BUFFing signature schemes beyond unforgeability and the case of post-quantum signatures

Cremers, Cas; Düzlü, Samed; Fiedler, Rune; Fischlin, Marc; Janson, Christian

doi:10.1109/sp40001.2021.00093

Cited by 13 publications

(9 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Future analysis might refine our result, based on the certificate verification used. eUF is sufficient for the next corollary; notably, there are security properties beyond unforgeability considered for PQ signatures [64], which we leave for future work.…”

Section: The Experiments Expt I-ufmentioning

confidence: 99%

When Cryptography Needs a Hand: Practical Post-Quantum Authentication for V2V Communications

Twardokus,

Bindel,

Rahbari

et al. 2024

Proceedings 2024 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

We tackle the atypical challenge of supporting postquantum cryptography (PQC) and its significant overhead in safety-critical vehicle-to-vehicle (V2V) communications, dealing with strict overhead and latency restrictions within the limited radio spectrum for V2V. For example, we show that the current use of spectrum to support signature verification in V2V makes it nearly impossible to adopt PQC. Accordingly, we propose a scheduling technique for message signing certificate transmissions (which we find are currently up to 93% redundant) that learns to adaptively reduce the use of radio spectrum. In combination, we design the first integration of PQC and V2V, which satisfies the above stringent constraints given the available spectrum. Specifically, we analyze the three PQ signature algorithms selected for standardization by NIST, as well as XMSS (RFC 8391), and propose a Partially Hybrid authentication protocol-a tailored fusion of classical cryptography and PQC-for use in the V2V ecosystem during the nascent transition period we outline towards fully PQ V2V. Our provably secure protocol efficiently balances security and performance, as demonstrated experimentally with software-defined radios (USRPs), commercial V2V devices, and road traffic and V2V simulators. We show our joint transmission scheduling optimization and Partially Hybrid design are scalable and reliable under realistic conditions, adding a negligible average delay (0.39 ms per message) against the current state-of-the-art.

show abstract

Section: The Experiments Expt I-ufmentioning

confidence: 99%

When Cryptography Needs a Hand: Practical Post-Quantum Authentication for V2V Communications

Twardokus,

Bindel,

Rahbari

et al. 2024

Proceedings 2024 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

show abstract

“…In addition to these security definitions, there are additional security properties that have been discussed in the literature (see, for example, [171,172]). While not required for submission, such properties may be desirable.…”

Section: Ind-cpa Ind-cca2 and Euf-cma Securitymentioning

confidence: 99%

“…15 An alternative version of Dilithium has been proved secure in the QROM based only on Module-LWE but at the cost of increasing the size of public keys by ≈ 5× and signatures by ≈ 2× [239]. Dilithium also satisfies several desirable "beyond unforgeability" security properties [171]. Notably, it satisfies a strong binding property that may be useful for non-repudiation: a given Dilithium signature can be identified with a unique public key and message.…”

Section: Crystals-dilithiummentioning

confidence: 99%

See 1 more Smart Citation

Status report on the third round of the NIST Post-Quantum Cryptography Standardization process

Moody¹

2022

127

View full text Add to dashboard Cite

The National Institute of Standards and Technology is in the process of selecting public-key cryptographic algorithms through a public, competition-like process. The new public-key cryptography standards will specify additional digital signature, public-key encryption, and key-establishment algorithms to augment Federal Information Processing Standard (FIPS) 186-4, Digital Signature Standard (DSS), as well as NIST Special Publication (SP) 800-56A Revision 3, Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography, and SP 800-56B Revision 2, Recommendation for Pair-Wise Key Establishment Using Integer Factorization Cryptography. It is intended that these algorithms will be capable of protecting sensitive information well into the foreseeable future, including after the advent of quantum computers. The first round of the NIST Post-Quantum Cryptography Standardization Process began in December 2017 with 69 candidate algorithms that met both the minimum acceptance criteria and submission requirements. The first round lasted until January 2019, during which candidate algorithms were evaluated based on their security, performance, and other characteristics. NIST selected 26 algorithms to advance to the second round for more analysis. The second round continued until July 2020, after which seven 'finalist' and eight 'alternate' candidate algorithms were selected to move into the third round. This report describes the evaluation and selection process, based on public feedback and internal review, of the third-round candidates. The report summarizes each of the 15 third-round candidate algorithms and identifies those selected for standardization, as well as those that will continue to be evaluated in a fourth round of analysis. The public-key encryption and key-establishment algorithm that will be standardized is CRYSTALS-Kyber. The digital signatures that will be standardized are CRYSTALS-Dilithium, Falcon, and SPHINCS+. While there are multiple signature algorithms selected, NIST recommends CRYSTALS-Dilithium as the primary algorithm to be implemented. In addition, four of the alternate key-establishment candidate algorithms will advance to a fourth round of evaluation: BIKE, Classic McEliece, HQC, and SIKE. These candidates are still being considered for future standardization. NIST will also issue a new Call for Proposals for public-key digital signature algorithms to augment and diversify its signature portfolio.

show abstract

“…In recent work, there has been several post-quantum cryptographic DSS that incorporates the sEUF-CMA model during design. 68 - 71 DSS in various other contexts (e.g., privacy preserving computation, multiparty computation) such as a homomorphic DSS, 72 group DSS, 73 and proxy DSS 74 - 76 are being considered in sEUF-CMA as well. In addition, DSS in even more complex cryptographic settings such as in certificateless and identity-based settings are also using sEUF-CMA as their standard model for security.…”

Section: Challenges and Future Directionmentioning

confidence: 99%

Digital signature schemes with strong existential unforgeability

2021

View full text Add to dashboard Cite

Digital signature schemes (DSS) are ubiquitously used for public authentication in the infrastructure of the internet, in addition to their use as a cryptographic tool to construct even more sophisticated schemes such as those that are identity-based. The security of DSS is analyzed through the existential unforgeability under chosen message attack (EUF-CMA) experiment which promises unforgeability of signatures on new messages even when the attacker has access to an arbitrary set of messages and their corresponding signatures. However, the EUF-CMA model does not account for attacks such as an attacker forging a different signature on an existing message, even though the attack could be devastating in the real world and constitutes a severe breach of the security system. Nonetheless, most of the DSS are not analyzed in this security model, which possibly makes them vulnerable to such an attack. In contrast, a better security notion known as strong EUF-CMA (sEUF-CMA) is designed to be resistant to such attacks. This review aims to identify DSS in the literature that are secure in the sEUF-CMA model. In addition, the article discusses the challenges and future directions of DSS. In our review, we consider the security of existing DSS that fit our criterion in the sEUF-CMA model; our criterion is simple as we only require the DSS to be at least secure against the minimum of existential forgery. Our findings are categorized into two classes: the direct and indirect classes of sEUF-CMA. The former is inherently sEUF-CMA without any modification while the latter requires some transformation. Our comprehensive review contributes to the security and cryptographic research community by discussing the efficiency and security of DSS that are sEUF-CMA, which aids in selecting robust DSS in future design considerations.

show abstract

BUFFing signature schemes beyond unforgeability and the case of post-quantum signatures

Cited by 13 publications

References 12 publications

When Cryptography Needs a Hand: Practical Post-Quantum Authentication for V2V Communications

When Cryptography Needs a Hand: Practical Post-Quantum Authentication for V2V Communications

Status report on the third round of the NIST Post-Quantum Cryptography Standardization process

Digital signature schemes with strong existential unforgeability

Contact Info

Product

Resources

About