Realizing Hash and Sign Signatures under Standard Assumptions
Hash-Based Signatures
description
Transcript of Hash-Based Signatures
Hash-Based SignaturesJohannes Buchmann, Andreas HülsungSupported by DFG and DAAD
Part X: XMSS Security
XMSS has Minimal Security Requirements
Security Requirements of Current Signature Schemes
Intractability assumption
Digital signature scheme
Collision resistant hash function
Minimal Security Requirement of Signatures
One-way FFNaor, Yung 1989
Rompel 1990
Digital signature scheme
Target-collision resistant HFF
One-way FF
XMSSPseudorandom FF
Second-preimage resistant HFF
XMSS has minimal security requirements
Naor, Yung 1989Rompel 1990
Håstad, Impagliazzo, Levin, Luby 1999Goldreich, Goldwasser, Micali 1986
Digital signature scheme
Rompel 1990
XMSS Existential unforgeable under chosen message attacks
Security proof
PRFF
SPR-HFF
WOTS$ is EU-CMA
XMSS-Tree + WOTS is EU-CMA
[BDEHR., Africacrypt 2011]
[ DOTV,PQC 2008]
XMSS is EU-CMA
XMSS is forward secure
[BDH, PQC 2011]
[BDH, PQC 2011]