Security analysis of the W-OTS$^+$ signature scheme: Updating security bounds
نویسندگان
چکیده
In this work, we discuss in detail a flaw the original security proof of W-OTS${^+}$ variant Winternitz one-time signature scheme, which is an important component for various stateless and stateful many-time hash-based digital schemes. We update scheme derive corresponding level. Our result importance analysis
منابع مشابه
Security Analysis of the Unrestricted Identity-Based Aggregate Signature Scheme
Aggregate signatures allow anyone to combine different signatures signed by different signers on different messages into a short signature. An ideal aggregate signature scheme is an identity-based aggregate signature (IBAS) scheme that supports full aggregation since it can reduce the total transmitted data by using an identity string as a public key and anyone can freely aggregate different si...
متن کاملSecurity Analysis of the Gennaro-Halevi-Rabin Signature Scheme
We exhibit an attack against a signature scheme recently proposed by Gennaro, Halevi and Rabin [9]. The scheme’s security is based on two assumptions namely the strong RSA assumption and the existence of a division-intractable hash-function. For the latter, the authors conjectured a security level exponential in the hash-function’s digest size whereas our attack is sub-exponential with respect ...
متن کاملSecurity Analysis of a Hash-Based Secret Sharing Scheme
Secret sharing schemes perform an important role in protecting se-cret by sharing it among multiple participants. In 1979, (t; n) threshold secret sharing schemes were proposed by Shamir and Blakley independently. In a (t; n) threshold secret sharing scheme a secret can be shared among n partic-ipants such that t or more participants can reconstruct the secret, but it can not be reconstructed b...
متن کاملSecurity Proofs for the BLT Signature Scheme
We present security proofs for the BLT signature scheme in the model, where hash functions are built from ideal components (random oracles, ideal ciphers, etc.). We show that certain strengthening of the Pre-image Awareness (PrA) conditions like boundedness of the extractor, and certain natural properties (balancedness and the so-called output one-wayness) of the hash function are sufficient fo...
متن کاملOn the Security of Two Key-Updating Signature Schemes
In ICICS 2004, Gonzalez-Deleito, Markowitch and Dall’Olio proposed an efficient strong key-insulated signature scheme. They claimed that it is (N−1, N)-key-insulated, i.e., the compromise of the secret keys for arbitrarily many time periods does not expose the secret keys for any of the remaining time periods. But in this paper, we demonstrate an attack and show that an adversary armed with the...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Matemati?eskie voprosy kriptografii
سال: 2021
ISSN: ['2220-2617', '2222-3193']
DOI: https://doi.org/10.4213/mvk362