On Concrete Security Treatment of Signatures Derived from Identi cation

Signature schemes that are derived from three move identi cation schemes such as the Fiat-Shamir, Schnorr and modi ed ElGamal schemes are a typical class of the most practical signature schemes. The random oracle paradigm [1, 2, 12] is useful to prove the security of such a class of signature schemes [4, 12]. This paper presents a new key technique, \ID reduction", to show the concrete security result of this class of signature schemes under the random oracle paradigm. First, we apply this technique to the Schnorr and modi ed ElGamal schemes, and show the \concrete security analysis" of these schemes. We then apply it to the multi-signature schemes.