About

In a follow-up work, give reductions from MBDL that improve security of the following: (1) Bellare-Neven multi-signature, (2) Abe, Ohkubo, Suzuki 1-out-of-n (ring/group) signatures, and (3) Schnorr-based threshold signatures.

Papers

• [BN06]
  Multi-Signatures in the Plain Public-Key Model and a General Forking Lemma
  Mihir Bellare and Gregory Neven. ACM CCS 2006.
• [AOS02]
  1-out-of-n Signatures from a Variety of Keys
  Masayuki Abe, Miyako Ohkubo, and Koutarou Suzuki. ASIACRYPT 2002.
• [SS01]
  Provably Secure Distributed Schnorr Signatures and a $(t, n)$ Threshold Scheme for Implicit Certificates
  Douglas R. Stinson and Reto Strobl. ACISP 2001.

Notes to-do

• Schnorr Identification and Signatures from MBDL Updating
• Proof of Theorem 4.1
• Okamoto Identification and Signatures from MBDL To-do

The “square-root barrier” is the open problem of obtaining tight (no √-loss) security reductions for Fiat–Shamir signatures (e.g., Schnorr/GQ). Standard rewinding/forking proofs often lose a √ factor because extraction needs two accepting transcripts.

Papers

• [Sho97]
  Lower Bounds for Discrete Logarithms and Related Problems
  Victor Shoup. EUROCRYPT 1997.
• [BNPS03]
  The One-More-RSA-Inversion Problems and the Security of Chaum's Blind Signature Scheme
  Mihir Bellare, Chanathip Namprempre, David Pointcheval, and Michael Semanko. Journal of Cryptology, 2003.
  The Power of RSA Inversion Oracles and the Security of Chaum's RSA-Based Blind Signature Scheme
  [The preliminary version] Financial Cryptography 01, Lecture Notes in Computer Science Vol. 2339, P. Syverson ed, Springer-Verlag, 2001.
• [BP02]
  GQ and Schnorr Identification Schemes: Proofs of Security against Impersonation under Active and Concurrent Attacks
  Mihir Bellare and Adriana Palacio. CRYPTO 2002.
• [BD20]
  The Multi-Base Discrete Logarithm Problem: Tight Reductions and Non-Rewinding Proofs for Schnorr Identification and Signature
  Mihir Bellare and Wei Dai. INDOCRYPT 2020.
• [BFP21]
  The One-More Discrete Logarithm Assumption in the Generic Group Model
  Balthazar Bauer, Georg Fuchsbauer, and Antoine Plouviez. ASIACRYPT 2021.
• [RS24]
  Tighter Security for Schnorr Identification and Signature: A High-Moment Forking Lemma for $\Sigma$-Protocols
  Lior Rotem and Gil Segev. Journal of Cryptology, July 2024.
• [HM25]
  Tight Bounds on Uniform-Challenge Reductions from Sigma Protocols via Hitting Games
  Iftach Haitner and Nikolaos Makriyannis. EUROCRYPT 2026

Notes to-do

• Forking Lemma Updating
  • A Note on Various Forking Lemmas To-Read
  • An Abstract Multi-Forking Lemma To-Read
• Random Oracle Model (ROM) Updating
• Fiat-Shamir (FS) Transformation Updating
• Discrete Logarithm, RSA, and the Structure of $\mathbb{Z}_p^*$
• $\Sigma$-Protocol Updating

Nigel Smart. Cryptography: An Introduction (Third Edition)

• Cryptography: An Introduction — Contents

done reading todo

PortSwigger Web Security Academy Learning Paths

• PortSwigger All Learning Paths — Contents
• PortSwigger All Labs

done reading todo

CryptoHack CryptoHack Courses

• CryptoHack All Problems

done reading todo

Studying prime numbers.

Papers

• [AKS04]
  PRIMES is in P
  Manindra Agrawal, Neeraj Kayal, and Nitin Saxena. Annals of Mathematics 2004.

Patterns

• Safe and Sophie Germain primes

Prime Number Theorem (PNT)

• Prime Number Theorem

Conjecture

• Sophie Germain Primes Conjecture WORKING
• Twin Prime Conjecture to-do
• Dickson's Conjecture to-do
• Sophie-Germain Prime Density Conjecture WORKING

Other math notes.

Notes

• Freshman's Dream
• Sophomore's Dream
• Discrete Logarithm, RSA, and the Structure of $\mathbb{Z}_p^*$

Erdős Problem Tracking classic open and solved problems inspired by Paul Erdős.

• Paul Erdős: Wikipedia (EN) / Wikipedia (ZH)
• Erdős number: Wikipedia (EN) / Wikipedia (ZH)

BLOG POSTS

• Coming soon.

RECENT PAPERS

• Coming soon.

OPEN -> SOLVED

• Coming soon.