XMSS - A Practical Forward Secure Signature Scheme based on Minimal Security Assumptions

We present the hash-based signature scheme XMSS. It is the first provably (forward) secure and practical signature scheme with minimal security requirements: a pseudorandom and a second preimage resistant (hash) function family. Its signature size is reduced to less than 25% compared to the best provably secure hash based signature scheme.

[1]  Mihir Bellare,et al.  A Forward-Secure Digital Signature Scheme , 1999, CRYPTO.

[2]  Arjen K. Lenstra,et al.  Selecting Cryptographic Key Sizes , 2000, Journal of Cryptology.

[3]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[4]  Michael Szydlo,et al.  Merkle Tree Traversal in Log Space and Time , 2004, EUROCRYPT.

[5]  Oded Goldreich,et al.  Foundations of Cryptography: Basic Tools , 2000 .

[6]  Peter W. Shor,et al.  Algorithms for quantum computation: discrete logarithms and factoring , 1994, Proceedings 35th Annual Symposium on Foundations of Computer Science.

[7]  Ralph C. Merkle,et al.  One Way Hash Functions and DES , 1989, CRYPTO.

[8]  Mihir Bellare,et al.  Collision-Resistant Hashing: Towards Making UOWHFs Practical , 1997, CRYPTO.

[9]  Bruce Schneier One-way hash functions , 1991 .

[10]  Leonid Reyzin,et al.  A New Forward-Secure Digital Signature Scheme , 2000, ASIACRYPT.

[11]  Gene Itkis,et al.  Forward-Secure Signatures with Optimal Signing and Verifying , 2001, CRYPTO.

[12]  Silvio Micali,et al.  How to construct random functions , 1986, JACM.

[13]  Thomas Shrimpton,et al.  Cryptographic Hash-Function Basics: Definitions, Implications, and Separations for Preimage Resistance, Second-Preimage Resistance, and Collision Resistance , 2004, FSE.

[14]  Daniele Micciancio,et al.  The Provable Security of Graph-Based One-Time Signatures and Extensions to Algebraic Signature Schemes , 2002, ASIACRYPT.

[15]  Jan Camenisch,et al.  Fine-grained forward-secure signature schemes without random oracles , 2006, Discret. Appl. Math..

[16]  Ueli Maurer,et al.  Optimal Tree-Based One-Time Digital Signature Schemes , 1996, STACS.

[17]  Carlos Coronado On the security and the efficiency of the Merkle signature scheme , 2005, IACR Cryptol. ePrint Arch..

[18]  Chanathip Namprempre,et al.  Forward-Secure Threshold Signature Schemes , 2001, CT-RSA.

[19]  Dong Hoon Lee,et al.  Disaster Coverable PKI Model Utilizing the Existing PKI Structure , 2006, OTM Workshops.

[20]  Markus Jakobsson,et al.  Fractal Merkle Tree Representation and Traversal , 2003, CT-RSA.

[21]  Hugo Krawczyk,et al.  Pseudorandom functions revisited: the cascade construction and its concrete security , 1996, Proceedings of 37th Conference on Foundations of Computer Science.

[22]  Leonid Reyzin,et al.  Forward-Secure Signatures with Fast Key Update , 2002, SCN.

[23]  John Black,et al.  Black-Box Analysis of the Block-Cipher-Based Hash-Function Constructions from PGV , 2002, CRYPTO.

[24]  Dawn Xiaodong Song,et al.  Practical forward secure group signature schemes , 2001, CCS '01.

[25]  Johannes A. Buchmann,et al.  CMSS - An Improved Merkle Signature Scheme , 2006, INDOCRYPT.

[26]  Hugo Krawczyk,et al.  Keying Hash Functions for Message Authentication , 1996, CRYPTO.

[27]  Ross J. Anderson,et al.  Two remarks on public key cryptology , 2002 .

[28]  Nigel P. Smart,et al.  Hash Based Digital Signature Schemes , 2005, IMACC.

[29]  Johannes A. Buchmann,et al.  On the security of the Winternitz one-time signature scheme , 2011, Int. J. Appl. Cryptogr..

[30]  Tsuyoshi Takagi,et al.  Digital Signatures Out of Second-Preimage Resistant Hash Functions , 2008, PQCrypto.

[31]  Johannes Buchmann,et al.  Hash-based Digital Signature Schemes , 2009 .

[32]  Michael Schneider,et al.  Merkle Tree Traversal Revisited , 2008, PQCrypto.

[33]  Tal Malkin,et al.  Efficient Generic Forward-Secure Signatures with an Unbounded Number Of Time Periods , 2002, EUROCRYPT.

[34]  Johannes A. Buchmann,et al.  Merkle Signatures with Virtually Unlimited Signature Capacity , 2007, ACNS.

[35]  Ralph C. Merkle,et al.  A Certified Digital Signature , 1989, CRYPTO.

[36]  A. K. Lenstra,et al.  Key Lengths Contribution to The Handbook of Information Security , 2010 .

[37]  Mihir Bellare,et al.  Forward-Security in Private-Key Cryptography , 2003, CT-RSA.

[38]  John Rompel,et al.  One-way functions are necessary and sufficient for secure signatures , 1990, STOC '90.

[39]  Leonid A. Levin,et al.  A Pseudorandom Generator from any One-way Function , 1999, SIAM J. Comput..

[40]  Gilles Brassard,et al.  Advances in Cryptology — CRYPTO’ 89 Proceedings , 2001, Lecture Notes in Computer Science.

[41]  Hugo Krawczyk,et al.  Simple forward-secure signatures from any signature scheme , 2000, IACR Cryptol. ePrint Arch..