalization. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014, Part II. LNCS, vol. 8874, pp. 366\u2013385. Springer, Heidelberg (2014)"}],"container-title":["Lecture Notes in Computer Science","Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-23318-5_1","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,2,15]],"date-time":"2023-02-15T15:39:40Z","timestamp":1676475580000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-319-23318-5_1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015]]},"ISBN":["9783319233178","9783319233185"],"references-count":40,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-23318-5_1","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2015]]},"assertion":[{"value":"27 August 2015","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}}]}}