IACR News item: 19 November 2015
Eike Kiltz, Daniel Masny, Jiaxin Pan
ePrint Report
A theorem by Galbraith, Malone-Lee, and Smart (GMLS) from 2002 showed that, for Schnorr signatures, single-user security tightly implies multi-user security. Recently, Bernstein pointed to an error in the above theorem and promoted a key-prefixing variant of Schnorr signatures for which he proved a tight implication from single to multi-user security. Even worse, he identified an \"apparently insurmountable obstacle to the claimed [GMLS] theorem\".
This paper shows that, without key prefixing, single-user security of Schnorr signatures tightly implies multi-user security of the same scheme.
Additional news items may be found on the IACR news page.