Merkle Tree Traversal Revisited

Buchmann, Johannes; Dahmen, Erik; Schneider, Michael

doi:10.1007/978-3-540-88403-3_5

Cited by 60 publications

(60 citation statements)

References 10 publications

(31 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Figure 2 shows the authentication path for leaf i. To compute the authentication path we use the tree traversal algorithm from [BDS08] as it allows for optimal balanced runtimes using very little memory. To verify the signature SIG = (i, σ, Auth), the string (b 0 , .…”

Section: Xmss Treementioning

confidence: 99%

See 1 more Smart Citation

XMSS - A Practical Forward Secure Signature Scheme Based on Minimal Security Assumptions

Buchmann

Dahmen

Hülsing

2011

Lecture Notes in Computer Science

Self Cite

220

117

View full text Add to dashboard Cite

show abstract

Section: Xmss Treementioning

confidence: 99%

“…This is very expensive using FsGen. This problem is already addressed in [BDS08]. We use their solution that requires to store 2H states of FsGen.…”

Section: Xmss Is Forward Securementioning

confidence: 99%

XMSS - A Practical Forward Secure Signature Scheme Based on Minimal Security Assumptions

Buchmann

Dahmen

Hülsing

2011

Lecture Notes in Computer Science

Self Cite

220

117

View full text Add to dashboard Cite

show abstract

“…While authentication path creation and verification can be implemented using O( ) hash evaluations by using a small cache of O( ) hash values [17,20,9], the initial tree generation is rather costly. Setting = 20, however, has proven to be a reasonable trade-off between signature capability and efficiency in the Merkle signature scheme [10] but there generalized constructions that allow for 2 40 or even 2 80 signatures without having to compute 2 40 respectively 2 80 hash values during the set-up phase [8].…”

Section: A Preliminariesmentioning

confidence: 99%

Verifiably Encrypted Signatures from RSA without NIZKs

Rückert

2009

Progress in Cryptology - INDOCRYPT 2009

View full text Add to dashboard Cite

Abstract. Verifiably encrypted signature (VES) schemes allow a signer to encrypt a signature under the public key of a trusted party, the adjudicator, while maintaining public signature verifiability without interactive proofs. A popular application for this concept is fair online contract signing. This paper answers the question of whether it is possible to implement a VES without pairings and zero-knowledge proofs. Our construction is based on RSA signatures and a Merkle hash tree. Hence, the scheme is stateful but relies on relatively mild assumptions in the random oracle model. Thus, we provide an alternative that does not rely on pairingbased assumptions. The advantage of our approach over previous schemes is that widespread efficient hard-and software implementations of hash functions and RSA signatures can be easily reused for VES, i.e., we can avoid costly redevelopment. Furthermore, in contrast to using non-interactive zeroknowledge proofs, we only need a constant, small number of modular exponentiations.

show abstract

“…In summary we use the Winternitz one-time signature scheme (W-OTS) [9] to sign the data, the ideas for efficient one-time signature key generation of [4] and the algorithm from [6] for the computation of the authentication paths. We use two different hash functions based on the AES block cipher, both with 128-bit block length.…”

Section: Preliminariesmentioning

confidence: 99%

“…It is defined as the siblings of all nodes on the path from the sth leaf to the root of the Merkle tree, see Figure 1. For the computation of authentication paths we use the BDS algorithm from [6]. This algorithm is constructed such that the authentication path for the currently used leaf is already available and the upcoming authentication paths are prepared after the MSS signature is computed.…”

Section: Signature Generationmentioning

confidence: 99%

Fast Hash-Based Signatures on Constrained Devices

Rohde

Eisenbarth

Dahmen

et al. 2008

Smart Card Research and Advanced Applications

Self Cite

View full text Add to dashboard Cite

Abstract. Digital signatures are one of the most important applications of microprocessor smart cards. The most widely used algorithms for digital signatures, RSA and ECDSA, depend on finite field engines. On 8-bit microprocessors these engines either require costly coprocessors, or the implementations become very large and very slow. Hence the need for better methods is highly visible. One alternative to RSA and ECDSA is the Merkle signature scheme which provides digital signatures using hash functions only, without relying on any number theoretic assumptions. In this paper, we present an implementation of the Merkle signature scheme on an 8-bit smart card microprocessor. Our results show that the Merkle signature scheme provides comparable timings compared to state of the art implementations of RSA and ECDSA, while maintaining a smaller code size.

show abstract

Merkle Tree Traversal Revisited

Abstract: Abstract. We propose a new algorithm for computing authentication paths in the Merkle signature scheme. Compared to the best algorithm for this task, our algorithm reduces the worst case running time considerably.

Cited by 60 publications

References 10 publications

XMSS - A Practical Forward Secure Signature Scheme Based on Minimal Security Assumptions

XMSS - A Practical Forward Secure Signature Scheme Based on Minimal Security Assumptions

Verifiably Encrypted Signatures from RSA without NIZKs

Fast Hash-Based Signatures on Constrained Devices

Contact Info

Product

Resources

About