On the impossibility of instantiating PSS in the standard model

Rishiraj Bhattacharyya; Avradip Mandal

doi:10.1007/978-3-642-19379-8_22

On the impossibility of instantiating PSS in the standard model

Rishiraj Bhattacharyya^*, Avradip Mandal

^*Corresponding author for this work

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

1 Citation (Scopus)

Abstract

In this paper we consider the problem of securely instantiating Probabilistic Signature Scheme (PSS) in the standard model. PSS, proposed by Bellare and Rogaway [3] is a widely deployed randomized signature scheme, provably secure (unforgeable under adaptively chosen message attacks) in Random Oracle Model. Our main result is a black-box impossibility result showing that one can not prove unforgeability of PSS against chosen message attacks using blackbox techniques even assuming existence of ideal trapdoor permutations (a strong abstraction of trapdoor permutations which inherits all security properties of a random permutation, introduced by Kiltz and Pietrzak in Eurocrypt 2009) or the recently proposed lossy trapdoor permutations [20]. Moreover, we show onewayness, the most common security property of a trapdoor permutation does not suffice to prove even the weakest security criteria, namely unforgeability under zero message attack. Our negative results can easily be extended to any randomized signature scheme where one can recover the random string from a valid signature.

Original language	English
Title of host publication	Public Key Cryptography, PKC 2011 - 14th International Conference on Practice and Theory in Public Key Cryptography, Proceedings
Pages	351-368
Number of pages	18
DOIs	https://doi.org/10.1007/978-3-642-19379-8_22
Publication status	Published - 2011
Event	14th International Conference on Practice and Theory in Public Key Cryptography, PKC 2011 - Taormina, Italy Duration: 6 Mar 2011 → 9 Mar 2011

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	6571 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	14th International Conference on Practice and Theory in Public Key Cryptography, PKC 2011
Country/Territory	Italy
City	Taormina
Period	6/03/11 → 9/03/11

Keywords

Blackbox Reductions
PSS
Randomized Signature
Standard Model

ASJC Scopus subject areas

Theoretical Computer Science
General Computer Science

Access to Document

10.1007/978-3-642-19379-8_22

Cite this

Bhattacharyya, R., & Mandal, A. (2011). On the impossibility of instantiating PSS in the standard model. In Public Key Cryptography, PKC 2011 - 14th International Conference on Practice and Theory in Public Key Cryptography, Proceedings (pp. 351-368). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 6571 LNCS). https://doi.org/10.1007/978-3-642-19379-8_22

Bhattacharyya, Rishiraj ; Mandal, Avradip. / On the impossibility of instantiating PSS in the standard model. Public Key Cryptography, PKC 2011 - 14th International Conference on Practice and Theory in Public Key Cryptography, Proceedings. 2011. pp. 351-368 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{85b91be0333f43578d06348501cea095,

title = "On the impossibility of instantiating PSS in the standard model",

abstract = "In this paper we consider the problem of securely instantiating Probabilistic Signature Scheme (PSS) in the standard model. PSS, proposed by Bellare and Rogaway [3] is a widely deployed randomized signature scheme, provably secure (unforgeable under adaptively chosen message attacks) in Random Oracle Model. Our main result is a black-box impossibility result showing that one can not prove unforgeability of PSS against chosen message attacks using blackbox techniques even assuming existence of ideal trapdoor permutations (a strong abstraction of trapdoor permutations which inherits all security properties of a random permutation, introduced by Kiltz and Pietrzak in Eurocrypt 2009) or the recently proposed lossy trapdoor permutations [20]. Moreover, we show onewayness, the most common security property of a trapdoor permutation does not suffice to prove even the weakest security criteria, namely unforgeability under zero message attack. Our negative results can easily be extended to any randomized signature scheme where one can recover the random string from a valid signature.",

keywords = "Blackbox Reductions, PSS, Randomized Signature, Standard Model",

author = "Rishiraj Bhattacharyya and Avradip Mandal",

year = "2011",

doi = "10.1007/978-3-642-19379-8_22",

language = "English",

isbn = "9783642193781",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

pages = "351--368",

booktitle = "Public Key Cryptography, PKC 2011 - 14th International Conference on Practice and Theory in Public Key Cryptography, Proceedings",

note = "14th International Conference on Practice and Theory in Public Key Cryptography, PKC 2011 ; Conference date: 06-03-2011 Through 09-03-2011",

}

Bhattacharyya, R & Mandal, A 2011, On the impossibility of instantiating PSS in the standard model. in Public Key Cryptography, PKC 2011 - 14th International Conference on Practice and Theory in Public Key Cryptography, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 6571 LNCS, pp. 351-368, 14th International Conference on Practice and Theory in Public Key Cryptography, PKC 2011, Taormina, Italy, 6/03/11. https://doi.org/10.1007/978-3-642-19379-8_22

On the impossibility of instantiating PSS in the standard model. / Bhattacharyya, Rishiraj; Mandal, Avradip.
Public Key Cryptography, PKC 2011 - 14th International Conference on Practice and Theory in Public Key Cryptography, Proceedings. 2011. p. 351-368 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 6571 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - On the impossibility of instantiating PSS in the standard model

AU - Bhattacharyya, Rishiraj

AU - Mandal, Avradip

PY - 2011

Y1 - 2011

N2 - In this paper we consider the problem of securely instantiating Probabilistic Signature Scheme (PSS) in the standard model. PSS, proposed by Bellare and Rogaway [3] is a widely deployed randomized signature scheme, provably secure (unforgeable under adaptively chosen message attacks) in Random Oracle Model. Our main result is a black-box impossibility result showing that one can not prove unforgeability of PSS against chosen message attacks using blackbox techniques even assuming existence of ideal trapdoor permutations (a strong abstraction of trapdoor permutations which inherits all security properties of a random permutation, introduced by Kiltz and Pietrzak in Eurocrypt 2009) or the recently proposed lossy trapdoor permutations [20]. Moreover, we show onewayness, the most common security property of a trapdoor permutation does not suffice to prove even the weakest security criteria, namely unforgeability under zero message attack. Our negative results can easily be extended to any randomized signature scheme where one can recover the random string from a valid signature.

AB - In this paper we consider the problem of securely instantiating Probabilistic Signature Scheme (PSS) in the standard model. PSS, proposed by Bellare and Rogaway [3] is a widely deployed randomized signature scheme, provably secure (unforgeable under adaptively chosen message attacks) in Random Oracle Model. Our main result is a black-box impossibility result showing that one can not prove unforgeability of PSS against chosen message attacks using blackbox techniques even assuming existence of ideal trapdoor permutations (a strong abstraction of trapdoor permutations which inherits all security properties of a random permutation, introduced by Kiltz and Pietrzak in Eurocrypt 2009) or the recently proposed lossy trapdoor permutations [20]. Moreover, we show onewayness, the most common security property of a trapdoor permutation does not suffice to prove even the weakest security criteria, namely unforgeability under zero message attack. Our negative results can easily be extended to any randomized signature scheme where one can recover the random string from a valid signature.

KW - Blackbox Reductions

KW - PSS

KW - Randomized Signature

KW - Standard Model

UR - http://www.scopus.com/inward/record.url?scp=79952499942&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-19379-8_22

DO - 10.1007/978-3-642-19379-8_22

M3 - Conference contribution

AN - SCOPUS:79952499942

SN - 9783642193781

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 351

EP - 368

BT - Public Key Cryptography, PKC 2011 - 14th International Conference on Practice and Theory in Public Key Cryptography, Proceedings

T2 - 14th International Conference on Practice and Theory in Public Key Cryptography, PKC 2011

Y2 - 6 March 2011 through 9 March 2011

ER -

Bhattacharyya R, Mandal A. On the impossibility of instantiating PSS in the standard model. In Public Key Cryptography, PKC 2011 - 14th International Conference on Practice and Theory in Public Key Cryptography, Proceedings. 2011. p. 351-368. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-642-19379-8_22

On the impossibility of instantiating PSS in the standard model

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Fingerprint

Cite this