Hash-Based Signatures Johannes Buchmann, Andreas Hülsung Supported by DFG and DAAD Part XI: XMSS in Practice.

Slides:

Advertisements

Similar presentations

Research & Development Workshop on e-Voting and e-Government in the UK - February 27, 2006 Votinbox - a voting system based on smart cards Sébastien Canard.

Advertisements

Web security: SSL and TLS

Enhancing Demand Response Signal Verification in Automated Demand Response Systems Daisuke Mashima, Ulrich Herberg, and Wei-Peng Chen SEDN (Solutions for.

Conventional Encryption: Algorithms

Network Security: Lab#2 J. H. Wang Apr. 28, 2011.

SSL Implementation Guide Onno W. Purbo

Transport Layer Security (TLS) Bill Burr November 2, 2001.

Customized Network Security Protocols Cristina Nita-Rotaru and Jeffrey Seibert SPONSORED BY DOUBLE-TAKE SOFTWARE (Jan July 2009) Department of.

Using Cryptography to Protect Data in Computer Networks: case study Vsevolod Ievgiienko National Taras Shevchenko University of Kiev Faculty of Cybernetics.

PlutoPlus: Policy and PKI Plans for FY00 Sheila Frankel Systems and Network Security Group Computer Security Division NIST

An In-Depth Examination of PKI Strengths, Weaknesses and Recommendations.

Web Security for Network and System Administrators1 Chapter 4 Encryption.

HASH ALGORITHMS - Chapter 12

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

CSE331: Introduction to Networks and Security Lecture 18 Fall 2002.

Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

CS Network Security Lecture 2 Prof. Katz. 9/7/2000Lecture 2 - Data Encryption2 DES – Data Encryption Standard Private key. Encrypts by series of.

Electronic mail security -- Pretty Good Privacy.

S/MIME v3.2 draft-ietf-smime-3850bis-00.txt draft-ietf-smime-3851bis-00.txt Sean Turner Blake Ramsdell.

Feb 19, 2002Mårten Trolin1 Previous lecture Practical things about the course. Example of cryptosystem — substitution cipher. Symmetric vs. asymmetric.

TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.

Cryptography Overview CS155. Cryptography Is A tremendous tool The basis for many security mechanisms Is not The solution to all security problems Reliable.

1 Chapter 4 Encryption. 2 Objectives In this chapter, you will: Learn the basics of encryption technology Recognize popular symmetric encryption algorithms.

Circle Detection Compression and Security of Surveillance Videos 張晏豪.

XMSS - A Practical Forward Secure Signature Scheme based on Minimal Security Assumptions J. Buchmann, E. Dahmen, A. Hülsing | TU Darmstadt |

Internet Engineering Czesław Smutnicki Discrete Mathematics – Cryptography.

Week 5 - Monday.  What did we talk about last time?  Cryptographic hash functions.

Network Security. An Introduction to Cryptography The encryption model (for a symmetric-key cipher).

PGP Encryption Justin Shelby. Encryption Methods  There are two basic key types for cryptography Symmetric Asymmetric.

Securing Data Authentication with Cryptographic Signatures in BitTorrent Du Wei cc.hut.fi / Supervisor : Professor Jukka Manner Instructor.

Qian Chen, Haibo Hu, Jianliang Xu Hong Kong Baptist University Authenticated Online Data Integration Services1.

Crypto Bro Rigby. History

Private Key Algorithms RSA SSL

S. Muftic Computer Networks Security 1 Lecture 4: Message Confidentiality and Message Integrity Prof. Sead Muftic.

每时每刻可信安全 1The DES algorithm is an example of what type of cryptography? A Secret Key B Two-key C Asymmetric Key D Public Key A.

CS 4/585: Cryptography Tom Shrimpton FAB

Case Study II: A Web Server CSCI 8710 September 30 th, 2008.

Module 3 – Cryptography Cryptography basics Ciphers Symmetric Key Algorithms Public Key Algorithms Message Digests Digital Signatures.

Cryptography and Network Security (CS435) Part Twelve (Electronic Mail Security)

Primitive Operations. Communication Operations –Reader to tag Read Write –Tag to Tag Read Write Hash and Encryption Operations –Hash: MD5, Sha-1, Sha-256,

Feb 17, 2003Mårten Trolin1 Previous lecture Practical things about the course. Example of cryptosystem — substitution cipher. Symmetric vs. asymmetric.

Symmetric Cryptography, Asymmetric Cryptography, and Digital Signatures.

Middleware for Secure Environments Presented by Kemal Altıntaş Hümeyra Topcu-Altıntaş Osman Şen.

A Quick Tour of Cryptographic Primitives Anupam Datta CMU Fall A: Foundations of Security and Privacy.

Class 4 Asymmetric Cryptography and Trusting Internal Components CIS 755: Advanced Computer Security Spring 2014 Eugene Vasserman

Week 4 - Friday.  What did we talk about last time?  Snow day  But you should have read about  Key management.

Giuseppe Bianchi Message Authentication: hash functions and hash-based constructions.

Lattice Based Signatures Johannes Buchmann Erik Dahmen Richard Lindner Markus Rückert Michael Schneider.

Cryptography issues – elliptic curves Presented by Tom Nykiel.

Electronic Mail Security Prepared by Dr. Lamiaa Elshenawy

1 SSL/TLS. 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.

| TU Darmstadt | Andreas Hülsing | 1 Optimal Parameters for XMSS MT Andreas Hülsing, Lea Rausch, and Johannes Buchmann.

Network Security: Lab#2 J. H. Wang Oct. 9, Objectives To learn to use message digests –MD5 To learn to use secure hash functions –SHA-1, SHA-2 To.

Forward Secure Signatures on Smart Cards A. Hülsing, J. Buchmann, C. Busold | TU Darmstadt | A. Hülsing | 1.

| TU Darmstadt | Andreas Hülsing | 1 W-OTS + – Shorter Signatures for Hash-Based Signature Schemes Andreas Hülsing.

1 Introduction to Cryptography Chapter-4. Definitions  Cryptography = the science (art) of encryption  Cryptanalysis = the science (art) of breaking.

Proposal for Term Project Information Security, Fall 2013 J. H. Wang Nov. 5, 2013.

Opracowanie językowe dr inż. J. Jarnicki

Hash-Based Signatures

Long-term secure signatures for the IoT

Mitigating Multi-Target-Attacks in Hash-based Signatures

SPHINCS: practical stateless hash-based signatures

Practical Aspects of Modern Cryptography

SPHINCS: practical stateless hash-based signatures

Towards A Standard for Practical Hash-based Signatures

XMSS Practical Hash-Based Signatures Andreas Hülsing joint work with Johannes Buchmann and Erik Dahmen | TU Darmstadt | Andreas Hülsing.

Comparison of Digital Signature with TESLA

Campbell R. Harvey Duke University and NBER

Campbell R. Harvey Duke University and NBER

Presentation transcript:

Hash-Based Signatures Johannes Buchmann, Andreas Hülsung Supported by DFG and DAAD Part XI: XMSS in Practice

AES Blowfish 3DES Twofish Threefish Serpent IDEA RC5 RC6 … Hash functions & Blockciphers SHA-2 SHA-3 BLAKE Grøstl JH Keccak Skein VSH MCH MSCQ SWIFFTX RFSB …

PRF and Hash Function from AES AES: PRF:  Plain AES Hash function  AES with Matyas-Meyer-Oseas in Merkle-Damgård mode

PRF and Hash Function from SHA2 SHA2: PRF  Simplified SHA2-HMAC: F K (M) = SHA2( Pad(K) || M )  Pad(x) prepends 0‘s to reach blocksize (512bit)  No MD-Strengthening needed Hash function  Plain SHA2

XMSS Implementations C Implementation C Implementation, using OpenSSL [BDH2011] Sign (ms) Verify (ms) Signature (bit) Public Key (bit) Secret Key (byte) Bit Security Comment XMSS-SHA ,67213,6003,364157h = 20, w = 64, XMSS-AES-NI ,6167,3281,68484h = 20, w = 4 XMSS-AES ,6167,3281,68484h = 20, w = 4 RSA ≤ 2,048≤ 4,096≤ Intel(R) Core(TM) i5-2520M 2.50GHz with Intel AES-NI

i j Reminder: Tree Chaining 2 h+1 → 2*2 h/2+1 = 2 h/2+2 But: Larger signatures!

XMSS Implementations Smartcard Implementation Sign (ms) Verify (ms) Keygen (ms) Signature (byte) Public Key (byte) Secret Key (byte) Bit Sec. Comment XMSS ,4002, ,44892H = 16, w = 4 XMSS ,6003, ,76094H = 16, w = 4 RSA ,000≤ 256≤ Infineon SLE78 8KB RAM, TRNG, sym. & asym. co-processor NVM: Card 16.5 million write cycles/ sector, XMSS + < 5 million write cycles (h=20) [HBB12]

Thank you! Questions?