An Efficient Software Implementation of the Hash-Based Signature Scheme MSS and Its Variants

In this work, we describe an optimized software implementation of the Merkle digital signature scheme MSS and its variants GMSS, XMSS and $$\mathrm{XMSS}^\mathrm{MT}$$XMSSMT using the vector instruction set AVX2 on Intel's Haswell processor. Our implementation uses the multi-buffer approach for speeding up key generation, signing and verification on these schemes. We selected a set of parameters to maintain a balance among security level, key sizes and signature size. We aligned these parameters with the ones used in the hash-based signature schemes LDWM and XMSS. We report the performance results of our implementation on a modern Intel Core i7 3.4 GHz. In particular, a signing operation in the XMSS scheme can be computed in 2,001,479 cycles 1,694 signatures per second at the 128-bit security level against quantum attacks using the SHA2-256 hash function, a tree of height 60 and 6 layers. Our results indicate that the post-quantum hash-based signature scheme $$\mathrm{XMSS}^\mathrm{MT}$$XMSSMT offers high security and performance for several parameters on modern processors.

[1]  Johannes A. Buchmann,et al.  CMSS - An Improved Merkle Signature Scheme , 2006, INDOCRYPT.

[2]  John Kelsey,et al.  Recommendation for Random Number Generation Using Deterministic Random Bit Generators , 2014 .

[3]  Peter W. Shor,et al.  Polynominal time algorithms for discrete logarithms and factoring on a quantum computer , 1994, ANTS.

[4]  Markus Jakobsson,et al.  Fractal Merkle Tree Representation and Traversal , 2003, CT-RSA.

[5]  Mihir Bellare,et al.  A Forward-Secure Digital Signature Scheme , 1999, CRYPTO.

[6]  Peter Schwabe,et al.  SPHINCS: Practical Stateless Hash-Based Signatures , 2015, EUROCRYPT.

[7]  Leslie Lamport,et al.  Constructing Digital Signatures from a One Way Function , 2016 .

[8]  Johannes A. Buchmann,et al.  Merkle Signatures with Virtually Unlimited Signature Capacity , 2007, ACNS.

[9]  Ralph C. Merkle,et al.  Secrecy, authentication, and public key systems , 1979 .

[10]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[11]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[12]  Martina Ziefle,et al.  "Two Faces and a Hand Scan"- Pre- and Postoperative Insights of Patients Undergoing an Orthognathic Surgery , 2014, HCI.

[13]  Johannes Buchmann,et al.  Hash-based Digital Signature Schemes , 2009 .

[14]  Michael Schneider,et al.  Merkle Tree Traversal Revisited , 2008, PQCrypto.

[15]  Michael Szydlo,et al.  Merkle Tree Traversal in Log Space and Time , 2004, EUROCRYPT.

[16]  Peter W. Shor,et al.  Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer , 1995, SIAM Rev..

[17]  Andreas Hülsing,et al.  W-OTS+ - Shorter Signatures for Hash-Based Signature Schemes , 2013, AFRICACRYPT.

[18]  Johannes A. Buchmann,et al.  XMSS - A Practical Forward Secure Signature Scheme based on Minimal Security Assumptions , 2011, IACR Cryptol. ePrint Arch..

[19]  Alfred Menezes,et al.  The Elliptic Curve Digital Signature Algorithm (ECDSA) , 2001, International Journal of Information Security.

[20]  Lea Rausch,et al.  Optimal Parameters for XMSS MT , 2013, CD-ARES Workshops.

[21]  Leonid Reyzin,et al.  Better than BiBa: Short One-Time Signatures with Fast Signing and Verifying , 2002, ACISP.