Skip to main content
SpringerLink
Log in
SpringerLink
Log in

Analysis of a Proposed Hash-Based Signature Standard

  • Conference paper
  • First Online:
Security Standardisation Research (SSR 2016)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10074))

Included in the following conference series:

Abstract

We analyze the concrete security of a hash-based signature scheme described in a recent series of Internet Drafts by McGrew and Curcio. We show that an original version of their proposal achieves only a “loose” security bound, but that the latest version can be proven to have tighter security in the random-oracle model.

Work performed under a consultancy agreement with University Technical Services, Inc. on behalf of the National Security Agency. Portions of this work were also supported by a gift from the Cisco University Research Program Fund, a corporate advised fund of Silicon Valley Community Foundation.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    It is easy to see that if no attack (subject to some time bound T) targeting a single user can succeed with probability better than \(\epsilon \), then no attack (subject to roughly the same time bound) can succeed in attacking one out of N independent users of that scheme with probability better than \(N\cdot \epsilon \). But we are interested in settings where N is large and we do not want to lose the factor of N in the security bound.

  2. 2.

    A precise calculation depends on the messages that have already been signed.

  3. 3.

    In [10] the result is expressed as a 16-bit integer, but only the top wv bits are used.

  4. 4.

    The purpose of I and q will become clear later, when we describe the many-time scheme based on LM-OTS.

  5. 5.

    These identifiers could be chosen adaptively by the attacker (subject to being distinct) without any significant change to the proof in the following section, but for simplicity we treat them as fixed in advance. When LM-OTS is subsequently used in the many-time signature scheme, the identifiers will be fixed in advance.

References

  1. Bernstein, D.J., et al.: SPHINCS: practical stateless hash-based signatures. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015, Part I. LNCS, vol. 9056, pp. 368–397. Springer, Heidelberg (2015). doi:10.1007/978-3-662-46800-5_15

    Google Scholar 

  2. Buchmann, J., Dahmen, E., Szydlo, M.: Hash-based digital signature schemes. In: Bernstein, D.J., Buchmann, J., Dahmen, E. (eds.) Post-Quantum Cryptography, pp. 35–93. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  3. Galbraith, S.D., Malone-Lee, J., Smart, N.: Public-key signatures in the multi-user setting. Inf. Process. Lett. 83(5), 263–266 (2002)

    Article  MathSciNet  MATH  Google Scholar 

  4. Hülsing, A., Butin, D., Gazdag, S., Mohaisen, A.: XMSS: extended hash-based signatures. Internet Draft draft-irtf-cfrg-xmss-hash-based-signatures-06, 6 July 2016. http://datatracker.ietf.org

  5. Katz, J., Lindell, Y.: Introduction to Modern Cryptography, 2nd edn. Chapman & Hall/CRC Press, New York (2014)

    MATH  Google Scholar 

  6. Kiltz, E., Masny, D., Pan, J.: Optimal security proofs for signatures from identification schemes. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016, Part II. LNCS, vol. 9815, pp. 33–61. Springer, Heidelberg (2016). doi:10.1007/978-3-662-53008-5_2

    Chapter  Google Scholar 

  7. Lamport, L.: Constructing digital signatures from a one-way function. Tehcnical Report SRI-CSL-98, SRI Intl. Computer Science Laboratory (1979)

    Google Scholar 

  8. Leighton, F.T., Micali, S.: Large provably fast and secure digital signature schemes based on secure hash functions. U.S. Patent 5,432,852, 11 July 1995

    Google Scholar 

  9. McGrew, D., Curcio, M.: Hash-based signatures. Internet Draft draft-mcgrew-hash-sigs-02, 4 July 2014. https://datatracker.ietf.org/doc/draft-mcgrew-hash-sigs/02

  10. McGrew, D., Curcio, M.: Hash-based signatures. Internet Draft draft-mcgrew-hash-sigs-04, 21 March 2016. https://datatracker.ietf.org/doc/draft-mcgrew-hash-sigs

  11. Merkle, R.C.: Secrecy, authentication, and public-key systems. Ph.D. Thesis, Stanford University (1979)

    Google Scholar 

  12. Merkle, R.C.: A certified digital signature. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 218–238. Springer, Heidelberg (1990). doi:10.1007/0-387-34805-0_21

    Chapter  Google Scholar 

  13. Naor, M., Yung, M.: Universal one-way hash functions and their cryptographic applications. In: Proceedings of 21st Annual Symposium on Theory of Computing (STOC), pp. 33–44. ACM (1989)

    Google Scholar 

  14. Rompel, J.: One-way functions are necessary and sufficient for secure signatures. In: Proceedings of 22nd Annual ACM Symposium on Theory of Computing (STOC), pp. 387–394. ACM (1990)

    Google Scholar 

Download references

Acknowledgments

I thank Laurie E. Law and Jerome A. Solinas for their encouragement and suggestions, as well as for bringing the Leighton-Micali patent [8] to my attention.

Author information

Authors and Affiliations

  1. Department of Computer Science, University of Maryland, College Park, USA

    Jonathan Katz

Authors
  1. Jonathan Katz
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jonathan Katz .

Editor information

Editors and Affiliations

  1. Computer Security Division, NIST, Gaithersburg, Maryland, USA

    Lidong Chen

  2. Cisco Systems Inc., San Jose, USA

    David McGrew

  3. University of London, Egham, United Kingdom

    Chris Mitchell

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing AG

About this paper

Cite this paper

Katz, J. (2016). Analysis of a Proposed Hash-Based Signature Standard. In: Chen, L., McGrew, D., Mitchell, C. (eds) Security Standardisation Research. SSR 2016. Lecture Notes in Computer Science(), vol 10074. Springer, Cham. https://doi.org/10.1007/978-3-319-49100-4_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-49100-4_12

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-49099-1

  • Online ISBN: 978-3-319-49100-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation