Mitigating Multi-target Attacks in Hash-Based Signatures

Hülsing, Andreas; Rijneveld, Joost; Song, Fang

doi:10.1007/978-3-662-49384-7_15

Cited by 94 publications

(104 citation statements)

References 29 publications

Supporting

Mentioning

102

Contrasting

Unclassified

Order By: Relevance

“…In the standard model, [17] shows that XMSS MT is EUF-CMA. Further, [16] shows that XMSS MT is 1453 post-quantum existentially unforgeable under adaptive chosen message attacks with respect to 1454 the QROM. 1455…”

Section: C4 Xmss Security Proofmentioning

confidence: 99%

Recommendation for Stateful Hash-Based Signature Schemes

Cooper¹

2019

Preprint

View full text Add to dashboard Cite

This publication has been developed by NIST in accordance with its statutory responsibilities under the Federal Information Security Modernization Act (FISMA) of 2014, 44 U.S.C. § 3551 et seq., Public Law (P.L.) 113-283. NIST is responsible for developing information security standards and guidelines, including minimum requirements for federal information systems, but such standards and guidelines shall not apply to national security systems without the express approval of appropriate federal officials exercising policy authority over such systems. This guideline is consistent with the requirements of the Office of Management and Budget (OMB) Circular A-130. Nothing in this publication should be taken to contradict the standards and guidelines made mandatory and binding on federal agencies by the Secretary of Commerce under statutory authority. Nor should these guidelines be interpreted as altering or superseding the existing authorities of the Secretary of Commerce, Director of the OMB, or any other federal official. This publication may be used by nongovernmental organizations on a voluntary basis and is not subject to copyright in the United States. Attribution would, however, be appreciated by NIST.

show abstract

Section: C4 Xmss Security Proofmentioning

confidence: 99%

Recommendation for Stateful Hash-Based Signature Schemes

Cooper¹

2019

Preprint

View full text Add to dashboard Cite

show abstract

“…In particular, we need hash functions that are one-way and second-preimage resistant, in both cases with respect to multiple targets. Both games are formalized with respect to a hash function H that is randomly selected from a hash function family H. We follow the formalisms of Hülsing et al [20].…”

Section: Securitymentioning

confidence: 99%

Public Key Compression for Constrained Linear Signature Schemes

Beullens

Preneel

Szepieniec

2019

Selected Areas in Cryptography – SAC 2018

View full text Add to dashboard Cite

We formalize the notion of a constrained linear trapdoor as an abstract strategy for the generation of signature schemes, concrete instantiations of which can be found in MQ-based, code-based, and latticebased cryptography. Moreover, we revisit and expand on a transformation by Szepieniec et al. [39] to shrink the public key at the cost of a larger signature while reducing their combined size. This transformation can be used in a way that is provably secure in the random oracle model, and in a more aggressive variant whose security remained unproven. In this paper we show that this transformation applies to any constrained linear trapdoor signature scheme, and prove the security of the first mode in the quantum random oracle model. Moreover, we identify a property of constrained linear trapdoors that is sufficient (and necessary) for the more aggressive variant to be secure in the quantum random oracle model. We apply the transformation to an MQ-based scheme, a code-based scheme and a lattice-based scheme targeting 128-bits of post quantum security, and we show that in some cases the combined size of a signature and a public key can be reduced by more than a factor 300.

show abstract

“…Typically, the state of a quantum system with state space H is given by a density matrix ρ, i.e., by a trace-1 positive-semidefinite matrix that acts on H, and a quantum operation is expressed by a CPTP map T which maps a state ρ to a new state T(ρ) over a possibly different state space. In this work, for technical reasons, we allow states to be subnormalized, and we consider the more general notion of completely-positive trace-nonincreasing (CPTN) maps, which are of the form 4 For the purpose of this work, a measurement is a CPTN map P = i P i with P i : ρ → P i ρP † i as above, but with the restriction that the P i 's are mutually orthogonal Hermitian projections on H. If P is in fact a CPTP map, i.e., i P i = I, then we speak of a total measurement, and otherwise of a partial measurement. The individual "components" P i of such a (partial or total) measurement are sometimes also referred to as measurements with post-selection.…”

Section: Basic Quantum Formalismmentioning

confidence: 99%

Classical Proofs for the Quantum Collapsing Property of Classical Hash Functions

Fehr

2018

Theory of Cryptography

View full text Add to dashboard Cite

Hash functions are of fundamental importance in theoretical and in practical cryptography, and with the threat of quantum computers possibly emerging in the future, it is an urgent objective to understand the security of hash functions in the light of potential future quantum attacks. To this end, we reconsider the collapsing property of hash functions, as introduced by Unruh, which replaces the notion of collision resistance when considering quantum attacks. Our contribution is a formalism and a framework that offers significantly simpler proofs for the collapsing property of hash functions. With our framework, we can prove the collapsing property for hash domain extension constructions entirely by means of decomposing the iteration function into suitable elementary composition operations. In particular, given our framework, one can argue purely classically about the quantum-security of hash functions; this is in contrast to previous proofs which are in terms of sophisticated quantum-information-theoretic and quantum-algorithmic reasoning.

show abstract

Mitigating Multi-target Attacks in Hash-Based Signatures

Cited by 94 publications

References 29 publications

Recommendation for Stateful Hash-Based Signature Schemes

Recommendation for Stateful Hash-Based Signature Schemes

Public Key Compression for Constrained Linear Signature Schemes

Classical Proofs for the Quantum Collapsing Property of Classical Hash Functions

Contact Info

Product

Resources

About