Recommendation for Stateful Hash-Based Signature Schemes

Cooper, David A.; Apon, Daniel; Dang, Quynh H.; Davidson, Michael; Dworkin, Morris J.; Miller, Carl A.

doi:10.6028/nist.sp.800-208

Cited by 37 publications

(9 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In our work, we present simple and elegant designs for white-box implementation of hash-based signatures and cryptographic primitives desirable in authentication protocols. Although known for a long time, hash-based signatures have received a new surge of interest due to their ability to remain post-quantum safe [3]. We contribute to the literature by presenting parameters for white-box secure instantiation of hash-based digital signatures including SPHINCS+ algorithm, which will become part of NIST's post-quantum cryptographic standard [22] so that the security against white-box attacker depends not more than the availability of a white-box secure pseudo-random function implemented as a cipher (in addition to a general one-way function).…”

Section: Introductionmentioning

confidence: 99%

RETRACTED: Quantum-Resistance Meets White-BoxCryptography: How to Implement Hash-BasedSignatures against White-Box Attackers?

Bicakci,

Ulker,

Uzunay

et al. 2024

Preprint

View full text Add to dashboard Cite

White-box cryptography challenges the assumption that the endpoints are trusted and aims at providing protection against an adversary more powerful than the one in the traditional black-box cryptographic model. Motivating by the fact that most existing white-box implementations focus on symmetric encryption, we present implementations for hash-based signatures so that the security against white-box attackers (who has read-only access to data with a size bounded by a space-hardness parameter M) depends on the availability of a white-box secure cipher (in addition to a general one-way function). We also introduce parameters and key-generation complexity results for white-box secure instantiation of stateless hash-based signature scheme SPHINCS+, one of the NIST selection for quantum-resistant digital signature algorithms, and its older version SPHINCS. We also present a hash tree based solution for one-time passwords secure in a white-box attacker context. We implement the proposed solutions and share our performance results.

show abstract

Section: Introductionmentioning

confidence: 99%

RETRACTED: Quantum-Resistance Meets White-BoxCryptography: How to Implement Hash-BasedSignatures against White-Box Attackers?

Bicakci,

Ulker,

Uzunay

et al. 2024

Preprint

View full text Add to dashboard Cite

show abstract

“…Overall Assessment. While our existing stateful hash-based signature standards, XMSS and LMS, are based on similar assumptions to SPHINCS + , the requirement to keep state in XMSS and LMS makes them more difficult to implement in a way that avoids misuse (see [253]). SPHINCS + was selected for standardization because it provides a workable (albeit rather large and slow) signature scheme whose security seems quite solid and is based on an entirely different set of assumptions than those of our other signature schemes to be standardized.…”

Section: Sphincs +mentioning

confidence: 99%

Status report on the third round of the NIST Post-Quantum Cryptography Standardization process

Moody¹

2022

123

View full text Add to dashboard Cite

The National Institute of Standards and Technology is in the process of selecting public-key cryptographic algorithms through a public, competition-like process. The new public-key cryptography standards will specify additional digital signature, public-key encryption, and key-establishment algorithms to augment Federal Information Processing Standard (FIPS) 186-4, Digital Signature Standard (DSS), as well as NIST Special Publication (SP) 800-56A Revision 3, Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography, and SP 800-56B Revision 2, Recommendation for Pair-Wise Key Establishment Using Integer Factorization Cryptography. It is intended that these algorithms will be capable of protecting sensitive information well into the foreseeable future, including after the advent of quantum computers. The first round of the NIST Post-Quantum Cryptography Standardization Process began in December 2017 with 69 candidate algorithms that met both the minimum acceptance criteria and submission requirements. The first round lasted until January 2019, during which candidate algorithms were evaluated based on their security, performance, and other characteristics. NIST selected 26 algorithms to advance to the second round for more analysis. The second round continued until July 2020, after which seven 'finalist' and eight 'alternate' candidate algorithms were selected to move into the third round. This report describes the evaluation and selection process, based on public feedback and internal review, of the third-round candidates. The report summarizes each of the 15 third-round candidate algorithms and identifies those selected for standardization, as well as those that will continue to be evaluated in a fourth round of analysis. The public-key encryption and key-establishment algorithm that will be standardized is CRYSTALS-Kyber. The digital signatures that will be standardized are CRYSTALS-Dilithium, Falcon, and SPHINCS+. While there are multiple signature algorithms selected, NIST recommends CRYSTALS-Dilithium as the primary algorithm to be implemented. In addition, four of the alternate key-establishment candidate algorithms will advance to a fourth round of evaluation: BIKE, Classic McEliece, HQC, and SIKE. These candidates are still being considered for future standardization. NIST will also issue a new Call for Proposals for public-key digital signature algorithms to augment and diversify its signature portfolio.

show abstract

“…The third-round candidates of NIST PQC project are listed in Table 1. In addition, hash-based signatures should be counted since they have been already standardized in IETF and supported by NIST [12][13][14]. Note that KEM stands for Key Encapsulation Mechanism by which a data encryption key is derived.…”

Section: Overview Of Pq Cryptographymentioning

confidence: 99%

Post-quantum MACsec in Ethernet Networks

Cho

Sergeev

2021

JCSANDM

View full text Add to dashboard Cite

The demand on MACsec in Ethernet is increasing substantially since MACsec fits well for industrial applications which require strong security as well as efficiency. To provide a long-term security, the MACsec protocol should be resistant to future attacks including quantum attacks. In this paper, MACsec is analysed under a quantum attack scenario. To achieve 128-bit quantum security, AES (Advanced Encryption Standard) algorithms defined in MACsec should mandate to use 256-bit keys. On the other hand, classical public-key cryptosystems in MKA are not secure at all against quantum attacks so that they need to be replaced by post-quantum crypto schemes in a quantum world. We propose an authenticated post-quantum key establishment protocol which is suitable for long-term secure MACsec. The proposed protocol is used in the hybrid mode, an ephemeral key exchange, and an end-to-end encryption. We verified by experiments that the proposed protocol can be deployed in existing a MACsec-enabled Ethernet network.

show abstract

Recommendation for Stateful Hash-Based Signature Schemes

Cited by 37 publications

References 13 publications

RETRACTED: Quantum-Resistance Meets White-BoxCryptography: How to Implement Hash-BasedSignatures against White-Box Attackers?

RETRACTED: Quantum-Resistance Meets White-BoxCryptography: How to Implement Hash-BasedSignatures against White-Box Attackers?

Status report on the third round of the NIST Post-Quantum Cryptography Standardization process

Post-quantum MACsec in Ethernet Networks

Contact Info

Product

Resources

About