1 / 6
Télécharger la présentation

Hash-Based Signatures

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Hash-Based Signatures Johannes Buchmann, Andreas Hülsung Supported by DFG and DAAD Part X: XMSS Security

  2. XMSS has Minimal Security Requirements

  3. Security Requirements of Current Signature Schemes Intractability assumption Collision resistant hash function Digital signature scheme

  4. Minimal Security Requirement of Signatures Digital signature scheme One-way FF Naor, Yung 1989 Rompel 1990

  5. XMSShas minimal security requirements XMSS Existential unforgeable under chosen message attacks Second-preimage resistant HFF Target-collision resistant HFF XMSS Pseudorandom FF Rompel 1990 Håstad, Impagliazzo, Levin, Luby 1999 Goldreich, Goldwasser, Micali 1986 Digital signature scheme One-way FF Naor, Yung 1989 Rompel 1990

  6. Security proof [BDH, PQC 2011] XMSS isEU-CMA PRFF [BDEHR., Africacrypt 2011] WOTS$ is EU-CMA [BDH, PQC 2011] SPR-HFF [ DOTV,PQC 2008] XMSS isforwardsecure XMSS-Tree + WOTS isEU-CMA

More Related