{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,7]],"date-time":"2026-05-07T04:22:48Z","timestamp":1778127768245,"version":"3.51.4"},"reference-count":33,"publisher":"Springer Science and Business Media LLC","issue":"2","license":[{"start":{"date-parts":[[2019,2,6]],"date-time":"2019-02-06T00:00:00Z","timestamp":1549411200000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Cryptol"],"published-print":{"date-parts":[[2019,4]]},"DOI":"10.1007\/s00145-019-09311-5","type":"journal-article","created":{"date-parts":[[2019,2,6]],"date-time":"2019-02-06T11:10:33Z","timestamp":1549451433000},"page":"566-599","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":23,"title":["On Tight Security Proofs for Schnorr Signatures"],"prefix":"10.1007","volume":"32","author":[{"given":"Nils","family":"Fleischhacker","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Tibor","family":"Jager","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Dominique","family":"Schr\u00f6der","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2019,2,6]]},"reference":[{"key":"9311_CR1","doi-asserted-by":"crossref","unstructured":"M. Abdalla, M. Bellare, P. Rogaway, The oracle Diffie\u2013Hellman assumptions and an analysis of DHIES, in David Naccache, editor, Topics in Cryptology\u2014CT-RSA\u00a02001, Volume 2020 of Lecture Notes in Computer Science, San Francisco, CA, USA (Springer, Heidelberg, 2001), pp. 143\u2013158","DOI":"10.1007\/3-540-45353-9_12"},{"issue":"3","key":"9311_CR2","doi-asserted-by":"publisher","first-page":"185","DOI":"10.1007\/s00145-002-0120-1","volume":"16","author":"Mihir Bellare","year":"2003","unstructured":"M. Bellare, C. Namprempre, D. Pointcheval, M. Semanko. The one-more-RSA-inversion problems and the security of Chaum\u2019s blind signature scheme. J. Cryptol.\n                           16(3), 185\u2013215 (2003)","journal-title":"Journal of Cryptology"},{"key":"9311_CR3","unstructured":"M. Bellare, P. Rogaway. Random oracles are practical: a paradigm for designing efficient protocols, in V.\u00a0Ashby, editor, ACM CCS 93: 1st Conference on Computer and Communications Security, Fairfax, Virginia, USA (ACM Press, London, 1993), pp 62\u201373"},{"key":"9311_CR4","doi-asserted-by":"crossref","unstructured":"M. Bellare, P. Rogaway. The exact security of digital signatures: how to sign with RSA and Rabin, in Ueli\u00a0M. Maurer, editor, Advances in Cryptology\u2014EUROCRYPT\u201996, Volume 1070 of Lecture Notes in Computer Science, Saragossa, Spain (Springer, Heidelberg, 1996), pp. 399\u2013416","DOI":"10.1007\/3-540-68339-9_34"},{"key":"9311_CR5","doi-asserted-by":"crossref","unstructured":"D.J. Bernstein. Proving tight security for Rabin\u2013Williams signatures, in Nigel\u00a0P. Smart, editor, Advances in Cryptology\u2014EUROCRYPT\u00a02008, Volume 4965 of Lecture Notes in Computer Science, Istanbul, Turkey (Springer, Heidelberg, 2008), pp. 70\u201387","DOI":"10.1007\/978-3-540-78967-3_5"},{"key":"9311_CR6","unstructured":"D.J. Bernstein. Multi-user schnorr security, revisited. Cryptology ePrint Archive, Report 2015\/996. \n                    https:\/\/eprint.iacr.org\/2015\/996\n                    \n                   (2015)"},{"key":"9311_CR7","doi-asserted-by":"crossref","unstructured":"D. Boneh, X. Boyen, Secure identity based encryption without random oracles, in Matthew Franklin, editor, Advances in Cryptology\u2014CRYPTO\u00a02004, Volume 3152 of Lecture Notes in Computer Science, Santa Barbara, CA, USA (Springer, Heidelberg, 2004), pp. 443\u2013459","DOI":"10.1007\/978-3-540-28628-8_27"},{"key":"9311_CR8","doi-asserted-by":"crossref","unstructured":"J.-S. Coron, On the exact security of full domain hash, in Mihir Bellare, editor, Advances in Cryptology\u2014CRYPTO\u00a02000, Volume 1880 of Lecture Notes in Computer Science, Santa Barbara, CA, USA (Springer, Heidelberg, 2000), pp. 229\u2013235","DOI":"10.1007\/3-540-44598-6_14"},{"key":"9311_CR9","doi-asserted-by":"crossref","unstructured":"J.-S. Coron, Optimal security proofs for PSS and other signature schemes, in Lars\u00a0R. Knudsen, editor, Advances in Cryptology\u2014EUROCRYPT\u00a02002, Volume 2332 of Lecture Notes in Computer Science, Amsterdam, The Netherlands (Springer, Heidelberg, 2002), pp.272\u2013287","DOI":"10.1007\/3-540-46035-7_18"},{"key":"9311_CR10","doi-asserted-by":"crossref","unstructured":"Y. Dodis, I. Haitner, A. Tentes, On the instantiability of hash-and-sign RSA signatures, in Ronald Cramer, editor, TCC\u00a02012: 9th Theory of Cryptography Conference, Volume 7194 of Lecture Notes in Computer Science, Taormina, Sicily, Italy (Springer, Heidelberg, 2012), pp. 112\u2013132","DOI":"10.1007\/978-3-642-28914-9_7"},{"key":"9311_CR11","doi-asserted-by":"crossref","unstructured":"Y. Dodis, R. Oliveira, K. Pietrzak, On the generic insecurity of the full domain hash, in Victor Shoup, editor, Advances in Cryptology\u2014CRYPTO\u00a02005, Volume 3621 of Lecture Notes in Computer Science, Santa Barbara, CA, USA (Springer, Heidelberg, 2005), pp. 449\u2013466","DOI":"10.1007\/11535218_27"},{"key":"9311_CR12","doi-asserted-by":"crossref","unstructured":"Y. Dodis, L. Reyzin, On the power of claw-free permutations, in Stelvio Cimato, Clemente Galdi, and Giuseppe Persiano, editors, SCN 02: 3rd International Conference on Security in Communication Networks, Volume 2576 of Lecture Notes in Computer Science, Amalfi, Italy (Springer, Heidelberg, 2003), pp. 55\u201373","DOI":"10.1007\/3-540-36413-7_5"},{"key":"9311_CR13","doi-asserted-by":"crossref","unstructured":"A. Fiat, A. Shamir, How to prove yourself: practical solutions to identification and signature problems, in Andrew\u00a0M. Odlyzko, editor, Advances in Cryptology\u2013CRYPTO\u201986, Volume 263 of Lecture Notes in Computer Science, Santa Barbara, CA, USA (Springer, Heidelberg, 1987), pp. 186\u2013194","DOI":"10.1007\/3-540-47721-7_12"},{"key":"9311_CR14","doi-asserted-by":"crossref","unstructured":"M. Fischlin, N. Fleischhacker, Limitations of the meta-reduction technique: the case of Schnorr signatures, in Thomas Johansson and Phong\u00a0Q. Nguyen, editors, Advances in Cryptology\u2014EUROCRYPT\u00a02013, Volume 7881 of Lecture Notes in Computer Science, Athens, Greece (Springer, Heidelberg, 2013), pp. 444\u2013460","DOI":"10.1007\/978-3-642-38348-9_27"},{"key":"9311_CR15","doi-asserted-by":"crossref","unstructured":"M. Fischlin, A. Lehmann, T. Ristenpart, T. Shrimpton, M. Stam, S. Tessaro, Random oracles with(out) programmability, in Masayuki Abe, editor, Advances in Cryptology\u2014ASIACRYPT\u00a02010, Volume 6477 of Lecture Notes in Computer Science, Singapore (Springer, Heidelberg, 2010), pp. 303\u2013320","DOI":"10.1007\/978-3-642-17373-8_18"},{"key":"9311_CR16","doi-asserted-by":"crossref","unstructured":"N. Fleischhacker, T. Jager, D. Schr\u00f6der, On tight security proofs for Schnorr signatures, in Palash Sarkar and Tetsu Iwata, editors, Advances in Cryptology\u2014ASIACRYPT\u00a02014, Part\u00a0I, Volume 8873 of Lecture Notes in Computer Science, Kaoshiung, Taiwan, R.O.C (Springer, Heidelberg, 2014), pp. 512\u2013531","DOI":"10.1007\/978-3-662-45611-8_27"},{"issue":"5","key":"9311_CR17","doi-asserted-by":"publisher","first-page":"263","DOI":"10.1016\/S0020-0190(01)00338-6","volume":"83","author":"Steven D Galbraith","year":"2002","unstructured":"S.D. Galbraith, J. Malone-Lee, N.P. Smart. Public key signatures in the multi-user setting. Inf. Process. Lett., 83(5), 263\u2013266 (2002)","journal-title":"Inf. Process. Lett."},{"key":"9311_CR18","doi-asserted-by":"crossref","unstructured":"S. Garg, R. Bhaskar, S.V. Lokam, Improved bounds on security reductions for discrete log based signatures, in David Wagner, editor, Advances in Cryptology\u2014CRYPTO\u00a02008, Volume 5157 of Lecture Notes in Computer Science, Santa Barbara, CA, USA (Springer, Heidelberg, 2008), pp. 93\u2013107","DOI":"10.1007\/978-3-540-85174-5_6"},{"issue":"2","key":"9311_CR19","doi-asserted-by":"publisher","first-page":"281","DOI":"10.1137\/0217017","volume":"17","author":"Shafi Goldwasser","year":"1988","unstructured":"S. Goldwasser, S. Micali, and R.\u00a0L. Rivest. A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Comput., 17(2), 281\u2013308 (1988)","journal-title":"SIAM Journal on Computing"},{"key":"9311_CR20","doi-asserted-by":"crossref","unstructured":"S. A. Kakvi, E. Kiltz, Optimal security proofs for full domain hash, revisited, in David Pointcheval and Thomas Johansson, editors, Advances in Cryptology\u2014EUROCRYPT\u00a02012, Volume 7237 of Lecture Notes in Computer Science, Cambridge, UK (Springer, Heidelberg, 2012), pp. 537\u2013553","DOI":"10.1007\/978-3-642-29011-4_32"},{"key":"9311_CR21","doi-asserted-by":"crossref","unstructured":"E. Kiltz, D. Masny, J. Pan, Optimal security proofs for signatures from identification schemes, in Matthew Robshaw and Jonathan Katz, editors, Advances in Cryptology\u2014CRYPTO\u00a02016, Part\u00a0II, Volume 9815 of Lecture Notes in Computer Science, Santa Barbara, CA, USA (Springer, Heidelberg, 2016), pp. 33\u201361","DOI":"10.1007\/978-3-662-53008-5_2"},{"key":"9311_CR22","unstructured":"U.M. Maurer, Abstract models of computation in cryptography (invited paper), in Nigel\u00a0P. Smart, editor, 10th IMA International Conference on Cryptography and Coding, Volume 3796 of Lecture Notes in Computer Science, Cirencester, UK (Springer, Heidelberg, 2005), pp. 1\u201312"},{"issue":"1","key":"9311_CR23","doi-asserted-by":"publisher","first-page":"69","DOI":"10.1515\/JMC.2009.004","volume":"3","author":"Gregory Neven","year":"2009","unstructured":"G. Neven, N. Smart, B. Warinschi. Hash function requirements for Schnorr signatures. J. Math. Cryptol., 3(1), 69\u201387 (2009)","journal-title":"Journal of Mathematical Cryptology"},{"key":"9311_CR24","doi-asserted-by":"crossref","unstructured":"P. Paillier, D. Vergnaud, Discrete-log-based signatures may not be equivalent to discrete log, in Bimal\u00a0K. Roy, editor, Advances in Cryptology\u2014ASIACRYPT\u00a02005, Volume 3788 of Lecture Notes in Computer Science, Chennai, India (Springer, Heidelberg, 2005), pp. 1\u201320.","DOI":"10.1007\/11593447_1"},{"key":"9311_CR25","doi-asserted-by":"crossref","unstructured":"D. Pointcheval, J. Stern, Security proofs for signature schemes, in Ueli\u00a0M. Maurer, editor, Advances in Cryptology\u2014EUROCRYPT\u201996, Volume 1070 of Lecture Notes in Computer Science, Saragossa, Spain (Springer, Heidelberg, 1996), pp. 387\u2013398","DOI":"10.1007\/3-540-68339-9_33"},{"key":"9311_CR26","doi-asserted-by":"crossref","unstructured":"O. Reingold, L. Trevisan, S. P. Vadhan, Notions of reducibility between cryptographic primitives, in Moni Naor, editor, TCC\u00a02004: 1st Theory of Cryptography Conference, Volume 2951 of Lecture Notes in Computer Science, Cambridge, MA, USA (Springer, Heidelberg, 2004), pp. 1\u201320","DOI":"10.1007\/978-3-540-24638-1_1"},{"key":"9311_CR27","doi-asserted-by":"crossref","unstructured":"A. Rupp, G. Leander, E. Bangerter, A.W. Dent, A.-R. Sadeghi, Sufficient conditions for intractability over black-box groups: generic lower bounds for generalized DL and DH problems, in Josef Pieprzyk, editor, Advances in Cryptology\u2014ASIACRYPT\u00a02008, Volume 5350 of Lecture Notes in Computer Science, Melbourne, Australia (Springer, Heidelberg, 2008), pp. 489\u2013505","DOI":"10.1007\/978-3-540-89255-7_30"},{"key":"9311_CR28","doi-asserted-by":"crossref","unstructured":"S. Sch\u00e4ge, Tight proofs for signature schemes without random oracles, in Kenneth\u00a0G. Paterson, editor, Advances in Cryptology\u2014EUROCRYPT\u00a02011, Volume 6632 of Lecture Notes in Computer Science, Tallinn, Estonia (Springer, Heidelberg, 2011), pp. 189\u2013206","DOI":"10.1007\/978-3-642-20465-4_12"},{"key":"9311_CR29","doi-asserted-by":"crossref","unstructured":"C.-P. Schnorr, Efficient identification and signatures for smart cards, in Gilles Brassard, editor, Advances in Cryptology\u2014CRYPTO\u201989, Volume 435 of Lecture Notes in Computer Science, Santa Barbara, CA, USA (Springer, Heidelberg, 1990), pp. 239\u2013252","DOI":"10.1007\/0-387-34805-0_22"},{"issue":"3","key":"9311_CR30","doi-asserted-by":"publisher","first-page":"161","DOI":"10.1007\/BF00196725","volume":"4","author":"Claus-Peter Schnorr","year":"1991","unstructured":"C.-P. Schnorr. Efficient signature generation by smart cards. J. Cryptol., 4(3), 161\u2013174 (1991)","journal-title":"Journal of Cryptology"},{"key":"9311_CR31","doi-asserted-by":"crossref","unstructured":"Y. Seurin, On the exact security of Schnorr-type signatures in the random oracle model, in David Pointcheval and Thomas Johansson, editors, Advances in Cryptology\u2014EUROCRYPT\u00a02012, Volume 7237 of Lecture Notes in Computer Science, Cambridge, UK (Springer, Heidelberg, 2012), pp. 554\u2013571","DOI":"10.1007\/978-3-642-29011-4_33"},{"key":"9311_CR32","doi-asserted-by":"crossref","unstructured":"V. Shoup, Lower bounds for discrete logarithms and related problems, in Walter Fumy, editor, Advances in Cryptology\u2014EUROCRYPT\u201997, Volume 1233 of Lecture Notes in Computer Science, Konstanz, Germany (Springer, Heidelberg, 1997), pp. 256\u2013266","DOI":"10.1007\/3-540-69053-0_18"},{"key":"9311_CR33","doi-asserted-by":"crossref","unstructured":"B.R. Waters, Efficient identity-based encryption without random oracles, in Ronald Cramer, editor, Advances in Cryptology\u2014EUROCRYPT\u00a02005, Volume 3494 of Lecture Notes in Computer Science, Aarhus, Denmark (Springer, Heidelberg, 2005), pp. 114\u2013127","DOI":"10.1007\/11426639_7"}],"container-title":["Journal of Cryptology"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s00145-019-09311-5\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s00145-019-09311-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s00145-019-09311-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,4,8]],"date-time":"2020-04-08T08:12:55Z","timestamp":1586333575000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s00145-019-09311-5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,2,6]]},"references-count":33,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2019,4]]}},"alternative-id":["9311"],"URL":"https:\/\/doi.org\/10.1007\/s00145-019-09311-5","relation":{},"ISSN":["0933-2790","1432-1378"],"issn-type":[{"value":"0933-2790","type":"print"},{"value":"1432-1378","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019,2,6]]},"assertion":[{"value":"3 June 2016","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"3 January 2019","order":2,"name":"revised","label":"Revised","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"6 February 2019","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}