Abstract

The Fiat-Shamir transformation is used to build secure signatures in the random oracle model. Unfortunately, existing proof techniques are incapable of proving the security of Fiat-Shamir in the quantum setting. The problem stems from (1) the difficulty of quantum rewinding, and (2) the inability of current techniques to adaptively program random oracles in the quantum setting. In this work, we show how to overcome these limitations. As an application, we show that existing lattice signatures based on Fiat-Shamir are secure without any modifications.

Attachment

Video Recording