Non-Resignability of the BUFF Transform
257 views
Skip to first unread message
Yu-Hsuan Huang
May 29, 2024, 12:40:56 PMMay 29
to pqc-...@list.nist.gov, Jelle Don, Serge Fehr, Yu-Hsuan Huang, jjliao, patrick...@uni.kn
Hi all,
We would like to give a quick update on the BUFF transform, which was introduced by [CDF+21] to obtain security properties for signature schemes that go beyond the standard unforgeability. One of them is non-resignability (NR). However, in the light of recent negative results (see post https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/-7qlvLIuK6I/m/e8fPvhSnAQAJ ), it became a startling open question whether the (original) BUFF transform satisfies any meaningful notion of NR. This has been recently answered by our ePrint paper [DFHLS24].
We prove that the BUFF transform satisfies the (almost) strongest notion of NR that one may hope for, given the recent negative results. Our positive results cover both classical and quantum attacks, and both when the underlying entropy requirement is computational and statistical.
For more details, please refer to the full paper.
Best,
Serge Fehr, Yu-Hsuan Huang, Jyun-Jie Liao, and Patrick Struck
[CDF+21] https://eprint.iacr.org/2020/1525.pdf
[DFHS24] https://eprint.iacr.org/2023/1634.pdf
[DFHLS24] https://eprint.iacr.org/2024/793
We would like to give a quick update on the BUFF transform, which was introduced by [CDF+21] to obtain security properties for signature schemes that go beyond the standard unforgeability. One of them is non-resignability (NR). However, in the light of recent negative results (see post https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/-7qlvLIuK6I/m/e8fPvhSnAQAJ ), it became a startling open question whether the (original) BUFF transform satisfies any meaningful notion of NR. This has been recently answered by our ePrint paper [DFHLS24].
We prove that the BUFF transform satisfies the (almost) strongest notion of NR that one may hope for, given the recent negative results. Our positive results cover both classical and quantum attacks, and both when the underlying entropy requirement is computational and statistical.
For more details, please refer to the full paper.
Best,
Serge Fehr, Yu-Hsuan Huang, Jyun-Jie Liao, and Patrick Struck
[CDF+21] https://eprint.iacr.org/2020/1525.pdf
[DFHS24] https://eprint.iacr.org/2023/1634.pdf
[DFHLS24] https://eprint.iacr.org/2024/793
Reply all
Reply to author
Forward
0 new messages