Crypto Seminar - Adam O'Neill April 3, 2025 4:30pm — 5:30pm Location: In Person and Virtual - ET - Blelloch-Skees Conference Room, Gates Hillman 8115 and Zoom Speaker: ADAM O'NEILL , Assistant Professor, Manning College of Information and Computer Sciences, University of Massachusetts Amherst https://groups.cs.umass.edu/oneill/ On The Tight Security of (Threshold) Schnorr Signatures We show that the widely-used Schnorr signature scheme meets existential unforgeability under chosen-message attack (EUF-CMA) in the random oracle model (ROM) if the circular discrete-logarithm (CDL) assumption holds in the underlying group. CDL is a new, non-interactive and falsifiable variant of the discrete-log assumption that we introduce. Our reduction is completely tight, meaning the constructed adversary against CDL has essentially the same running time and success probability as the assumed forger. This serves to justify the size of the underlying group used in practice. To our knowledge, we are the first to exhibit such a reduction. Indeed, prior results required interactive and non-falsifiable assumptions (Bellare and Dai, INDOCRYPT 2020) or additional idealized models like the algebraic group model (Fuchsbauer et al., EUROCRYPT 2020). We then extend our result to threshold Schnorr signatures. In particular, we show that Sparkle+ (Crites et al., CRYPTO 2023) is tightly secure under static corruptions assuming CDL. Finally, we justify CDL by showing it holds in two carefully-chosen idealized models that idealize different aspects of the assumption. In Person and Zoom Participation. See announcement. Event Website: https://sites.google.com/view/crypto-seminar/home Add event to Google Add event to iCal
