Making Existential-Unforgeable Signatures Strongly Unforgeable in the Quantum Random-Oracle Model

TL;DR

This paper extends a classical transformation for converting existential-unforgeable signatures into strongly unforgeable ones to the quantum setting, ensuring quantum security in the quantum random-oracle model.

Contribution

It proves that a known classical transformation also works against quantum adversaries, introducing new proof techniques for quantum random-oracle programming.

Findings

Transformation is secure against quantum adversaries.

Resulting scheme is quantum-secure under lattice assumptions.

Develops new methods for quantum random-oracle programming.

Abstract

Strongly unforgeable signature schemes provide a more stringent security guarantee than the standard existential unforgeability. It requires that not only forging a signature on a new message is hard, it is infeasible as well to produce a new signature on a message for which the adversary has seen valid signatures before. Strongly unforgeable signatures are useful both in practice and as a building block in many cryptographic constructions. This work investigates a generic transformation that compiles any existential-unforgeable scheme into a strongly unforgeable one, which was proposed by Teranishi et al. and was proven in the classical random-oracle model. Our main contribution is showing that the transformation also works against quantum adversaries in the quantum random-oracle model. We develop proof techniques such as adaptively programming a quantum random-oracle in a new setting, which could be of independent interest. Applying the transformation to an existential-unforgeable signature scheme due to Cash et al., which can be shown to be quantum-secure assuming certain lattice problems are hard for quantum computers, we get an efficient quantum-secure strongly unforgeable signature scheme in the quantum random-oracle model.