Hash function requirements for Schnorr signatures

Neven Gregory; Smart Nigel P.; Warinschi Bogdan

doi:10.1515/JMC.2009.004

Journal of Mathematical Cryptology (May 2009)

Hash function requirements for Schnorr signatures

Neven Gregory,
Smart Nigel P.,
Warinschi Bogdan

Affiliations

Neven Gregory: IBM Research, Zurich Research Laboratory, Säumerstrasse 4, CH-8803 Rüschlikon, Switzerland, and Department of Electrical Engineering, Katholieke Universiteit Leuven, Kasteelpark Arenberg 10, B-3001 Heverlee, Belgium. Email: [email protected]
Smart Nigel P.: Department of Computer Science, University of Bristol, Merchant Venturers Building, Woodland Road, Bristol, BS8 1UB, United Kingdom. Email: [email protected]
Warinschi Bogdan: Department of Computer Science, University of Bristol, Merchant Venturers Building, Woodland Road, Bristol, BS8 1UB, United Kingdom. Email: [email protected]

DOI: https://doi.org/10.1515/JMC.2009.004
Journal volume & issue: Vol. 3, no. 1
pp. 69 – 87

Abstract

Read online

We provide two necessary conditions on hash functions for the Schnorr signature scheme to be secure, assuming compact group representations such as those which occur in elliptic curve groups. We also show, via an argument in the generic group model, that these conditions are sufficient. Our hash function security requirements are variants of the standard notions of preimage and second preimage resistance. One of them is in fact equivalent to the Nostradamus attack by Kelsey and Kohno (Eurocrypt, Lecture Notes in Computer Science 4004: 183–200, 2006), and, when considering keyed compression functions, both are closely related to the ePre and eSec notions by Rogaway and Shrimpton (FSE, Lecture Notes in Computer Science 3017: 371–388, 2004).

Published in Journal of Mathematical Cryptology

ISSN: 1862-2976 (Print); 1862-2984 (Online)
Publisher: De Gruyter
Country of publisher: Poland
LCC subjects: Science: Mathematics
Website: https://www.degruyter.com/view/journals/jmc/jmc-overview.xml

About the journal

Abstract

Keywords