Improving Stateless Hash-Based Signatures

Aumasson, Jean-Philippe; Endignoux, Guillaume

doi:10.1007/978-3-319-76953-0_12

Jean-Philippe Aumasson¹⁴ &
Guillaume Endignoux¹⁵

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10808))

Included in the following conference series:

Cryptographers’ Track at the RSA Conference

1262 Accesses
20 Citations
3 Altmetric

Abstract

We present several optimizations to SPHINCS, a stateless hash-based signature scheme proposed by Bernstein et al. in (2015): PORS, a more secure variant of the HORS few-time signature scheme used in SPHINCS; secret key caching, to speed-up signing and reduce signature size; batch signing, to amortize signature time and reduce signature size when signing multiple messages at once; mask-less constructions to reduce the key size and simplify the scheme; and Octopus, a technique to eliminate redundancies from authentication paths in Merkle trees. Based on a refined analysis of the subset resilience problem, we show that SPHINCS’ parameters can be modified to reduce the signature size while retaining a similar security level and computation time. We then propose Gravity-SPHINCS, our variant of SPHINCS embodying the aforementioned tricks. Gravity-SPHINCS has shorter keys (32 and 64 bytes instead of \({\approx }1\,\text {KB}\)), shorter signatures (\({\approx }30\,\text {KB}\) instead of 41 KB), and faster signing and verification for the same security level as SPHINCS.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

1.
Here \(\textsf {hash}\) means “some hash function”, not necessarily the same in all places.
2.
In SPHINCS, signing takes of the order of 50 million cycles [5].

References

Submission requirements and evaluation criteria for the post-quantum cryptography standardization process. NIST, December 2016. http://csrc.nist.gov/groups/ST/post-quantum-crypto/documents/call-for-proposals-final-dec-2016.pdf
Aumasson, J.P., Endignoux, G.: Clarifying the subset resilience problem. Cryptology ePrint Archive, Report 2017/909 (2017)
Google Scholar
Bellare, M., Garay, J.A., Rabin, T.: Fast batch verification for modular exponentiation and digital signatures. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 236–250. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0054130
Google Scholar
Bernstein, D.J.: Cost analysis of hash collisions: will quantum computers make sharcs obsolete? SHARCS 2009 special-purpose hardware for attacking cryptographic systems, p. 105 (2009)
Google Scholar
Bernstein, D.J.: SPHINCS: practical stateless hash-based signatures. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015, Part I. LNCS, vol. 9056, pp. 368–397. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46800-5_15
Google Scholar
Buchmann, J., Dahmen, E., Hülsing, A.: XMSS - a practical forward secure signature scheme based on minimal security assumptions. In: Yang, B.-Y. (ed.) PQCrypto 2011. LNCS, vol. 7071, pp. 117–129. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25405-5_8
Chapter Google Scholar
Buchmann, J., Dahmen, E., Schneider, M.: Merkle tree traversal revisited. In: Buchmann, J., Ding, J. (eds.) PQCrypto 2008. LNCS, vol. 5299, pp. 63–78. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-88403-3_5
Chapter Google Scholar
Chailloux, A., Naya-Plasencia, M., Schrottenloher, A.: An efficient quantum collision search algorithm and implications on symmetric cryptography. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017, Part II. LNCS, vol. 10625, pp. 211–240. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70697-9_8
Chapter Google Scholar
Dahmen, E., Okeya, K., Takagi, T., Vuillaume, C.: Digital signatures out of second-preimage resistant hash functions. In: Buchmann, J., Ding, J. (eds.) PQCrypto 2008. LNCS, vol. 5299, pp. 109–123. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-88403-3_8
Chapter Google Scholar
Endignoux, G.: Design and implementation of a post-quantum hash-based cryptographic signature scheme. Master’s thesis, EPFL (2017)
Google Scholar
Fiat, A.: Batch RSA. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 175–185. Springer, New York (1990). https://doi.org/10.1007/0-387-34805-0_17
Chapter Google Scholar
Goldreich, O.: Foundations of Cryptography: Basic Applications, vol. 2. Cambridge University Press, Cambridge (2004)
Book MATH Google Scholar
Hülsing, A.: W-OTS+ - shorter signatures for hash-based signature schemes. In: Youssef, A., Nitaj, A., Hassanien, A.E. (eds.) AFRICACRYPT 2013. LNCS, vol. 7918, pp. 173–188. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38553-7_10
Chapter Google Scholar
Hülsing, A., Rijneveld, J., Song, F.: Mitigating multi-target attacks in hash-based signatures. In: Cheng, C.-M., Chung, K.-M., Persiano, G., Yang, B.-Y. (eds.) PKC 2016, Part I. LNCS, vol. 9614, pp. 387–416. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49384-7_15
Chapter Google Scholar
Jakobsson, M., Leighton, T., Micali, S., Szydlo, M.: Fractal Merkle tree representation and traversal. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 314–326. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36563-X_21
Chapter Google Scholar
Kölbl, S., Lauridsen, M.M., Mendel, F., Rechberger, C.: Haraka v2 - efficient short-input hashing for post-quantum applications. IACR Trans. Symmetric Cryptol. 2016(2), 1–29 (2016)
Google Scholar
Merkle, R.C.: A certified digital signature. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 218–238. Springer, New York (1990). https://doi.org/10.1007/0-387-34805-0_21
Chapter Google Scholar
Pavlovski, C., Boyd, C.: Efficient batch signature generation using tree structures. In: International Workshop on Cryptographic Techniques and E-Commerce, CrypTEC, vol. 99, pp. 70–77 (1999)
Google Scholar
Reyzin, L., Reyzin, N.: Better than BiBa: short one-time signatures with fast signing and verifying. In: Batten, L., Seberry, J. (eds.) ACISP 2002. LNCS, vol. 2384, pp. 144–153. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45450-0_11
Chapter Google Scholar
Szydlo, M.: Merkle tree traversal in log space and time. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 541–554. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24676-3_32
Chapter Google Scholar

Download references

Author information

Authors and Affiliations

Kudelski Security, Cheseaux-sur-Lausanne, Switzerland
Jean-Philippe Aumasson
EPFL, Lausanne, Switzerland
Guillaume Endignoux

Authors

Jean-Philippe Aumasson
View author publications
You can also search for this author in PubMed Google Scholar
Guillaume Endignoux
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jean-Philippe Aumasson .

Editor information

Editors and Affiliations

KU Leuven , Leuven, Belgium
Nigel P. Smart

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Aumasson, JP., Endignoux, G. (2018). Improving Stateless Hash-Based Signatures. In: Smart, N. (eds) Topics in Cryptology – CT-RSA 2018. CT-RSA 2018. Lecture Notes in Computer Science(), vol 10808. Springer, Cham. https://doi.org/10.1007/978-3-319-76953-0_12

Download citation

DOI: https://doi.org/10.1007/978-3-319-76953-0_12
Published: 07 March 2018
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-76952-3
Online ISBN: 978-3-319-76953-0
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics