SPHINCS: Practical Stateless Hash-Based Signatures

This paper introduces a high-security post-quantum stateless hash-based signature scheme that signs hundreds of messages per second on a modern 4-core 3.5GHz Intel CPU. Signatures are 41 KB, public keys are 1 KB, and private keys are 1 KB. The signature scheme is designed to provide long-term \(2^{128}\) security even against attackers equipped with quantum computers. Unlike most hash-based designs, this signature scheme is stateless, allowing it to be a drop-in replacement for current signature schemes.

[1]  Lea Rausch,et al.  Optimal Parameters for XMSS MT , 2013, CD-ARES Workshops.

[2]  Tanja Lange,et al.  Non-uniform cracks in the concrete: the power of free precomputation , 2012, IACR Cryptol. ePrint Arch..

[3]  Léo Ducas,et al.  Lattice Signatures and Bimodal Gaussians , 2013, IACR Cryptol. ePrint Arch..

[4]  Leonid Reyzin,et al.  Better than BiBa: Short One-Time Signatures with Fast Signing and Verifying , 2002, ACISP.

[5]  Oded Goldreich,et al.  Foundations of Cryptography: Volume 2, Basic Applications , 2004 .

[6]  Andreas Hülsing,et al.  Practical forward secure signatures using minimal security assumptions , 2013 .

[7]  D. Bernstein What output size resists collisions in a xor of independent expansions ? , 2007 .

[8]  Ralph C. Merkle,et al.  A Certified Digital Signature , 1989, CRYPTO.

[9]  Yishay Mansour,et al.  A construction of a cipher from a single pseudorandom permutation , 1997, Journal of Cryptology.

[10]  Tsuyoshi Takagi,et al.  Digital Signatures Out of Second-Preimage Resistant Hash Functions , 2008, PQCrypto.

[11]  Andrew Odlyzko,et al.  Advances in Cryptology — CRYPTO’ 86 , 2000, Lecture Notes in Computer Science.

[12]  Johannes A. Buchmann,et al.  CMSS - An Improved Merkle Signature Scheme , 2006, INDOCRYPT.

[13]  Shahram Khazaei,et al.  New Features of Latin Dances: Analysis of Salsa, ChaCha, and Rumba , 2008, FSE.

[14]  Adi Shamir,et al.  Minimalism in Cryptography: The Even-Mansour Scheme Revisited , 2012, EUROCRYPT.

[15]  Dongvu Tonien,et al.  Birthday Paradox for Multi-Collisions , 2008, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[16]  Oded Goldreich,et al.  The Foundations of Cryptography - Volume 2: Basic Applications , 2001 .

[17]  Samuel Neves,et al.  BLAKE2: Simpler, Smaller, Fast as MD5 , 2013, ACNS.

[18]  Guido Bertoni,et al.  The Road from Panama to Keccak via RadioGatún , 2009, Symmetric Cryptography.

[19]  Joe Kilian,et al.  How to Protect DES Against Exhaustive Key Search (an Analysis of DESX) , 2015, Journal of Cryptology.

[20]  Jean-Philippe Aumasson,et al.  SipHash: A Fast Short-Input PRF , 2012, INDOCRYPT.

[21]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[22]  D. Bernstein Cost analysis of hash collisions : will quantum computers make SHARCS obsolete? , 2009 .

[23]  Leslie Lamport,et al.  Constructing Digital Signatures from a One Way Function , 2016 .

[24]  Christoph Böhm,et al.  The Basic Applications , 2013 .

[25]  Matthew J. B. Robshaw,et al.  New Stream Cipher Designs: The eSTREAM Finalists , 2008 .

[26]  Dongvu Tonien,et al.  Birthday Paradox for Multi-collisions , 2006, ICISC.

[27]  Kaoru Kurosawa,et al.  Power of a Public Random Permutation and Its Application to Authenticated Encryption , 2010, IEEE Transactions on Information Theory.

[28]  Fang Song,et al.  A Note on Quantum Security for Post-Quantum Cryptography , 2014, PQCrypto.

[29]  Huaxiong Wang,et al.  Multiple-Time Signature Schemes against Adaptive Chosen Message Attacks , 2003, Selected Areas in Cryptography.

[30]  Oded Goldreich,et al.  Two Remarks Concerning the Goldwasser-Micali-Rivest Signature Scheme , 1986, CRYPTO.

[31]  Andreas Hülsing,et al.  W-OTS+ - Shorter Signatures for Hash-Based Signature Schemes , 2013, AFRICACRYPT.

[32]  Johannes A. Buchmann,et al.  XMSS - A Practical Forward Secure Signature Scheme based on Minimal Security Assumptions , 2011, IACR Cryptol. ePrint Arch..

[33]  Daniel J. Bernstein,et al.  The Salsa20 Family of Stream Ciphers , 2008, The eSTREAM Finalists.

[34]  Johannes A. Buchmann,et al.  Merkle Signatures with Virtually Unlimited Signature Capacity , 2007, ACNS.