Description
A couple of months ago, a new paper demonstrated some new attacks against the Fiat-Shamir transformation. _Quanta_ published a good article that explains the results.
This is a pretty exciting paper from a theoretical perspective, but I don't see it leading to any practical real-world cryptanalysis. The fact that there are some weird circumstances that result in Fiat-Shamir insecurities isn't new--many dozens of papers have been published about it since 1986. What this new result does is extend this known problem to slightly less weird (but still highly contrived) situations. But it's a completely different matter to extend these sorts of attacks to "natural" situations.
What this result does, though, is make it impossible to provide general proofs of security for Fiat-Shamir. It is the most interesting result in this research area, and demonstrates that we are still far away from fully understanding what is the exact security guarantee provided by the Fiat-Shamir transform.
This is a pretty exciting paper from a theoretical perspective, but I don't see it leading to any practical real-world cryptanalysis. The fact that there are some weird circumstances that result in Fiat-Shamir insecurities isn't new--many dozens of papers have been published about it since 1986. What this new result does is extend this known problem to slightly less weird (but still highly contrived) situations. But it's a completely different matter to extend these sorts of attacks to "natural" situations.
What this result does, though, is make it impossible to provide general proofs of security for Fiat-Shamir. It is the most interesting result in this research area, and demonstrates that we are still far away from fully understanding what is the exact security guarantee provided by the Fiat-Shamir transform.
Basic Information
ID
SCHNEIER:65D64D5911ED31ADE8B30D52485AEB83
Published
Sep 9, 2025 at 11:02
Modified
Sep 8, 2025 at 16:23