Finnes angivelig ikke [[Postkvantesignaturer]] bygget fra search assumptions? (Ville antagelig vært i [[Quantum Random Oracle Model]]). ### Opprinnelig idé Potentially low hanging fruit mentioned in Magnus and Jiaxin's tight AKE paper: there is no tightly secure signatures in the multi-user setting with corruptions *based on search assumptions*. * Should be pretty straightforward in the ROM, no? * Also, doesn't the tightly secure PKE of Lee et al. already imply one? (Well, I guess the security requirement is different.) * Might also come out of the [[Linear extractability]] project? * Hvis jeg har i tankene å gjøre noe tilsvarende BRE uansett så kunne jeg jo sett hva slags sikkerhet man får av å lage et signature scheme ut av et NCE scheme. EDIT: Dette ble gjort i ett av Magnus' PhD-[papers](https://link.springer.com/chapter/10.1007/978-3-030-59013-0_24), hvor de konstruerte tightly multi-user secure signaturer fra CDH i ROM.