| Sven Schäge |  |
 |
Date of the talk: 2 December 2011
Tight Security for Strong RSA based Signature Schemes
The talk will present tight proofs for a large class of signature schemes secure under the Strong RSA assumption, a flexible variant of the well-known RSA assumption. Among the affected signature schemes are the Fischlin, Cramer-Shoup and Camenisch-Lysyanskaya scheme. The results show that existing implementations provide a higher security level than expected while new implementations can have (considerably) smaller signature sizes and more efficient algorithms for signature generation and verification at the same level of security. Central to the results is a new technique that allows the simulator to avoid guessing which of the attacker's signature queries will be re-used in the forgery. In contrast to previous proofs, the security reduction does not lose a factor of q - the number of adversarial signature queries.
