Schnorr Signatures are Tightly Secure in the ROM Under a Non-interactive Assumption

Cho, Gavin; Fuchsbauer, Georg; O’Neill, Adam; Sefranek, Marek

doi:10.1007/978-3-032-01887-8_8

DC Field

Value

Language

dc.contributor.author

Cho, Gavin

dc.contributor.author

Fuchsbauer, Georg

dc.contributor.author

O’Neill, Adam

dc.contributor.author

Sefranek, Marek

dc.date.accessioned

2025-09-22T09:51:22Z

dc.date.available

2025-09-22T09:51:22Z

dc.date.issued

2025-08-17

dc.identifier.citation

<div class="csl-bib-body"> <div class="csl-entry">Cho, G., Fuchsbauer, G., O’Neill, A., & Sefranek, M. (2025). Schnorr Signatures are Tightly Secure in the ROM Under a Non-interactive Assumption. In <i>Advances in Cryptology – CRYPTO 2025 : 45th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 17–21, 2025, Proceedings, Part VI</i> (pp. 223–255). Springer. https://doi.org/10.1007/978-3-032-01887-8_8</div> </div>

dc.identifier.uri

http://hdl.handle.net/20.500.12708/219269

dc.description.abstract

We show that the widely-used Schnorr signature scheme meets existential unforgeability under chosen-message attack (EUF-CMA) in the random oracle model (ROM) if the circular discrete-logarithm (CDL) assumption holds in the underlying group. CDL is a new, non-interactive and falsifiable variant of the discrete-logarithm (DL) assumption that we introduce. Our reduction is completely tight, meaning the constructed adversary against CDL has essentially the same running time and success probability as the assumed forger. This serves to justify the size of the underlying group for Schnorr signatures used in practice. To our knowledge, we are the first to exhibit such a reduction. Indeed, prior work required interactive and non-falsifiable assumptions (Bellare and Dai, INDOCRYPT 2020) or additional idealized models beyond the ROM like the algebraic group model (Fuchsbauer, Plouviez and Seurin, EUROCRYPT 2020). To further demonstrate the applicability of CDL, we show that Sparkle+ (Crites, Komlo and Maller, CRYPTO 2023), a threshold signing scheme for Schnorr, is tightly secure (under static corruptions) assuming CDL. Finally, we justify CDL by showing it holds in two carefully chosen idealized models that idealize different aspects of the assumption.

dc.description.sponsorship

WWTF Wiener Wissenschafts-, Forschu und Technologiefonds

dc.description.sponsorship

FWF - Österr. Wissenschaftsfonds

dc.language.iso

dc.relation.ispartofseries

Lecture Notes in Computer Science

dc.subject

ECDSA conversion function

dc.subject

Schnorr signatures

dc.subject

threshold signatures

dc.subject

tight security

dc.title

Schnorr Signatures are Tightly Secure in the ROM Under a Non-interactive Assumption

dc.type

Inproceedings

dc.type

Konferenzbeitrag

dc.contributor.affiliation

University of Massachusetts Amherst, United States of America (the)

dc.contributor.affiliation

University of Massachusetts Amherst, United States of America (the)

dc.relation.isbn

978-3-032-01887-8

dc.relation.doi

10.1007/978-3-032-01887-8

dc.relation.issn

0302-9743

dc.description.startpage

223

dc.description.endpage

255

dc.relation.grantno

Projektnummer VRG18-002

dc.relation.grantno

F 8500

dc.type.category

Full-Paper Contribution

dc.relation.eissn

1611-3349

tuw.booktitle

Advances in Cryptology – CRYPTO 2025 : 45th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 17–21, 2025, Proceedings, Part VI

tuw.container.volume

16005

tuw.peerreviewed

true

tuw.relation.publisher

Springer

tuw.relation.publisherplace

Cham

tuw.project.title

Cryptographic Foundations of Privacy in Distributed Ledgers

tuw.project.title

Semantische und kryptografische Grundlagen von Informationssicherheit und Datenschutz durch modulares Design

tuw.researchTopic.id

tuw.researchTopic.name

Logic and Computation

tuw.researchTopic.value

100

tuw.publication.orgunit

E192-06 - Forschungsbereich Security and Privacy

tuw.publisher.doi

10.1007/978-3-032-01887-8_8

dc.description.numberOfPages

tuw.author.orcid

0000-0003-1882-4959

tuw.author.orcid

0000-0001-5672-5850

tuw.author.orcid

0009-0006-0233-6466

tuw.author.orcid

0009-0008-8987-9555

tuw.event.name

45th Annual International Cryptology Conference (CRYPTO 2025)

tuw.event.startdate

17-08-2025

tuw.event.enddate

21-08-2025

tuw.event.online

Hybrid

tuw.event.type

Event for scientific audience

tuw.event.place

Santa Barbara, CA

tuw.event.country

tuw.event.presenter

Sefranek, Marek

tuw.event.track

Multi Track

wb.sciencebranch

Informatik

wb.sciencebranch

Mathematik

wb.sciencebranch.oefos

1020

wb.sciencebranch.oefos

1010

wb.sciencebranch.value

item.languageiso639-1

item.grantfulltext

none

item.openairetype

conference paper

item.openairecristype

http://purl.org/coar/resource_type/c_5794

item.cerifentitytype

Publications

item.fulltext

no Fulltext

crisitem.project.funder

WWTF Wiener Wissenschafts-, Forschu und Technologiefonds

crisitem.project.funder

FWF - Österr. Wissenschaftsfonds

crisitem.project.grantno

Projektnummer VRG18-002

crisitem.project.grantno

F 8500

crisitem.author.dept

University of Massachusetts Amherst, United States of America (the)

crisitem.author.dept

E192-06 - Forschungsbereich Security and Privacy

crisitem.author.dept

University of Massachusetts Amherst, United States of America (the)

crisitem.author.dept

E192-06 - Forschungsbereich Security and Privacy

crisitem.author.orcid

0000-0003-1882-4959

crisitem.author.orcid

0009-0006-0233-6466

crisitem.author.orcid

0009-0008-8987-9555

crisitem.author.parentorg

E192 - Institut für Logic and Computation

crisitem.author.parentorg

E192 - Institut für Logic and Computation

Appears in Collections:

Conference Paper

Show simple item record

Page view(s)

checked on Sep 22, 2025

Google Scholar^TM

Check

Page view(s)

Google ScholarTM

Google Scholar^TM