In this paper, we revisit the security of randomized hash&sign. More precisely, we present an improved security analysis for the underlying hash function property multi-target extended target collision resistance ( \(\mathsf {\textsc {m}\text {-}\textsc {eTCR}}\) ) in the quantum random oracle model (QROM). While prior work relied on reprogramming techniques to handle adversarial challenge queries, we leverage the hybrid compressed oracle framework of Hamoudi, Liu, and Sinha [19] to formulate an adaptive search problem. To do so, we had to extend their framework to cover partially randomized classical adversary queries. We conjecture that this extension will also allow to analyze further hash function properties that allow adversaries to define challenges via a classical oracle. By applying the extended framework to \(\mathsf {\textsc {m}\text {-}\textsc {eTCR}}\) , we give an improved upper bound on the adversary’s success probability. Our results show that the required key size for \(\mathsf {\textsc {m}\text {-}\textsc {eTCR}}\) can be reduced by more than half (from 192 to 72 bits), and we prove the tightness of our bound in the number of queries via matching attacks. To illustrate practical impact, we optimize parameters for Falcon in the hash&sign paradigm, enabling more efficient instantiations with reduced salt sizes resulting in smaller signature lengths. For the example of multiple signatures aggregation, we achieve a signature size improvement of 30 kB for typical parameters.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Hybrid-Query Bounds with Partial Input Control Framework and Application to Tight M-eTCR

  • Andreas Hülsing,
  • Mikhail Kudinov,
  • Christian Majenz

摘要

In this paper, we revisit the security of randomized hash&sign. More precisely, we present an improved security analysis for the underlying hash function property multi-target extended target collision resistance ( \(\mathsf {\textsc {m}\text {-}\textsc {eTCR}}\) ) in the quantum random oracle model (QROM). While prior work relied on reprogramming techniques to handle adversarial challenge queries, we leverage the hybrid compressed oracle framework of Hamoudi, Liu, and Sinha [19] to formulate an adaptive search problem. To do so, we had to extend their framework to cover partially randomized classical adversary queries. We conjecture that this extension will also allow to analyze further hash function properties that allow adversaries to define challenges via a classical oracle. By applying the extended framework to \(\mathsf {\textsc {m}\text {-}\textsc {eTCR}}\) , we give an improved upper bound on the adversary’s success probability. Our results show that the required key size for \(\mathsf {\textsc {m}\text {-}\textsc {eTCR}}\) can be reduced by more than half (from 192 to 72 bits), and we prove the tightness of our bound in the number of queries via matching attacks. To illustrate practical impact, we optimize parameters for Falcon in the hash&sign paradigm, enabling more efficient instantiations with reduced salt sizes resulting in smaller signature lengths. For the example of multiple signatures aggregation, we achieve a signature size improvement of 30 kB for typical parameters.