{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,2,13]],"date-time":"2024-02-13T13:10:39Z","timestamp":1707829839795},"reference-count":31,"publisher":"Institute of Electronics, Information and Communications Engineers (IEICE)","issue":"9","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEICE Trans. Fundamentals"],"published-print":{"date-parts":[[2021,9,1]]},"DOI":"10.1587\/transfun.2020dmp0008","type":"journal-article","created":{"date-parts":[[2021,3,7]],"date-time":"2021-03-07T22:06:32Z","timestamp":1615154792000},"page":"1163-1174","source":"Crossref","is-referenced-by-count":2,"title":["Impossibility on the Schnorr Signature from the One-More DL Assumption in the Non-Programmable Random Oracle Model"],"prefix":"10.1587","volume":"E104.A","author":[{"given":"Masayuki","family":"FUKUMITSU","sequence":"first","affiliation":[{"name":"Faculty of Information Media, Hokkaido Information University"}]},{"given":"Shingo","family":"HASEGAWA","sequence":"additional","affiliation":[{"name":"Graduate School of Information Sciences, Tohoku University"}]}],"member":"532","reference":[{"key":"1","doi-asserted-by":"crossref","unstructured":"[1] M. Fukumitsu and S. Hasegawa, \u201cImpossibility of the provable security of the Schnorr signature from the One-More DL assumption in the non-programmable random oracle model,\u201d ProvSec 2017, eds., T. Okamoto, Y. Yu, M.H. Au, and Y. Li, LNCS, vol.10592, pp.201-218, Springer, Heidelberg, 2017. 10.1007\/978-3-319-68637-0_12","DOI":"10.1007\/978-3-319-68637-0_12"},{"key":"2","doi-asserted-by":"publisher","unstructured":"[2] D. Pointcheval and J. Stern, \u201cSecurity arguments for digital signatures and blind signatures,\u201d J. Cryptol., vol.13, no.3, pp.361-396, 2000. 10.1007\/s001450010003","DOI":"10.1007\/s001450010003"},{"key":"3","doi-asserted-by":"publisher","unstructured":"[3] M. Abdalla, J.H. An, M. Bellare, and C. Namprempre, \u201cFrom identification to signatures via the Fiat-Shamir transform: Necessary and sufficient conditions for security and forward-security,\u201d IEEE Trans. Inf. Theory, vol.54, no.8, pp.3631-3646, 2008. 10.1109\/tit.2008.926303","DOI":"10.1109\/TIT.2008.926303"},{"key":"4","doi-asserted-by":"publisher","unstructured":"[4] A. Fiat and A. Shamir, \u201cHow to prove yourself: Practical solutions to identification and signature problems,\u201d CRYPTO&apos;86, ed., A.M. Odlyzko, LNCS, vol.263, pp.186-194, Springer, Heidelberg, 1987. 10.1007\/3-540-47721-7_12","DOI":"10.1007\/3-540-47721-7_12"},{"key":"5","doi-asserted-by":"crossref","unstructured":"[5] P. Paillier and D. Vergnaud, \u201cDiscrete-log-based signatures may not be equivalent to discrete log,\u201d ASIACRYPT 2005, ed., B. Roy, LNCS, vol.3788, pp.1-20, Springer, Heidelberg, 2005. 10.1007\/11593447_1","DOI":"10.1007\/11593447_1"},{"key":"6","doi-asserted-by":"publisher","unstructured":"[6] M. Bellare, C. Namprempre, D. Pointcheval, and M. Semanko, \u201cThe One-more-RSA-inversion problems and the security of Chaum&apos;s blind signature scheme,\u201d J. Cryptol., vol.16, no.3, pp.185-215, 2003. 10.1007\/s00145-002-0120-1","DOI":"10.1007\/s00145-002-0120-1"},{"key":"7","doi-asserted-by":"crossref","unstructured":"[7] J.S. Coron, \u201cOptimal security proofs for PSS and other signature schemes,\u201d EUROCRYPT 2002, ed., L.R. Knudsen, LNCS, vol.2332, pp.272-287, Springer, Heidelberg, 2002. 10.1007\/3-540-46035-7_18","DOI":"10.1007\/3-540-46035-7_18"},{"key":"8","doi-asserted-by":"crossref","unstructured":"[8] S.A. Kakvi and E. Kiltz, \u201cOptimal security proofs for full domain hash, revisited,\u201d EUROCRYPT 2012, eds., D. Pointcheval and T. Johansson, LNCS, vol.7237, pp.537-553, Springer, Heidelberg, 2012. 10.1007\/978-3-642-29011-4_32","DOI":"10.1007\/978-3-642-29011-4_32"},{"key":"9","doi-asserted-by":"crossref","unstructured":"[9] J. Nielsen, \u201cSeparating random oracle proofs from complexity theoretic proofs: The non-committing encryption case,\u201d CRYPTO 2002, ed., M. Yung, LNCS, vol.2442, pp.111-126, Springer, Heidelberg, 2002. 10.1007\/3-540-45708-9_8","DOI":"10.1007\/3-540-45708-9_8"},{"key":"10","doi-asserted-by":"crossref","unstructured":"[10] M. Fischlin, A. Lehmann, T. Ristenpart, T. Shrimpton, M. Stam, and S. Tessaro, \u201cRandom oracles with(out) programmability,\u201d ASIACRYPT 2010, ed., M. Abe, LNCS, vol.6477, pp.303-320, Springer, Heidelberg, 2010. 10.1007\/978-3-642-17373-8_18","DOI":"10.1007\/978-3-642-17373-8_18"},{"key":"11","doi-asserted-by":"publisher","unstructured":"[11] M. Fischlin and N. Fleischhacker, \u201cLimitations of the meta-reduction technique: The case of Schnorr signatures,\u201d EUROCRYPT 2013, eds., T. Johansson and P.Q. Nguyen, LNCS, vol.7881, pp.444-460, Springer, Heidelberg, 2013. 10.1007\/978-3-642-38348-9_27","DOI":"10.1007\/978-3-642-38348-9_27"},{"key":"12","doi-asserted-by":"crossref","unstructured":"[12] M. Fukumitsu and S. Hasegawa, \u201cImpossibility on the provable security of the Fiat-Shamir-type signatures in the non-programmable random oracle model,\u201d ISC 2016, eds., M. Bishop and A. Nascimento, LNCS, vol.9866, pp.389-407, Springer, Heidelberg, 2016. 10.1007\/978-3-319-45871-7_23","DOI":"10.1007\/978-3-319-45871-7_23"},{"key":"13","doi-asserted-by":"publisher","unstructured":"[13] M. Fukumitsu and S. Hasegawa, \u201cBlack-box separations on Fiat-Shamir-type signatures in the non-programmable random oracle model,\u201d IEICE Trans. Fundamentals, vol.E101-A, no.1, pp.77-87, Jan. 2018. 10.1587\/transfun.e101.a.77","DOI":"10.1587\/transfun.E101.A.77"},{"key":"14","doi-asserted-by":"crossref","unstructured":"[14] Z. Zhang, Y. Chen, S.S.M. Chow, G. Hanaoka, Z. Cao, and Y. Zhao, \u201cBlack-box separations of hash-and-sign signatures in the non-programmable random oracle model,\u201d Provable Security 2015, eds., M.H. Au and A. Miyaji, LNCS, vol.9451, pp.435-454, Springer, Heidelberg, 2015. 10.1007\/978-3-319-26059-4_24","DOI":"10.1007\/978-3-319-26059-4_24"},{"key":"15","doi-asserted-by":"crossref","unstructured":"[15] C. Bader, T. Jager, Y. Li, and S. Sch\u00e4ge, \u201cOn the impossibility of tight cryptographic reductions,\u201d EUROCRYPT 2016, eds., M. Fischlin and J.S. Coron, LNCS, vol.9666, pp.273-304, Springer, Heidelberg, 2016. 10.1007\/978-3-662-49896-5_10","DOI":"10.1007\/978-3-662-49896-5_10"},{"key":"16","doi-asserted-by":"crossref","unstructured":"[16] D. Boneh, \u201cThe decision Diffie-Hellman problem,\u201d Algorithmic Number Theory, ed. J.P. Buhler, LNCS, vol.1423, pp.48-63, Springer, Heidelberg, 1998. 10.1007\/bfb0054851","DOI":"10.1007\/BFb0054851"},{"key":"17","doi-asserted-by":"crossref","unstructured":"[17] N. Fleischhacker, T. Jager, and D. Schr\u00f6der, \u201cOn tight security proofs for Schnorr signatures,\u201d ASIACRYPT 2014, eds., P. Sarkar and T. Iwata, LNCS, vol.8873, pp.512-531, Springer, Heidelberg, 2014. 10.1007\/978-3-662-45611-8_27","DOI":"10.1007\/978-3-662-45611-8_27"},{"key":"18","doi-asserted-by":"crossref","unstructured":"[18] M. Fukumitsu and S. Hasegawa, \u201cOne-more assumptions do not help Fiat-Shamir-type signature schemes in nprom,\u201d Topics in Cryptology-CT-RSA 2020, ed., S. Jarecki, Cham, pp.586-609, Springer International Publishing, 2020. 10.1007\/978-3-030-40186-3_25","DOI":"10.1007\/978-3-030-40186-3_25"},{"key":"19","doi-asserted-by":"crossref","unstructured":"[19] J. Zhang, Z. Zhang, Y. Chen, Y. Guo, and Z. Zhang, \u201cBlack-box separations for One-more (static) CDH and its generalization,\u201d ASIACRYPT 2014, eds., P. Sarkar and T. Iwata, LNCS, vol.8874, pp.366-385, Springer, Heidelberg, 2014. 10.1007\/978-3-662-45608-8_20","DOI":"10.1007\/978-3-662-45608-8_20"},{"key":"20","doi-asserted-by":"crossref","unstructured":"[20] G. Fuchsbauer, A. Plouviez, and Y. Seurin, \u201cBlind Schnorr signatures and signed elgamal encryption in the algebraic group model,\u201d Advances in Cryptology-EUROCRYPT 2020, eds., A. Canteaut and Y. Ishai, Cham, pp.63-95, Springer International Publishing, 2020. 10.1007\/978-3-030-45724-2_3","DOI":"10.1007\/978-3-030-45724-2_3"},{"key":"21","doi-asserted-by":"crossref","unstructured":"[21] S. Garg, R. Bhaskar, and S. Lokam, \u201cImproved bounds on security reductions for discrete log based signatures,\u201d CRYPTO 2008, ed., D. Wagner, LNCS, vol.5157, pp.93-107, Springer, Heidelberg, 2008. 10.1007\/978-3-540-85174-5_6","DOI":"10.1007\/978-3-540-85174-5_6"},{"key":"22","doi-asserted-by":"crossref","unstructured":"[22] Y. Seurin, \u201cOn the exact security of Schnorr-type signatures in the random oracle model,\u201d EUROCRYPT 2012, eds., D. Pointcheval and T. Johansson, LNCS, vol.7237, pp.554-571, Springer, Heidelberg, 2012. 10.1007\/978-3-642-29011-4_33","DOI":"10.1007\/978-3-642-29011-4_33"},{"key":"23","doi-asserted-by":"crossref","unstructured":"[23] D. Boneh and R. Venkatesan, \u201cBreaking RSA may not be equivalent to factoring,\u201d EUROCRYPT&apos;98, ed., K. Nyberg, LNCS, vol.1403, pp.59-71, Springer, Heidelberg, 1998. 10.1007\/bfb0054117","DOI":"10.1007\/BFb0054117"},{"key":"24","doi-asserted-by":"crossref","unstructured":"[24] S. Goldwasser, S. Micali, and R.L. Rivest, \u201cA digital signature scheme secure against adaptive chosen-message attacks,\u201d SIAM J. Comput., vol.17, no.2, pp.281-308, 1988. 10.1137\/0217017","DOI":"10.1137\/0217017"},{"key":"25","doi-asserted-by":"crossref","unstructured":"[25] M. Fischlin, P. Harasser, and C. Janson, \u201cSignatures from sequential-or proofs,\u201d Advances in Cryptology-EUROCRYPT 2020, eds., A. Canteaut and Y. Ishai, Cham, pp.212-244, Springer International Publishing, 2020. 10.1007\/978-3-030-45727-3_8","DOI":"10.1007\/978-3-030-45727-3_8"},{"key":"26","doi-asserted-by":"crossref","unstructured":"[26] R. Pass, \u201cLimits of provable security from standard assumptions,\u201d STOC2011, pp.109-118, 2011. 10.1145\/1993636.1993652","DOI":"10.1145\/1993636.1993652"},{"key":"27","doi-asserted-by":"publisher","unstructured":"[27] C. Schnorr, \u201cEfficient signature generation by smart cards,\u201d J. Cryptol., vol.4, no.3, pp.161-174, 1991. 10.1007\/bf00196725","DOI":"10.1007\/BF00196725"},{"key":"28","doi-asserted-by":"publisher","unstructured":"[28] M. Bellare and A. Palacio, \u201cGQ and Schnorr identification schemes: Proofs of security against impersonation under active and concurrent attacks,\u201d EUROCRYPT 2002, ed., M. Yung, LNCS, vol.2442, pp.162-177, Springer, Heidelberg, 2002. 10.1007\/3-540-45708-9_11","DOI":"10.1007\/3-540-45708-9_11"},{"key":"29","doi-asserted-by":"crossref","unstructured":"[30] M. Naor, \u201cOn cryptographic assumptions and challenges,\u201d Advances in Cryptology-CRYPTO 2003, ed., D. Boneh, Berlin, Heidelberg, pp.96-109, Springer Berlin Heidelberg, 2003. 10.1007\/978-3-540-45146-4_6","DOI":"10.1007\/978-3-540-45146-4_6"},{"key":"30","doi-asserted-by":"crossref","unstructured":"[31] A. Morgan and R. Pass, \u201cOn the security loss of unique signatures,\u201d TCC 2018, eds., A. Beimel and S. Dziembowski, LNCS, vol.11239, pp.507-536, Springer, Heidelberg, 2018. 10.1007\/978-3-030-03807-6_19","DOI":"10.1007\/978-3-030-03807-6_19"},{"key":"31","doi-asserted-by":"publisher","unstructured":"[32] M. Fukumitsu, S. Hasegawa, S. Isobe, and H. Shizuya, \u201cThe RSA group is adaptive pseudo-free under the RSA assumption,\u201d IEICE Trans. Fundamentals, vol.E97-A, no.1, pp.200-214, Jan. 2014. 10.1587\/transfun.e97.a.200","DOI":"10.1587\/transfun.E97.A.200"}],"container-title":["IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.jstage.jst.go.jp\/article\/transfun\/E104.A\/9\/E104.A_2020DMP0008\/_pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,9,4]],"date-time":"2021-09-04T03:25:07Z","timestamp":1630725907000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.jstage.jst.go.jp\/article\/transfun\/E104.A\/9\/E104.A_2020DMP0008\/_article"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,9,1]]},"references-count":31,"journal-issue":{"issue":"9","published-print":{"date-parts":[[2021]]}},"URL":"https:\/\/doi.org\/10.1587\/transfun.2020dmp0008","relation":{},"ISSN":["0916-8508","1745-1337"],"issn-type":[{"value":"0916-8508","type":"print"},{"value":"1745-1337","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,9,1]]},"article-number":"2020DMP0008"}}