WOTS+ - Shorter Signatures for Hash-Based Signature Schemes
نویسنده
چکیده
We present W-OTS, a Winternitz type one-time signature scheme (W-OTS). We prove that W-OTS is strongly unforgeable under chosen message attacks in the standard model. Our proof is exact and tight. The first property allows us to compute the security of the scheme for given parameters. The second property allows for shorter signatures than previous proposals without lowering the security. This improvement in signature size directly carries over to all recent hash-based signature schemes. I.e. we can reduce the signature size by more than 50% for XMSS at a security level of 80 bits. As the main drawback of hashbased signature schemes is assumed to be the signature size, this is a further step in making hash-based signatures practical.
منابع مشابه
"Oops, I Did It Again" - Security of One-Time Signatures Under Two-Message Attacks
One-time signatures (OTS) are called one-time, because the accompanying reductions only guarantee security under single-message attacks. However, this does not imply that efficient attacks are possible under two-message attacks. Especially in the context of hash-based OTS (which are basic building blocks of recent standardization proposals) this leads to the question if accidental reuse of a on...
متن کاملPhilip Lafrance uWaterloo Thesis
Cryptographers and security experts around the world have been awakened to the reality that one day (potentially soon) large-scale quantum computers may be available. Most of the public-key cryptosystems employed today on the Internet, in both software and in hardware, are based on number-theoretic problems which are thought to be intractable on a classical (non-quantum) computer and hence are ...
متن کاملShort Signatures from Weaker Assumptions
We provide constructions of (m, 1)-programmable hash functions (PHFs) for m ≥ 2. Mimicking certain programmability properties of random oracles, PHFs can, e.g., be plugged into the generic constructions by Hofheinz and Kiltz (J. Cryptol. 2011) to yield digital signature schemes from the strong RSA and strong q-Diffie-Hellman assumptions. As another application of PHFs, we propose new and effici...
متن کاملPost-Quantum Group Signatures from Symmetric Primitives
Group signatures are used extensively for privacy in anonymous credentials schemes and in real-world systems for hardware enclave attestation. As such, there is a strong interest in making these schemes post-quantum secure. In this paper we initiate the study of group signature schemes built only from symmetric primitives, such as hash functions and PRFs, widely regarded as the safest primitive...
متن کاملHigh Performance of Hash-based Signature Schemes
Hash-based signature schemes, whose security is based on properties of the underlying hash functions, are promising candidates to be quantum-safe digital signatures schemes. In this work, we present a software implementation of two recent standard proposals for hash-based signature schemes, Leighton and Micali Signature (LMS) scheme and Extended Merkle Signature Scheme (XMSS), using a set of AV...
متن کامل