One Shot Signatures Solving 10-Year-Old Cryptographic Issues

One-shot signature

A long-standing cryptographic puzzle, a one-message digital signature, has advanced. What was previously unreachable with traditional quantum cryptography approaches and fraught with theoretical issues even in quantum thoughts can now be built. Mark Zhandry of NTT Research and Stanford University and Omri Shmueli of NTT Research have developed the first safe "one-shot signature" (OSS) implementation. This new study resolves several ten-year-old cryptographic difficulties and proves OSS is viable, promising to revolutionise safe digital interactions.

Understanding One-Shot Signatures

One-shot signatures, proposed by Amos, Georgiou, Kiayias, and Zhandry in 2020, are intriguing and challenging. A signer establishes a secret and quantum signing key and a classical and public verification key in an OSS system. OSS uses one-time quantum signing keys.

The protocol uses three main algorithms:

Key Generation: The signer generates a classical public verification key (pk) and an ephemeral quantum signing key (|sk). Signing: A classical signature (σ) is produced by signing a message (m) with |sk. Importantly, the process destroys |sk⟩. Verifizierung: Anyone with the public key (pk) can verify the signature (σ) on the message (m). The sources show that both classical and quantum entities can access this shared resource, even if it is built on the Common Reference String (CRS) concept, which requires a trusted third party for initial setup.

Getting Practical: Overcoming Fatal Flaws

The no-cloning principle in Amos et al.'s OSS concept suggested quantum signing keys may make it practicable. Despite being supported by a standard oracle approach, Bar23 found a serious security issue in their initial build. Even in a romanticised classical model, this discovery cast doubt on OSS. The state of OSS was uncertain because even milder quantum money systems are notoriously difficult to build.

Resolving Cryptographic Issues from Decades Ago

OSS was created while fixing two other long-standing cryptographic issues:

Differentiating Classical and Collapse-Binding Hashing and Commitments: Quantum computers challenge traditional cryptography before widespread adoption. Because quantum attacks make traditional binding for commitments insufficient, Unruh proposes collapse-binding, a quantum concept. For hashing, collision resistance alone is insufficient; a stronger collapse concept is needed. The topic of whether classical binding entails collapse-binding was unsolved for over a decade. This study establishes the first obvious separation between classical and collapse-binding cryptographic commitments and standard model hashing. This shows that standard security principles are insufficient in a quantum world and requires quantum-resistant approaches. OSS is directly related to this issue because a gap between binding notions implies a one-shot signature.

Full-Domain Trapdoor One-Way Permutations Cryptographically helpful software obfuscation began with Diffie-Hellman (1976) obfuscating a pseudorandom permutation (PRP) to create a trapdoor one-way permutation. Later, wide obfuscation failed to protect arbitrary PRPs. Despite advances in indistinguishability obfuscation (iO) using puncturable PRFs, the Diffie-Hellman idea of obfuscating a PRP to generate a trapdoor permutation remains unsolved Existing iO-based trapdoor permutation designs were not “full-domain,” meaning their usable domain was sparse, making their application difficult. Recent research solves this issue by proposing permutable pseudorandom permutations (PRPs). The researchers created the first full-domain trapdoor one-way permutation using permutable PRPs and indistinguishability obfuscation, solving another ten-year-old problem.

Revolutionary Effects and Future Plans

Provably secure one-shot signatures bring revolutionary promise to many applications. These include:

Blockchain-free smart contracts. Fixing blockchain scalability and breaking consensus protocol lower-bounds. New quantum money models can leverage classical communication. Delegating signatures allows one party to authorise another to sign a single message without releasing secret keys. Acting as the basis for quantumness protocols, which allow a classical client to challenge a service to sign a message using an OSS key, proving the service has quantum capabilities. Because the one-shot property prevents double-spending, coins can be created without a blockchain. Presenting “budget signatures,” an OSS extension that restricts the number of signatures a public key can issue. OSS provides strong security assurances by eliminating reuse concerns, post-quantum robustness against quantum adversaries, and effective delegation.

Though this study is groundbreaking, the authors agree that cryptographic presumptions were made. Research is needed to fully understand the effects on cryptographic protocols. This includes optimising performance and investigating “clean” implementations using only cryptographic primitives and indistinguishability obfuscation. Despite these issues, one-shot signatures appear to be an effective tool in the shift to a quantum-secure future, improving security and delegation across digital identity management, blockchain, cryptography, and decentralised finance protocols.