I am reading about Signing vs. Public-Key encryption and a question pop up in mind that is it possible to transform any signature scheme to a public-key encryption scheme?
Asked
Active
Viewed 427 times
2
-
2A possible duplicate and a more strong question Reduction from signatures to encryption? – kelalaka Nov 10 '20 at 14:35
2 Answers
2
No, we know no general way to build a public-key encryption scheme from a signature scheme.
And accordingly, we have some signature schemes with no known way to build a public-key encryption scheme from the same primitives. An example is the eXtended Merkle Signature Scheme, built from symmetric hash and PRF.
[It was not asked, but: I learned from Maeher's comment that we can build a signature scheme from any public key encryption scheme. And I can't tell from memory a public-key encryption scheme that does not have a related signature scheme built from similar primitives or underlying problem(s)].
fgrieu
- 140,762
- 12
- 307
- 587
-
2You can build signature schemes from any public key encryption scheme. PKE implies one-way functions and we know how to construct signature schemes using nothing but one-way functions. – Maeher Nov 10 '20 at 15:15
1
No, although some signature schemes are built from public key encryption schemes, others are not.
For example, the Lamport Signature scheme.
A few of the signature schemes submitted to the NIST post-quantum project are also hash based, like SPHINCS+.
Modal Nest
- 1,443
- 4
- 18
-
This answers the non-trivially-equivalent question: are all signature schemes built from a public-key encryption scheme? – fgrieu Nov 10 '20 at 14:00