Hash-Based Signatures

The ISC International Journal of Information Security, 2022

Digital signature schemes are used to guarantee for non-repudiation and authenticity of any kind of data like documents, messages or software. The Winternitz one-time signature (WOTS) scheme, which can be described using a certain number of so-called "function chains", plays an important role in the design of both stateless and stateful many-time signature schemes. The main idea of WOTS scheme is the use of a limited number of function chains, all of which begin at some random values. This work introduces WOTS-GES, a new WOTS type signature scheme in which the need for computing all of the intermediate values of the chains is eliminated. More precisely, to compute each algorithm of the proposed scheme, we only need to calculate one intermediate value. This significantly reduces the number of required operations needed to calculate the algorithms of WOTS-GES. To achieve this results, we have used the concept of "leveled" multilinear maps which is also referred to as graded encoding schemes. We expect these results to increase the efficiency of Winternitz based digital signature schemes.

IACR Cryptol. ePrint Arch., 2019

The Winternitz one-time signature (WOTS) scheme, which can be described using a certain number of so-called “function chains”, plays an important role in the design of both stateless and stateful many-time signature schemes. This work introduces WOTS, a new WOTS type signature scheme in which the need for computing all of the intermediate values of the chains is eliminated. This significantly reduces the number of required operations needed to calculate the algorithms of WOTS. To achieve this results, we have used the concept of “leveled” multilinear maps which is also referred to as graded encoding schemes. In the context of provable security, we reduce the hardness of graded discrete-logarithm (GDL) problem to the EU-CMA security of WOTS in the standard model.

viXra, 2020

A very simple modification to the standard W-OTS scheme is presented called W-OTS# that achieves a security enhancement similar to W-OTS+ but without the overhead of hashing a randomization vector in every round of the chaining function. The idea proffered by W-OTS# is to simply thwart Birthday-attacks altogether by signing an HMAC of the message-digest (keyed with cryptographically random salt) rather than the message-digest itself. The signer thwarts a birthday attack by virtue of requiring that the attacker guess the salt bits in addition to the message-digest bits during the collision scanning process. By choosing a salt length matching the message-digest length, the security of W-OTS# reduces to that of the cryptographic hash function. This essentially doubles the security level of W-OTS and facilitates the use of shorter hash functions which provide shorter and faster signatures for same security. For example, W-OTS# 128-bit signatures have commensurate security to standard W-...

2012

The purpose of introducing of this algorithm is a new method for designing a simple mechanism for producing a digital signature. Some applications like multi agent systems transfer messages with low size and capacity. The new algorithm minimizes the size of original file and gives us a dynamic and smaller size output. In this algorithm read the input file then hash the message and encode it. Finally modify the established code into a unique ID at Base 16. We concentrate on designing and implementation of functions of algorithm.

Lecture Notes in Computer Science, 2006

The Merkle signature scheme (MSS) is an interesting alternative for well established signature schemes such as RSA, DSA, and ECDSA. The security of MSS only relies on the existence of cryptographically secure hash functions. MSS has a good chance of being quantum computer resistant. In this paper, we propose CMSS, a variant of MSS, with reduced private key size, key pair generation time, and signature generation time. We demonstrate that CMSS is competitive in practice by presenting a highly efficient implementation within the Java Cryptographic Service Provider FlexiProvider. We present extensive experimental results and show that our implementation can for example be used to sign messages in Microsoft Outlook.

International Journal of Cyber-Security and Digital Forensics, 2018

Active work is being done to create and develop quantum computers. Traditional digital signature systems that are used in practice are vulnerable to quantum computers attacks. The security of these systems is based on the problem of factoring large numbers and calculating discrete logarithms. Scientists are working on the development of alternatives to RSA, which are protected from attacks by quantum computer. One of the alternatives are hash based digital signature schemes. In the article hash based one-time signatures are considered, their analysis and comparison are done. It is shown that, using Winternitz one-time signature scheme, the length of the signature and of the keys is substantially reduced. But also this scheme has disadvantages, in the case of generating keys, creating a signature and verifying a signature, one-way function should be used much more times, then in Lamport signature scheme. So, must be paid serious attention at the choice of this function, it should be quickly executed and safe.

Information Processing Letters, 2008

A one-time signature scheme using run-length encoding is presented, that in the random oracle model offers security against chosen-message attacks. For parameters of interest, the proposed scheme enables about 33% faster verification with a comparable signature size than a construction of Merkle and Winternitz. The public key size remains unchanged (1 hash value). The main price for the faster verification is an increase of the time for signing messages and for key generation. Comparisons among different constructions can be found in , and naming a single superior scheme seems non-trivial. Depending on the application requirements, preferences may differ, and subsequently, we focus on a construction of Merkle and Winternitz , which is used in [8,6,5], for instance. Dods et al. in [7] recommend the use of this scheme, too. After recalling the main ingredients of the Merkle-Winternitz construction, in Section 3 we describe our new scheme, which relies on a run-length encoding of a hash value. To analyze the security, we resort to a random oracle model. Section 4 discusses the efficiency and gives parameters of interest. It turns out that for relevant parameter choices the new scheme enables a significantly faster verification than the Merkle-Winternitz construction without sacrificing the attractive public key length of a single hash value. The main price we pay is a (moderate) increase in the expected cost for signature and key generation.

Designs, Codes and Cryptography, 2010

In this paper, we provide a new multi-signature scheme that is proven secure in the plain public key model. Our scheme is practical and efficient according to computational costs, signature size and security assumptions. At first, our scheme matches the single ordinary discrete logarithm based signature scheme in terms of signing time, verification time and signature size. Secondly, our scheme requires only two rounds of interactions and each signer needs nothing more than a certified public key to produce the signature, meaning that our scheme is compatible with existing PKIs. Thirdly, our scheme has been proven secure in the random oracle model under standard discrete logarithm (DL) assumption. It outperforms a newly proposed multi-signature scheme by Bagherzandi, Cheon and Jarecki (BCJ scheme) in terms of both computational costs and signature size. Keywords Cryptography • Digital signature • Multi-signature • Provable security • Plain public key model Mathematics Subject Classifications (2000) 11T71 • 94A60 Communicated by S. Galbraith.

Applied Cryptography and Network Security, 2007

We propose GMSS, a new variant of the Merkle signature scheme. GMSS is the first Merkle-type signature scheme that allows a cryptographically unlimited (2 80) number of documents to be signed with one key pair. Compared to recent improvements of the Merkle signature scheme, GMSS reduces the signature size as well as the signature generation cost.

2012

A digital signature is a cryptographic method for verifying the identity of an individual, a process, computer system, or any other entity, in much the same way as a handwritten signature verifies the identity of a person. Digital signatures use the properties of public-key cryptography to produce pieces of information that verify the origin of data. Several digital schemes have been proposed as on date based on factorization, discrete logarithm and elliptical curve. However, the Pollard rho and the baby-step giant-step Algorithm digital scheme based on discrete logarithm gained wide acceptance. Many schemes followed there by with little changes in it. Some of the schemes evolved by combing factorization and discrete logarithm together making it difficult for solving two hard problems from the hackers point of view. This paper presents the implementation of Pollard rho and the baby-step giant-step algorithm, with the help different tools and further analyzed them for different perce...