Schnorr signatures and identification protocols have undergone significant security analysis over the years. However, strategies for proving their security differ depending on slight variations in the schemes and security models.
I wrote a note on how proofs of Schnorr signatures and variations thereof differ depending on assumptions such as interactivity, and how different assumptions such as the random oracle model versus algebraic group model impact the tightness of the proof. This note is informal and serves simply to pull together different ideas and approaches that are known in the literature.
You can find this note here, hope you enjoy!
