Tight Adaptive Reprogramming in the QROM

Alex B. Grilo; Kathrin Hövelmanns; Andreas Hülsing; Christian Majenz

doi:10.1007/978-3-030-92062-3_22

Tight Adaptive Reprogramming in the QROM

Alex B. Grilo
, Kathrin Hövelmanns
, Andreas Hülsing
, Christian Majenz

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

22 Citations (Scopus)

Abstract

The random oracle model (ROM) enjoys widespread popularity, mostly because it tends to allow for tight and conceptually simple proofs where provable security in the standard model is elusive or costly. While being the adequate replacement of the ROM in the post-quantum security setting, the quantum-accessible random oracle model (QROM) has thus far failed to provide these advantages in many settings. In this work, we focus on adaptive reprogrammability, a feature of the ROM enabling tight and simple proofs in many settings. We show that the straightforward quantum-accessible generalization of adaptive reprogramming is feasible by proving a bound on the adversarial advantage in distinguishing whether a random oracle has been reprogrammed or not. We show that our bound is tight by providing a matching attack. We go on to demonstrate that our technique recovers the mentioned advantages of the ROM in three QROM applications: 1) We give a tighter proof of security of the message compression routine as used by XMSS. 2) We show that the standard ROM proof of chosen-message security for Fiat-Shamir signatures can be lifted to the QROM, straightforwardly, achieving a tighter reduction than previously known. 3) We give the first QROM proof of security against fault injection and nonce attacks for the hedged Fiat-Shamir transform.

Original language	English
Title of host publication	Advances in Cryptology – ASIACRYPT 2021
Subtitle of host publication	27th International Conference on the Theory and Application of Cryptology and Information Security, Singapore, December 6–10, 2021, Proceedings
Editors	Mehdi Tibouchi, Huaxiong Wang
Place of Publication	Cham
Publisher	Springer
Chapter	22
Pages	637-667
Number of pages	31
Volume	1
ISBN (Electronic)	978-3-030-92062-3
ISBN (Print)	978-3-030-92061-6
DOIs	https://doi.org/10.1007/978-3-030-92062-3_22
Publication status	Published - 2021
Event	27th International Conference on the Theory and Application of Cryptology and Information Security, ASIACRYPT 2021 - Virtual/Online, Signapore, Singapore Duration: 6 Dec 2021 → 10 Dec 2021 Conference number: 27 https://asiacrypt.iacr.org/2021/

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	13090 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	27th International Conference on the Theory and Application of Cryptology and Information Security, ASIACRYPT 2021
Abbreviated title	ASIACRYPT 2021
Country/Territory	Singapore
City	Signapore
Period	6/12/21 → 10/12/21
Internet address	https://asiacrypt.iacr.org/2021/

Funding

Funders	Funder number
European Union's Horizon 2020 - Research and Innovation Framework Programme	780701

Keywords

Adaptive reprogramming
Digital signature
Fiat-Shamir transform
Hedged Fiat-Shamir
Post-quantum security
QROM
XMSS

Access to Document

10.1007/978-3-030-92062-3_22

Cite this

Grilo, A. B., Hövelmanns, K., Hülsing, A., & Majenz, C. (2021). Tight Adaptive Reprogramming in the QROM. In M. Tibouchi, & H. Wang (Eds.), Advances in Cryptology – ASIACRYPT 2021: 27th International Conference on the Theory and Application of Cryptology and Information Security, Singapore, December 6–10, 2021, Proceedings (Vol. 1, pp. 637-667). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 13090 LNCS). Springer. https://doi.org/10.1007/978-3-030-92062-3_22

Grilo, Alex B. ; Hövelmanns, Kathrin ; Hülsing, Andreas et al. / Tight Adaptive Reprogramming in the QROM. Advances in Cryptology – ASIACRYPT 2021: 27th International Conference on the Theory and Application of Cryptology and Information Security, Singapore, December 6–10, 2021, Proceedings. editor / Mehdi Tibouchi ; Huaxiong Wang. Vol. 1 Cham : Springer, 2021. pp. 637-667 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{2465a44139e6473d8452a04ebf176f16,

title = "Tight Adaptive Reprogramming in the QROM",

abstract = "The random oracle model (ROM) enjoys widespread popularity, mostly because it tends to allow for tight and conceptually simple proofs where provable security in the standard model is elusive or costly. While being the adequate replacement of the ROM in the post-quantum security setting, the quantum-accessible random oracle model (QROM) has thus far failed to provide these advantages in many settings. In this work, we focus on adaptive reprogrammability, a feature of the ROM enabling tight and simple proofs in many settings. We show that the straightforward quantum-accessible generalization of adaptive reprogramming is feasible by proving a bound on the adversarial advantage in distinguishing whether a random oracle has been reprogrammed or not. We show that our bound is tight by providing a matching attack. We go on to demonstrate that our technique recovers the mentioned advantages of the ROM in three QROM applications: 1) We give a tighter proof of security of the message compression routine as used by XMSS. 2) We show that the standard ROM proof of chosen-message security for Fiat-Shamir signatures can be lifted to the QROM, straightforwardly, achieving a tighter reduction than previously known. 3) We give the first QROM proof of security against fault injection and nonce attacks for the hedged Fiat-Shamir transform.",

keywords = "Adaptive reprogramming, Digital signature, Fiat-Shamir transform, Hedged Fiat-Shamir, Post-quantum security, QROM, XMSS",

author = "Grilo, \{Alex B.\} and Kathrin H{\"o}velmanns and Andreas H{\"u}lsing and Christian Majenz",

year = "2021",

doi = "10.1007/978-3-030-92062-3\_22",

language = "English",

isbn = "978-3-030-92061-6",

volume = "1",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer",

pages = "637--667",

editor = "Mehdi Tibouchi and Huaxiong Wang",

booktitle = "Advances in Cryptology – ASIACRYPT 2021",

address = "Germany",

note = "27th International Conference on the Theory and Application of Cryptology and Information Security, ASIACRYPT 2021, ASIACRYPT 2021 ; Conference date: 06-12-2021 Through 10-12-2021",

url = "https://asiacrypt.iacr.org/2021/",

}

Grilo, AB, Hövelmanns, K , Hülsing, A & Majenz, C 2021, Tight Adaptive Reprogramming in the QROM. in M Tibouchi & H Wang (eds), Advances in Cryptology – ASIACRYPT 2021: 27th International Conference on the Theory and Application of Cryptology and Information Security, Singapore, December 6–10, 2021, Proceedings. vol. 1, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 13090 LNCS, Springer, Cham, pp. 637-667, 27th International Conference on the Theory and Application of Cryptology and Information Security, ASIACRYPT 2021, Signapore, Singapore, 6/12/21. https://doi.org/10.1007/978-3-030-92062-3_22

Tight Adaptive Reprogramming in the QROM. / Grilo, Alex B.; Hövelmanns, Kathrin ; Hülsing, Andreas et al.
Advances in Cryptology – ASIACRYPT 2021: 27th International Conference on the Theory and Application of Cryptology and Information Security, Singapore, December 6–10, 2021, Proceedings. ed. / Mehdi Tibouchi; Huaxiong Wang. Vol. 1 Cham: Springer, 2021. p. 637-667 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 13090 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - Tight Adaptive Reprogramming in the QROM

AU - Grilo, Alex B.

AU - Hövelmanns, Kathrin

AU - Hülsing, Andreas

AU - Majenz, Christian

N1 - Conference code: 27

PY - 2021

Y1 - 2021

N2 - The random oracle model (ROM) enjoys widespread popularity, mostly because it tends to allow for tight and conceptually simple proofs where provable security in the standard model is elusive or costly. While being the adequate replacement of the ROM in the post-quantum security setting, the quantum-accessible random oracle model (QROM) has thus far failed to provide these advantages in many settings. In this work, we focus on adaptive reprogrammability, a feature of the ROM enabling tight and simple proofs in many settings. We show that the straightforward quantum-accessible generalization of adaptive reprogramming is feasible by proving a bound on the adversarial advantage in distinguishing whether a random oracle has been reprogrammed or not. We show that our bound is tight by providing a matching attack. We go on to demonstrate that our technique recovers the mentioned advantages of the ROM in three QROM applications: 1) We give a tighter proof of security of the message compression routine as used by XMSS. 2) We show that the standard ROM proof of chosen-message security for Fiat-Shamir signatures can be lifted to the QROM, straightforwardly, achieving a tighter reduction than previously known. 3) We give the first QROM proof of security against fault injection and nonce attacks for the hedged Fiat-Shamir transform.

AB - The random oracle model (ROM) enjoys widespread popularity, mostly because it tends to allow for tight and conceptually simple proofs where provable security in the standard model is elusive or costly. While being the adequate replacement of the ROM in the post-quantum security setting, the quantum-accessible random oracle model (QROM) has thus far failed to provide these advantages in many settings. In this work, we focus on adaptive reprogrammability, a feature of the ROM enabling tight and simple proofs in many settings. We show that the straightforward quantum-accessible generalization of adaptive reprogramming is feasible by proving a bound on the adversarial advantage in distinguishing whether a random oracle has been reprogrammed or not. We show that our bound is tight by providing a matching attack. We go on to demonstrate that our technique recovers the mentioned advantages of the ROM in three QROM applications: 1) We give a tighter proof of security of the message compression routine as used by XMSS. 2) We show that the standard ROM proof of chosen-message security for Fiat-Shamir signatures can be lifted to the QROM, straightforwardly, achieving a tighter reduction than previously known. 3) We give the first QROM proof of security against fault injection and nonce attacks for the hedged Fiat-Shamir transform.

KW - Adaptive reprogramming

KW - Digital signature

KW - Fiat-Shamir transform

KW - Hedged Fiat-Shamir

KW - Post-quantum security

KW - QROM

KW - XMSS

UR - https://www.scopus.com/pages/publications/85121581532

U2 - 10.1007/978-3-030-92062-3_22

DO - 10.1007/978-3-030-92062-3_22

M3 - Conference contribution

SN - 978-3-030-92061-6

VL - 1

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 637

EP - 667

BT - Advances in Cryptology – ASIACRYPT 2021

A2 - Tibouchi, Mehdi

A2 - Wang, Huaxiong

PB - Springer

CY - Cham

T2 - 27th International Conference on the Theory and Application of Cryptology and Information Security, ASIACRYPT 2021

Y2 - 6 December 2021 through 10 December 2021

ER -

Grilo AB, Hövelmanns K , Hülsing A, Majenz C. Tight Adaptive Reprogramming in the QROM. In Tibouchi M, Wang H, editors, Advances in Cryptology – ASIACRYPT 2021: 27th International Conference on the Theory and Application of Cryptology and Information Security, Singapore, December 6–10, 2021, Proceedings. Vol. 1. Cham: Springer. 2021. p. 637-667. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-030-92062-3_22

Tight Adaptive Reprogramming in the QROM

Abstract

Publication series

Conference

Funding

Keywords

Access to Document

Other files and links

Fingerprint

Cite this