CMSS – An Improved Merkle Signature Scheme

Buchmann, Johannes; García, Luis Carlos Coronado; Dahmen, Erik; Döring, Martin; Klintsevich, Elena

doi:10.1007/11941378_25

Cited by 70 publications

(46 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Merkle proposed the cryptosystem where a public key can be used for the multiple messages. In the given cryptosystem, the public key K is used to sign the concrete number of messages (Buchmann et al 2006;Buchmann et al 2007). The number of messages must be a power of two, i.e.…”

Section: Corementioning

confidence: 99%

Some Aspects of Post-Quantum Cryptosystems

Gagnidze¹,

Явич²,

Iashvili³

2017

EJBM

View full text Add to dashboard Cite

show abstract

Section: Corementioning

confidence: 99%

Some Aspects of Post-Quantum Cryptosystems

Gagnidze¹,

Явич²,

Iashvili³

2017

EJBM

View full text Add to dashboard Cite

show abstract

“…Setting = 20, however, has proven to be a reasonable trade-off between signature capability and efficiency in the Merkle signature scheme [10] but there generalized constructions that allow for 2 40 or even 2 80 signatures without having to compute 2 40 respectively 2 80 hash values during the set-up phase [8].…”

Section: A Preliminariesmentioning

confidence: 99%

Verifiably Encrypted Signatures from RSA without NIZKs

Rückert

2009

Progress in Cryptology - INDOCRYPT 2009

View full text Add to dashboard Cite

Abstract. Verifiably encrypted signature (VES) schemes allow a signer to encrypt a signature under the public key of a trusted party, the adjudicator, while maintaining public signature verifiability without interactive proofs. A popular application for this concept is fair online contract signing. This paper answers the question of whether it is possible to implement a VES without pairings and zero-knowledge proofs. Our construction is based on RSA signatures and a Merkle hash tree. Hence, the scheme is stateful but relies on relatively mild assumptions in the random oracle model. Thus, we provide an alternative that does not rely on pairingbased assumptions. The advantage of our approach over previous schemes is that widespread efficient hard-and software implementations of hash functions and RSA signatures can be easily reused for VES, i.e., we can avoid costly redevelopment. Furthermore, in contrast to using non-interactive zeroknowledge proofs, we only need a constant, small number of modular exponentiations.

show abstract

“…In summary we use the Winternitz one-time signature scheme (W-OTS) [9] to sign the data, the ideas for efficient one-time signature key generation of [4] and the algorithm from [6] for the computation of the authentication paths. We use two different hash functions based on the AES block cipher, both with 128-bit block length.…”

Section: Preliminariesmentioning

confidence: 99%

“…The next step is to generate 2 H W-OTS key pairs. For the W-OTS key generation, we apply the approach of [4] and use the following forward secure pseudo random number generator.…”

Section: The Merkle Signature Schemementioning

confidence: 99%

“…The values for H = 10 were included to clarify the impact of the tree height on the signature generation time. For the Winternitz parameter w and the parameter K for the BDS algorithm, we tested three combinations (w, K) = (2, 2), (2, 4), (4,4). The value t, that denotes the number of 128-bit strings in the W-OTS signature key and the one-time signature, is t = 133 for w = 2 and t = 67 for w = 4.…”

Section: Choice Of Parameters and Timingsmentioning

confidence: 99%

See 1 more Smart Citation

Fast Hash-Based Signatures on Constrained Devices

Rohde

Eisenbarth

Dahmen

et al. 2008

Smart Card Research and Advanced Applications

Self Cite

View full text Add to dashboard Cite

Abstract. Digital signatures are one of the most important applications of microprocessor smart cards. The most widely used algorithms for digital signatures, RSA and ECDSA, depend on finite field engines. On 8-bit microprocessors these engines either require costly coprocessors, or the implementations become very large and very slow. Hence the need for better methods is highly visible. One alternative to RSA and ECDSA is the Merkle signature scheme which provides digital signatures using hash functions only, without relying on any number theoretic assumptions. In this paper, we present an implementation of the Merkle signature scheme on an 8-bit smart card microprocessor. Our results show that the Merkle signature scheme provides comparable timings compared to state of the art implementations of RSA and ECDSA, while maintaining a smaller code size.

show abstract

CMSS – An Improved Merkle Signature Scheme

Cited by 70 publications

References 10 publications

Some Aspects of Post-Quantum Cryptosystems

Some Aspects of Post-Quantum Cryptosystems

Verifiably Encrypted Signatures from RSA without NIZKs

Fast Hash-Based Signatures on Constrained Devices

Contact Info

Product

Resources

About