[Resource Topic] 2023/298: Hardening Signature Schemes via Derive-then-Derandomize: Stronger Security Proofs for EdDSA

Welcome to the resource topic for 2023/298

Title:
Hardening Signature Schemes via Derive-then-Derandomize: Stronger Security Proofs for EdDSA

Authors: Mihir Bellare, Hannah Davis, Zijing Di

Abstract:

We consider a transform, called Derive-then-Derandomize, that hardens a given signature scheme against randomness failure and implementation error. We prove that it works. We then give a general lemma showing indifferentiability of Shrink-MD, a class of constructions that apply a shrinking output transform to an MD-style hash function. Armed with these tools, we give new proofs for the widely standardized and used EdDSA signature scheme, improving prior work in two ways: (1) we give proofs for the case that the hash function is an MD-style one, reflecting the use of SHA512 in the NIST standard, and (2) we improve the tightness of the reduction so that one has guarantees for group sizes in actual use.

ePrint: https://eprint.iacr.org/2023/298

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .