Hash function requirements for Schnorr signatures

Hash function requirements for Schnorr signatures

We provide two necessary conditions on hash functions for the Schnorr signature scheme to be secure, assuming compact group representations such as those which occur in elliptic curve groups. We also show, via an argument in the generic group model, that these conditions are sufficient. Our hash fun...

Full description

Bibliographic Details
Main Authors: Neven Gregory, Smart Nigel P., Warinschi Bogdan
Format: Article
Language:English
Published: De Gruyter 2009-05-01
Series:Journal of Mathematical Cryptology
Subjects:
schnorr signatures
generic group model
hash function
Online Access:https://doi.org/10.1515/JMC.2009.004
id doaj-fdf85a8449784c57a46380147126f582
record_format Article
spelling doaj-fdf85a8449784c57a46380147126f5822021-09-06T19:39:36ZengDe GruyterJournal of Mathematical Cryptology1862-29761862-29842009-05-0131698710.1515/JMC.2009.004Hash function requirements for Schnorr signaturesNeven Gregory0Smart Nigel P.1Warinschi Bogdan2IBM Research, Zurich Research Laboratory, Säumerstrasse 4, CH-8803 Rüschlikon, Switzerland, and Department of Electrical Engineering, Katholieke Universiteit Leuven, Kasteelpark Arenberg 10, B-3001 Heverlee, Belgium. Email: nev@zurich.ibm.comDepartment of Computer Science, University of Bristol, Merchant Venturers Building, Woodland Road, Bristol, BS8 1UB, United Kingdom. Email: nigel@cs.bris.ac.ukDepartment of Computer Science, University of Bristol, Merchant Venturers Building, Woodland Road, Bristol, BS8 1UB, United Kingdom. Email: bogdan@cs.bris.ac.ukWe provide two necessary conditions on hash functions for the Schnorr signature scheme to be secure, assuming compact group representations such as those which occur in elliptic curve groups. We also show, via an argument in the generic group model, that these conditions are sufficient. Our hash function security requirements are variants of the standard notions of preimage and second preimage resistance. One of them is in fact equivalent to the Nostradamus attack by Kelsey and Kohno (Eurocrypt, Lecture Notes in Computer Science 4004: 183–200, 2006), and, when considering keyed compression functions, both are closely related to the ePre and eSec notions by Rogaway and Shrimpton (FSE, Lecture Notes in Computer Science 3017: 371–388, 2004).https://doi.org/10.1515/JMC.2009.004schnorr signaturesgeneric group modelhash function
collection DOAJ
language English
format Article
sources DOAJ
author Neven Gregory
Smart Nigel P.
Warinschi Bogdan
spellingShingle Neven Gregory
Smart Nigel P.
Warinschi Bogdan
Hash function requirements for Schnorr signatures
Journal of Mathematical Cryptology
schnorr signatures
generic group model
hash function
author_facet Neven Gregory
Smart Nigel P.
Warinschi Bogdan
author_sort Neven Gregory
title Hash function requirements for Schnorr signatures
title_short Hash function requirements for Schnorr signatures
title_full Hash function requirements for Schnorr signatures
title_fullStr Hash function requirements for Schnorr signatures
title_full_unstemmed Hash function requirements for Schnorr signatures
title_sort hash function requirements for schnorr signatures
publisher De Gruyter
series Journal of Mathematical Cryptology
issn 1862-2976
1862-2984
publishDate 2009-05-01
description We provide two necessary conditions on hash functions for the Schnorr signature scheme to be secure, assuming compact group representations such as those which occur in elliptic curve groups. We also show, via an argument in the generic group model, that these conditions are sufficient. Our hash function security requirements are variants of the standard notions of preimage and second preimage resistance. One of them is in fact equivalent to the Nostradamus attack by Kelsey and Kohno (Eurocrypt, Lecture Notes in Computer Science 4004: 183–200, 2006), and, when considering keyed compression functions, both are closely related to the ePre and eSec notions by Rogaway and Shrimpton (FSE, Lecture Notes in Computer Science 3017: 371–388, 2004).
topic schnorr signatures
generic group model
hash function
url https://doi.org/10.1515/JMC.2009.004
work_keys_str_mv AT nevengregory hashfunctionrequirementsforschnorrsignatures
AT smartnigelp hashfunctionrequirementsforschnorrsignatures
AT warinschibogdan hashfunctionrequirementsforschnorrsignatures
_version_ 1717770407679885312

Similar Items