Digital signatures are widely used for authenticating messages, but cryptographers argue that their use might be inappropriate in several scenarios. Schnorr signatures, derived from an identification protocol, illustrate the nuances and potential pitfalls of digital signatures. Using an interactive identification protocol can offer better security and context-specific validation, unlike signatures which are universally verifiable. The post also highlights the fragility of in-use signature schemes and advises using HMAC or authenticated KEMs with public key crypto for authentication needs instead.
Table of contents
Identification protocolsFiat-ShamirWhat does this tell us about appropriate uses of signaturesSpecial Soundness: fragility by designDid you want non-repudiation with that?What to use instead?Sort: