On the Exact Security of Schnorr-Type Signatures

Explore a detailed analysis of the security of Schnorr-type signatures in the Random Oracle Model through this conference talk presented at Eurocrypt 2012. Delve into topics such as forger adversaries, discrete logarithm extraction, the Forking Lemma, meta-reductions, and the One More Discrete Logarithm problem. Examine the intricacies of algebraic reductions, the main strategy for meta-reduction, and the extraction of DLog(A). Investigate the simulation of forger choice, the main theorem, and a thought experiment leading to a new meta-reduction. Consider the probability of bad events, expected-time and queries forgers, and potential extensions of the presented concepts. Gain valuable insights into advanced cryptographic theory and its practical implications for signature schemes.

Introduction
Outline
Forger adversary against Schnorr signatures
Extracting discrete logarithms from a forger
Multiple invocations of the forger forking
Success probability of the reduction: the Forking Lemma
The concept of meta-reduction
The One More Discrete Logarithm (OMDL) problem
Restriction to algebraic reductions
Meta-reduction main idea
Meta-reduction: the general strategy
Extraction of DLog(A) by the meta-reduction
A bad event which makes the meta-reduction fail
Simulation of the forger choice of the forgery index
Main theorem
A thought experiment
The new meta-reduction
Probability of event Bad
Expected-time and queries forgers
Extensions
Conclusion