Extended security arguments for signature schemes

Özgür Dagdelen, David Galindo, Pascal Véron, Sidi Mohamed El Yousfi Alaoui, Pierre-louis Cayrel

Research output: Contribution to journalArticlepeer-review

8 Citations (Scopus)


It is known how to transform certain canonical three-pass identification schemes into signature schemes via the Fiat–Shamir transform. Pointcheval and Stern showed that those schemes are existentially unforgeable in the random-oracle model leveraging the, at that time, novel forking lemma. Recently, a number of 5-pass identification protocols have been proposed. Extending the above technique to capture 5-pass identification schemes would allow to obtain novel unforgeable signature schemes. In this paper, we provide an extension of the forking lemma (and the Fiat–Shamir transform) in order to assess the security of what we call n-generic signature schemes. These include signature schemes that are derived from certain (2n+1)-pass identification schemes. In doing so, we put forward a generic methodology for proving the security of a number of signature schemes derived from (2n+1)-pass identification schemes for n≥2. As an application of this methodology, we obtain two new code-based existentially-unforgeable signature schemes, along with a security reduction. In particular, we solve an open problem in multivariate cryptography posed by Sakumoto, Shirai and Hiwatari at CRYPTO 2011.
Original languageEnglish
Pages (from-to)441-461
JournalDesigns, Codes and Cryptography
Issue number2
Early online date23 Sept 2014
Publication statusPublished - 1 Feb 2016


  • Code-based cryptography
  • Multivariate cryptography
  • Signature schemes
  • Forking lemma
  • Identification schemes
  • Fiat–Shamir


Dive into the research topics of 'Extended security arguments for signature schemes'. Together they form a unique fingerprint.

Cite this