International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

The Measure-and-Reprogram Technique 2.0: Multi-Round Fiat-Shamir and More

Authors:
Jelle Don , CWI Amsterdam
Serge Fehr , CWI Amsterdam & Leiden University
Christian Majenz , CWI Amsterdam & QuSoft
Download:
DOI: 10.1007/978-3-030-56877-1_21 (login may be required)
Search ePrint
Search Google
Conference: CRYPTO 2020
Abstract: We revisit recent works by Don, Fehr, Majenz and Schaffner and by Liu and Zhandry on the security of the Fiat-Shamir transformation of sigma-protocols in the quantum random oracle model (QROM). Two natural questions that arise in this context are: (1) whether the results extend to the Fiat-Shamir transformation of {\em multi-round} interactive proofs, and (2) whether Don et al.'s O(q^2) loss in security is optimal. Firstly, we answer question (1) in the affirmative. As a byproduct of solving a technical difficulty in proving this result, we slightly improve the result of Don et al., equipping it with a cleaner bound and an even simpler proof. We apply our result to digital signature schemes showing that it can be used to prove strong security for schemes like MQDSS in the QROM. As another application we prove QROM-security of a non-interactive OR proof by Liu, Wei and Wong. As for question (2), we show via a Grover-search based attack that Don et al.'s quadratic security loss for the Fiat-Shamir transformation of sigma-protocols is optimal up to a small constant factor. This extends to our new multi-round result, proving it tight up to a factor that depends on the number of rounds only, i.e. is constant for any constant-round interactive proof.
Video from CRYPTO 2020
BibTeX
@inproceedings{crypto-2020-30375,
  title={The Measure-and-Reprogram Technique 2.0: Multi-Round Fiat-Shamir and More},
  publisher={Springer-Verlag},
  doi={10.1007/978-3-030-56877-1_21},
  author={Jelle Don and Serge Fehr and Christian Majenz},
  year=2020
}