Hash-based signatures are gaining attention as one of the alternatives that can replace current digital signatures that are not secure against an attack by quantum computers along with lattice-based signatures, multivariate signatures, and code-based signatures. Up to now, all hash-based signatures have used binary representations to generate signatures. In this paper, we propose using the nonadjacent form (NAF) when generating signatures in hash-based signatures. Concretely, we propose a hash-based signature scheme, WSS-N, which is obtained by applying nonadjacent forms (NAF) to the Winternitz signature scheme. We prove that WSS-N is existentially unforgeable under chosen message attacks in the standard model. And we show that WSS-N needs less hash function calls compared to the Winternitz signature scheme using the binary representation, WSS-B. For a specific parameter with a 256-bit security, we can see that WSS-N generates signatures faster than WSS-B by 8%. Finally, we implement both WSS-N and WSS-B and show that WSS-N generates signatures faster than WSS-B on a desktop computer.
[1]
Yael Tauman Kalai,et al.
Improved Online/Offline Signature Schemes
,
2001,
CRYPTO.
[2]
Leslie Lamport,et al.
Constructing Digital Signatures from a One Way Function
,
2016
.
[3]
Andreas Hülsing,et al.
W-OTS+ - Shorter Signatures for Hash-Based Signature Schemes
,
2013,
AFRICACRYPT.
[4]
Peter Schwabe,et al.
SPHINCS: Practical Stateless Hash-Based Signatures
,
2015,
EUROCRYPT.
[5]
Silvio Micali,et al.
On-line/off-line digital signatures
,
1996,
Journal of Cryptology.
[6]
Peter W. Shor,et al.
Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer
,
1995,
SIAM Rev..
[7]
Ralph C. Merkle,et al.
A Certified Digital Signature
,
1989,
CRYPTO.