Philip Lafrance uWaterloo Thesis
نویسنده
چکیده
Cryptographers and security experts around the world have been awakened to the reality that one day (potentially soon) large-scale quantum computers may be available. Most of the public-key cryptosystems employed today on the Internet, in both software and in hardware, are based on number-theoretic problems which are thought to be intractable on a classical (non-quantum) computer and hence are considered secure. The most popular such examples are the RSA encryption and signature schemes, and the Elliptic Curve Diffie-Hellman (ECDH) key-exchange protocol employed widely in the SSL/TLS protocols. However, these schemes offer essentially zero security against an adversary in possession of a large-scale quantum computer. Thus, there is an urgent need to develop, analyze and implement cryptosystems and algorithms that are secure against such adversaries. It is widely believed that cryptographic hash functions are naturally resilient to attacks by a quantum adversary, and thus, signature schemes have been developed whose security relies on this belief. The goal of this thesis is to give an overview of hash-based cryptography. We describe the most important hash-based signature schemes as well as the schemes and protocols used as subroutines within them. We give a juxtaposition between stateful and stateless signature schemes, discussing the pros and cons of both while including detailed examples. Furthermore, we detail serious flaws in the security proof for the WOTS-PRF signature scheme. This scheme had the feature that its security proof was based on minimal security assumptions, namely the pseudorandomness of the underlying function family. We explore how this flawed security argument affects the other signature schemes that utilize WOTSPRF.
منابع مشابه
Avoidability Index for Binary Patterns with Reversal
For every pattern p over the alphabet {x, y, x, y}, we specify the least k such that p is k-avoidable.
متن کاملOn the security of the WOTS-PRF signature scheme
We identify a flaw in the security proof and a flaw in the concrete security analysis of the WOTS-PRF variant of the Winternitz one-time signature scheme, and discuss the implications to its concrete security.
متن کاملExecutive Summary This response to the CEPT report was prepared by Melanie Campbell and is submitted on behalf of the Status of Women and Equity Committee (SWEC), a subcommittee of the Faculty Association of UWaterloo
This response to the CEPT report was prepared by Melanie Campbell and is submitted on behalf of the Status of Women and Equity Committee (SWEC), a subcommittee of the Faculty Association of UWaterloo (FAUW). SWEC appreciates the substantial work of the CEPT committee, including broad consultation with the campus community and the inclusion of several major concerns. We commend CEPT for noting t...
متن کاملSome properties of a Rudin-Shapiro-like sequence
We introduce the sequence (in)n≥0 defined by in = (−1)inv2(n), where inv2(n) denotes the number of inversions (i.e., occurrences of 10 as a scattered subsequence) in the binary representation of n. We show that this sequence has many similarities to the classical Rudin–Shapiro sequence. In particular, if S(N) denotes the N-th partial sum of the sequence (in)n≥0, we show that S(N)=G(log4 N) p N,...
متن کامل