XMSS - A Practical Forward Secure Signature Scheme Based on Minimal Security Assumptions

Buchmann, Johannes; Dahmen, Erik; Hülsing, Andreas

doi:10.1007/978-3-642-25405-5_8

Cited by 220 publications

(148 citation statements)

References 27 publications

Supporting

Mentioning

117

Contrasting

Unclassified

Order By: Relevance

“…Hash-based signature schemes are also an interesting post-quantum signature alternative due to their well understood security properties and relatively small keys. However, the XMSS software presented in [6] is still an order of magnitude slower than our implementation and produces considerably larger signatures.…”

Section: Performance Analysis and Benchmarksmentioning

confidence: 89%

“…We furthermore compare to software described in the literature that has not been submitted to eBACS, specifically the implementation of the parallel-CFS code-based signature scheme presented in [16], the implementation of the treeless signature scheme TSS12 presented in [23], and the implementation of the hash-based signature scheme XMSS [6]. For those implementations we give the performance numbers from the respective paper and indicate the CPU used for benchmarking.…”

Section: Performance Analysis and Benchmarksmentioning

confidence: 99%

See 1 more Smart Citation

Software Speed Records for Lattice-Based Signatures

Güneysu

Oder

Pöppelmann

et al. 2013

Post-Quantum Cryptography

View full text Add to dashboard Cite

Abstract. Novel public-key cryptosystems beyond RSA and ECC are urgently required to ensure long-term security in the era of quantum computing. The most critical issue on the construction of such cryptosystems is to achieve security and practicability at the same time. Recently, lattice-based constructions were proposed that combine both properties, such as the lattice-based digital signature scheme presented at CHES 2012. In this work, we present a first highly-optimized SIMD-based software implementation of that signature scheme targeting Intel's Sandy Bridge and Ivy Bridge microarchitectures. This software computes a signature in only 634988 cycles on average on an Intel Core i5-3210M (Ivy Bridge) processor. Signature verification takes only 45036 cycles. This performance is achieved with full protection against timing attacks.

show abstract

Section: Performance Analysis and Benchmarksmentioning

confidence: 89%

Section: Performance Analysis and Benchmarksmentioning

confidence: 99%

Software Speed Records for Lattice-Based Signatures

Güneysu

Oder

Pöppelmann

et al. 2013

Post-Quantum Cryptography

View full text Add to dashboard Cite

show abstract

“…For the NTRUSign lattice-based signature scheme (introduced in [HHP + 03] and broken by Nguyen [NR09]) and the XMSS [BDH11] hash-based signature scheme we are not aware of any implementation results for FPGAs. Implementations of several post-quantum multivariate quadratic (MQ) signature schemes like Unbalanced Oil and Vinegar (UOV), Rainbow, and TTS were given in [BERW08].…”

Section: Comparison Of Our Implementations With Related Workmentioning

confidence: 99%

Efficient implementation of ideal lattice-based cryptography

Pöppelmann¹

2017

It - Information Technology

View full text Add to dashboard Cite

Digital signatures and public-key encryption are used to protect almost any secure communication channel on the Internet or between embedded devices. Currently, protocol designers and engineers usually rely on schemes that are either based on the factoring assumption (RSA) or on the hardness of the discrete logarithm problem (DSA/ECDSA). But in case of advances in classical cryptanalysis or progress on the development of quantum computers the hardness of these closely related problems might be seriously weakened. In order to prepare for such an event, research on alternatives is required to provide long-term security.In this thesis, we focus on the efficient implementation of such alternative public-key cryptosystems whose security is based on the intractability of certain computational problems on ideal lattices. While an extensive theoretical background exists for lattice-based and ideal latticebased cryptography, not much is known about the efficiency of practical instantiations, especially on constrained and cost-sensitive platforms. We thus investigate novel algorithms and implementation techniques for fast and flexible polynomial multiplication and Gaussian sampling and then use these building blocks to implement public-key encryption and signature schemes. The results provided in this thesis show that lattice-based schemes can be optimized for high performance or resource efficiency on embedded microcontrollers and reconfigurable hardware. Our implementations of a public-key encryption scheme based on the ring learning with errors problems (RLWE) or of the bimodal lattice signature scheme (BLISS) can even outperform classical ECC-and RSA-based implementations.Lattice-based cryptography can also be used to realize homomorphic cryptography that allows computation on encrypted data. However, due to the large parameter sets and complex operations required, even for simple homomorphic evaluation operations, the performance of these schemes is a major issue preventing practical usage. In this thesis we investigate options for acceleration of homomorphic cryptography in a cloud environment using reconfigurable hardware. We implement all evaluation operations of the YASHE homomorphic encryption scheme and propose methods to deal with large ciphertext and key sizes as well as limited memory bandwidth. KeywordsPost-quantum cryptography, public-key cryptosystem, embedded system, microcontroller, FPGA KurzfassungDigitale Signaturen und Public-Key-Verschlüsselung werden für den Schutz nahezu jeder sicheren Kommunikation über das Internet oder zwischen eingebetteten Systemen genutzt. Die Sicherheit basiert dabei entweder auf der Faktorisierungsannahme (RSA) oder der Annahme, dass es schwer ist, das diskrete Logarithmus-Problem (DSA/ECDSA) zu lösen. Durch Fortschritte in der klassischen Kryptoanalyse oder bei der Entwicklung von Quantencomputern könnten diese Probleme allerdings in Zukunft ernsthaft geschwächt oder gelöst werden. Daher ist Forschung zu alternativen Public-Key-Kryptosystemen erforderlich, die in ...

show abstract

“…Mainstream post-quantum cryptosystems can be categorized into several broad families: lattice-based systems [17,25] and learning with errors [26], code-based systems [2,7,24], hash-based signatures [6,11], and systems based on multivariate polynomials [3,34]. Isogeny-based cryptosystems represent an interesting alternative to the above because they are based on a (relatively) naturally occurring number-theoretic computational problem, namely, the problem of computing isogenies between elliptic curves.…”

Section: Related Workmentioning

confidence: 99%

Isogeny-Based Quantum-Resistant Undeniable Signatures

Jao

Soukharev

2014

Post-Quantum Cryptography

View full text Add to dashboard Cite

Abstract. We propose an undeniable signature scheme based on elliptic curve isogenies, and prove its security under certain reasonable number-theoretic computational assumptions for which no efficient quantum algorithms are known. Our proposal represents only the second known quantum-resistant undeniable signature scheme, and the first such scheme secure under a number-theoretic complexity assumption.

show abstract

XMSS - A Practical Forward Secure Signature Scheme Based on Minimal Security Assumptions

Cited by 220 publications

References 27 publications

Software Speed Records for Lattice-Based Signatures

Software Speed Records for Lattice-Based Signatures

Efficient implementation of ideal lattice-based cryptography

Isogeny-Based Quantum-Resistant Undeniable Signatures

Contact Info

Product

Resources

About