Score:1

Post quantum deterministic strongly EUF-CMA secure signature scheme?

il flag

I am trying to figure out if there is a known construction of a post quantum secure EUF-CMA secure signature scheme for which the signature procedure is deterministic.

It seems that it is possible to "determinize" a randomized signature scheme which uses a bounded amount of randomness by means of a post quantum PRF: sample a key k for the PRF and attach it to the private key of the signature scheme. When signing a message m use PRF_k(m) instead of the random bits. It seems this could be also extended to general randomness with standard arguments (e.g. use PRF_k(m), PRF_k(m+1) etc. to generate sufficiently many random bits).

Intuitively it seems to me that if the original scheme is strong EUF-CMA secure than so should be the resulting scheme (since statistical difference in the views of the same adversary in the security games of the two schemes seems to imply a distinguisher between the PRF and a truly random function).

It also seems that it might be easy to transform a deterministic weak EUF-CMA secure scheme to a strong one by means of cryptographic hash functions: attach the hash of the signature to the signature. This will make render signature that the verification procedure might have accepted even though they weren't created by the signing procedure invalid, as long as the adversary is unable to find a collision in the hash function.

Are these intuitions solid, or am I missing a crucial subtlety? More importantly, do they already appear somewhere in the literature? I couldn't find anything useful.

meshcollider avatar
gb flag
"attach the hash of the signature to the signature" -> do you mean hash of the message? And why could an adversary simply not replace the hash with a new one?
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.