Small error in security proof on the paper On the Multi-User Security of Short Schnorr Signatures with Preprocessing

einsteinwein

3/22/23, 10:55 AM

I think I found a small error in the security proof Link end of page 37. It states that

$ \sum_{i\leq q} \frac{3i+2}{p-(3q +2)^2/4} \leq \frac{3(q +1)q/2+2}{p - (3q +2)^2 /4}$.

But shouldn't it be

$\sum_{i\leq q} \frac{3i+2}{p-(3q +2)^2/4} \leq \frac{3(q+1)q/2+2q}{p - (3q +2)^2 /4}$ ?

I think that the proof still works, since we want to show that you need $\mathcal{O}(\sqrt{q})$ queries to succeed but it still bothers me.

Thanks in advance!

607

0 + 0

discrete-logarithm

provable-security

Score:9

Crypto

Ievgeni

3/22/23, 11:04 AM

Yes, you've raised a flaw, you can contact the authors, they will probably update their proof in the paper.

But as you've noticed, it's not a big deal because $2q$ is much smaller than $\frac{3q^2}{2}$ asymptotically. Then both expressions are indeed $\mathcal{O}(\sqrt q)$.

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Small error in security proof on the paper On the Multi-User Security of Short Schnorr Signatures with Preprocessing

TH: ข้อผิดพลาดเล็กๆ น้อยๆ ในการพิสูจน์ความปลอดภัยบนเอกสาร On the Multi-User Security of Short Schnorr Signatures with Preprocessing

RO: Mică eroare în dovada de securitate pe hârtie Despre securitatea multi-utilizator a semnăturilor Schnorr scurte cu preprocesare

RU: Небольшая ошибка в доказательстве безопасности в статье О многопользовательской безопасности коротких подписей Шнорра с предварительной обработкой

VI: Lỗi nhỏ trong bằng chứng bảo mật trên giấy Về bảo mật nhiều người dùng của chữ ký Schnorr ngắn với tiền xử lý

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.