Lower Bounds on Signatures From Symmetric Primitives

Author

Barak, Boaz ; Mahmoody-Ghidary, Mohammad

Author_Institution

Princeton Univ., Princeton

fYear

2007

fDate

21-23 Oct. 2007

Firstpage

680

Lastpage

688

Abstract

We show that every black-box construction of one-time signature schemes from a random oracle achieves security at most poly(q)2^q. where q is the total number of queries to the oracle by the generation, signing, and verification algorithms. That is, any such scheme can be broken with probability close to 1 by a (computationally unbounded) adversary making poly(q)2^q queries to the oracle. This is tight up to a constant factor in the number of queries, since a simple modification of Lamport´s scheme achieves 2^{(0.812-o(1))q} security using q queries. Our results extend (with a loss of a constant factor in the number of queries) also to the random permutation and ideal-cipher oracles, and so can be taken as evidence of an inherent efficiency gap between signature schemes and symmetric primitives such as block ciphers, hash functions, and message authentication codes.

Keywords

codes; computational complexity; cryptography; digital signatures; probability; query processing; Lamport scheme; black-box construction; block ciphers; hash functions; ideal-cipher oracles; lower bounds; message authentication codes; one-time signature schemes; oracle queries; probability; random oracle; random permutation; symmetric primitives; Computer science; Computer security; Cost function; Digital signatures; Lattices; Message authentication; Public key; Public key cryptography; Random number generation;

fLanguage

English

Publisher

ieee

Conference_Titel

Foundations of Computer Science, 2007. FOCS '07. 48th Annual IEEE Symposium on

Conference_Location

Providence, RI

ISSN

0272-5428

Print_ISBN

978-0-7695-3010-9

Type

conf

DOI

10.1109/FOCS.2007.71

Filename

4389536