{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,2,13]],"date-time":"2025-02-13T05:15:33Z","timestamp":1739423733254,"version":"3.37.0"},"publisher-location":"Berlin, Heidelberg","reference-count":32,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642046414"},{"type":"electronic","value":"9783642046421"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2009]]},"DOI":"10.1007\/978-3-642-04642-1_11","type":"book-chapter","created":{"date-parts":[[2009,11,9]],"date-time":"2009-11-09T12:05:26Z","timestamp":1257768326000},"page":"118-128","source":"Crossref","is-referenced-by-count":0,"title":["On the Insecurity of the Fiat-Shamir Signatures with Iterative Hash Functions"],"prefix":"10.1007","author":[{"given":"Eiichiro","family":"Fujisaki","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ryo","family":"Nishimaki","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Keisuke","family":"Tanaka","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"11_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"418","DOI":"10.1007\/3-540-46035-7_28","volume-title":"Advances in Cryptology - EUROCRYPT 2002","author":"M. Abdalla","year":"2002","unstructured":"Abdalla, M., An, J., Bellare, M., Namprempre, C.: From identification to signatures via the fiat-shamir transform: Minimizing assumptions for security and forward-security. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol.\u00a02332, p. 418. Springer, Heidelberg (2002)"},{"key":"11_CR2","doi-asserted-by":"crossref","unstructured":"Barak, B.: How to go beyond the black-box simulation barrier. In: Proceedings of the 42th IEEE Annual Symposium on Foundations of Computer Science (FOCS 2001) (October 2001), http:\/\/www.math.ias.edu\/~boaz","DOI":"10.1109\/SFCS.2001.959885"},{"key":"11_CR3","doi-asserted-by":"crossref","unstructured":"Barak, B., Goldreich, O.: Universal arguments and their applications. In: Conference on Computational Complexity 2002 (2002)","DOI":"10.1109\/CCC.2002.1004355"},{"key":"11_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"299","DOI":"10.1007\/11935230_20","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2006","author":"M. Bellare","year":"2006","unstructured":"Bellare, M., Ristenpart, T.: Multi-property-preserving hash domain extension and the emd transform. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol.\u00a04284, pp. 299\u2013314. Springer, Heidelberg (2006)"},{"key":"11_CR5","doi-asserted-by":"crossref","unstructured":"Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: First ACM Conference on Computer and Communication Security, pp. 62\u201373. Association for Computing Machinery (1993)","DOI":"10.1145\/168588.168596"},{"key":"11_CR6","unstructured":"Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Sponge functions. In: Ecrypt Hash Workshop 2007 (May 2007)"},{"key":"11_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"412","DOI":"10.1007\/11535218_25","volume-title":"Advances in Cryptology \u2013 CRYPTO 2005","author":"A. Boldyreva","year":"2005","unstructured":"Boldyreva, A., Fischlin, M.: Analysis of random oracle instantiation scenarios for oaep and other practical schemes. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol.\u00a03621, pp. 412\u2013429. Springer, Heidelberg (2005)"},{"key":"11_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"171","DOI":"10.1007\/978-3-540-24676-3_11","volume-title":"Advances in Cryptology - EUROCRYPT 2004","author":"M. Bellare","year":"2004","unstructured":"Bellare, M., Boldyreva, A., Palacio, A.: An uninstantiable random-oracle-model scheme for a hybrid-encryption problem. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol.\u00a03027, pp. 171\u2013188. Springer, Heidelberg (2004)"},{"key":"11_CR9","doi-asserted-by":"crossref","unstructured":"Canetti, R., Goldreich, O., Halevi, S.: The random oracle methodology, revisited. In: Proceedings of the 30th annual ACM Symposium on Theory of Computing (STOC 1998), New York, pp. 209\u2013218 (1998)","DOI":"10.1145\/276698.276741"},{"key":"11_CR10","doi-asserted-by":"crossref","unstructured":"Canetti, R., Goldreich, O., Halevi, S.: On the random oracle methodology as applied to length-restricted signature schemes. In: Naor [26], pp. 40\u201357","DOI":"10.1007\/978-3-540-24638-1_3"},{"key":"11_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"207","DOI":"10.1007\/978-3-540-24676-3_13","volume-title":"Advances in Cryptology - EUROCRYPT 2004","author":"R. Canetti","year":"2004","unstructured":"Canetti, R., Halevi, S., Katz, J.: Chosen-ciphertext security from identity based encryption. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol.\u00a03027, pp. 207\u2013222. Springer, Heidelberg (2004)"},{"key":"11_CR12","doi-asserted-by":"crossref","unstructured":"Chang, D., Nandi, M.: Improved indifferentiability security analysis of chopMD hash function. In: Preproceedings of FSE 2008 (2008)","DOI":"10.1007\/978-3-540-71039-4_27"},{"key":"11_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"430","DOI":"10.1007\/11535218_26","volume-title":"Advances in Cryptology \u2013 CRYPTO 2005","author":"J.S. Coron","year":"2005","unstructured":"Coron, J.S., Dodis, Y., Malinaud, C., Puniya, P.: Merkle-Damg\u00e5rd revisited: How to construct a hash function. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol.\u00a03621, pp. 430\u2013448. Springer, Heidelberg (2005)"},{"key":"11_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"416","DOI":"10.1007\/0-387-34805-0_39","volume-title":"Advances in Cryptology - CRYPTO \u201989","author":"I.B. Damg\u00e5rd","year":"1990","unstructured":"Damg\u00e5rd, I.B.: A design principle for hash functions. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol.\u00a0435, pp. 416\u2013427. Springer, Heidelberg (1990)"},{"key":"11_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"449","DOI":"10.1007\/11535218_27","volume-title":"Advances in Cryptology \u2013 CRYPTO 2005","author":"Y. Dodis","year":"2005","unstructured":"Dodis, Y., Oliveria, R., Pietrzak, K.: On the generic insecurity of the full domain hash. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol.\u00a03621, pp. 449\u2013466. Springer, Heidelberg (2005)"},{"issue":"2","key":"11_CR16","doi-asserted-by":"publisher","first-page":"391","DOI":"10.1137\/S0097539795291562","volume":"30","author":"D. Dolev","year":"2000","unstructured":"Dolev, D., Dwork, C., Naor, M.: Non-malleable cryptography. SIAM. J. Computing\u00a030(2), 391\u2013437 (2000); Presented in STOC 1991","journal-title":"SIAM. J. Computing"},{"key":"11_CR17","series-title":"Lecture Notes in Computer Science","first-page":"186","volume-title":"Advances in Cryptology - CRYPTO \u201986","author":"A. Fiat","year":"1986","unstructured":"Fiat, A., Shamir, A.: How to prove yourself: Practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol.\u00a0263, pp. 186\u2013194. Springer, Heidelberg (1986)"},{"key":"11_CR18","doi-asserted-by":"crossref","DOI":"10.1017\/CBO9780511721656","volume-title":"Foundations of Cryptography","author":"O. Goldreich","year":"2004","unstructured":"Goldreich, O.: Foundations of Cryptography, 1st edn., vol.\u00a02 (Basic Applications). Cambridge University Press, Cambridge (2004)","edition":"1"},{"key":"11_CR19","unstructured":"Goldwasser, S., Kalai, Y.T.: On the (In)security of the Fiat-Shamir Paradigm. In: Proceedings of the 44th IEEE Annual Symposium on Foundations of Computer Science, FOCS 2003 (2003)"},{"issue":"2","key":"11_CR20","doi-asserted-by":"publisher","first-page":"281","DOI":"10.1137\/0217017","volume":"17","author":"S. Goldwasser","year":"1988","unstructured":"Goldwasser, S., Micali, S., Rivest, R.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM Journal of Computing\u00a017(2), 281\u2013308 (1988)","journal-title":"SIAM Journal of Computing"},{"key":"11_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"19","DOI":"10.1007\/978-3-540-78524-8_2","volume-title":"Theory of Cryptography","author":"S. Halevi","year":"2008","unstructured":"Halevi, S., Myers, S., Rackoff, C.: On seed-incompressible functions. In: Canetti, R. (ed.) TCC 2008. LNCS, vol.\u00a04948, pp. 19\u201336. Springer, Heidelberg (2008)"},{"key":"11_CR22","doi-asserted-by":"crossref","unstructured":"Maurer, U.M., Renner, R., Holenstein, C.: Indifferentiability, impossibility results on reductions, and applications to the random oracle methodology. In: Naor [26], pp. 21\u201339","DOI":"10.1007\/978-3-540-24638-1_2"},{"key":"11_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"187","DOI":"10.1007\/978-3-540-74143-5_11","volume-title":"Advances in Cryptology - CRYPTO 2007","author":"U.M. Maurer","year":"2007","unstructured":"Maurer, U.M., Tessaro, S.: Domain extension of public random functions: Beyond the birthday barrier. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol.\u00a04622, pp. 187\u2013204. Springer, Heidelberg (2007)"},{"key":"11_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"428","DOI":"10.1007\/0-387-34805-0_40","volume-title":"Advances in Cryptology - CRYPTO \u201989","author":"R. Merkle","year":"1990","unstructured":"Merkle, R.: One way hash functions and DES. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol.\u00a0435, pp. 428\u2013446. Springer, Heidelberg (1990)"},{"key":"11_CR25","doi-asserted-by":"crossref","unstructured":"Micali, C.: CS proofs. In: Proceedings of the 35th IEEE Annual Symposium on Foundations of Computer Science (FOCS 1994), pp. 436\u2013453 (1997)","DOI":"10.1109\/SFCS.1994.365746"},{"key":"11_CR26","series-title":"Lecture Notes in Computer Science","volume-title":"Theory of Cryptography","year":"2004","unstructured":"Naor, M. (ed.): TCC 2004. LNCS, vol.\u00a02951. Springer, Heidelberg (2004)"},{"key":"11_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"111","DOI":"10.1007\/3-540-45708-9_8","volume-title":"Advances in Cryptology - CRYPTO 2002","author":"J.B. Nielsen","year":"2002","unstructured":"Nielsen, J.B.: Separating Random Oracle Proofs from Complexity Theoretic Proofs: The Non-commiting Encryption Case. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol.\u00a02442, p. 111. Springer, Heidelberg (2002)"},{"key":"11_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"354","DOI":"10.1007\/BFb0055741","volume-title":"Advances in Cryptology - CRYPTO \u201998","author":"K. Ohta","year":"1998","unstructured":"Ohta, K., Okamoto, T.: On concrete security treatment of signatures derived from identification. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol.\u00a01462, pp. 354\u2013369. Springer, Heidelberg (1998)"},{"key":"11_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"387","DOI":"10.1007\/3-540-68339-9_33","volume-title":"Advances in Cryptology - EUROCRYPT \u201996","author":"D. Pointcheval","year":"1996","unstructured":"Pointcheval, D., Stern, J.: Security proofs for signature schemes. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol.\u00a01070, pp. 387\u2013398. Springer, Heidelberg (1996)"},{"issue":"4","key":"11_CR30","doi-asserted-by":"publisher","first-page":"361","DOI":"10.1007\/s001450010003","volume":"13","author":"D. Pointcheval","year":"2000","unstructured":"Pointcheval, D., Stern, J.: Security arguments for digital signatures and blind signatures. Journal of Cryptology\u00a013(4), 361\u2013396 (2000)","journal-title":"Journal of Cryptology"},{"key":"11_CR31","doi-asserted-by":"crossref","unstructured":"Sahai, A.: Non-malleable non-interactive zero knowledge and adaptive chosen-ciphertext security. In: Proceedings of the 40th IEEE Annual Symposium on Foundations of Computer Science (FOCS 1999), pp. 543\u2013553 (1999)","DOI":"10.1109\/SFFCS.1999.814628"},{"key":"11_CR32","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"566","DOI":"10.1007\/3-540-44647-8_33","volume-title":"Advances in Cryptology - CRYPTO 2001","author":"A. Santis De","year":"2001","unstructured":"De Santis, A., Di Crescenzo, G., Ostrovsky, R., Persiano, G., Sahai, A.: Robust non-interactive zero knowledge. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol.\u00a02139, p. 566. Springer, Heidelberg (2001)"}],"container-title":["Lecture Notes in Computer Science","Provable Security"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-04642-1_11.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,2,13]],"date-time":"2025-02-13T04:17:24Z","timestamp":1739420244000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-04642-1_11"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2009]]},"ISBN":["9783642046414","9783642046421"],"references-count":32,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-04642-1_11","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2009]]}}}