International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Hardening Signature Schemes via Derive-then-Derandomize: Stronger Security Proofs for EdDSA

Authors:
Mihir Bellare , University of California, San Diego)
Hannah Davis , University of California, San Diego
Zijing Di , Stanford University
Download:
DOI: 10.1007/978-3-031-31368-4_9
Search ePrint
Search Google
Presentation: Slides
Conference: PKC 2023
Abstract: We consider a transform, called Derive-then-Derandomize, that hardens a given signature scheme against randomness failure and implementation error. We prove that it works. We then give a general lemma showing indifferentiability of a class of constructions that apply a shrinking output transform to an MD-style hash function. Armed with these tools, we give new proofs for the widely standardized and used $\EdDSA$ signature scheme, improving prior work in two ways: (1) we give proofs for the case that the hash function is an MD-style one, reflecting the use of SHA512 in the NIST standard, and (2) we improve the tightness of the reduction so that one has guarantees for group sizes in actual use.
BibTeX
@inproceedings{pkc-2023-32833,
  title={Hardening Signature Schemes via Derive-then-Derandomize: Stronger Security Proofs for EdDSA},
  publisher={Springer-Verlag},
  doi={10.1007/978-3-031-31368-4_9},
  author={Mihir Bellare and Hannah Davis and Zijing Di},
  year=2023
}