04.09.2013 | TU Darmstadt | Andreas Hülsing | 1 Optimal Parameters for XMSS MT Andreas Hülsing, Lea Rausch, and Johannes Buchmann.

Slides:



Advertisements
Similar presentations
14. Aug Towards Practical Lattice-Based Public-Key Encryption on Reconfigurable Hardware SAC 2013, Burnaby, Canada Thomas Pöppelmann and Tim Güneysu.
Advertisements

Introduction to Computer Science 2 Lecture 7: Extended binary trees
Advanced Security Constructions and Key Management Class 16.
External Memory Hashing. Model of Computation Data stored on disk(s) Minimum transfer unit: a page = b bytes or B records (or block) N records -> N/B.
LOGO Multi-user Broadcast Authentication in Wireless Sensor Networks ICU Myunghan Yoo.
A Framework for Secure Data Aggregation in Sensor Networks Yi Yang Xinran Wang, Sencun Zhu and Guohong Cao The Pennsylvania State University MobiHoc’ 06.
Leakage-Resilient Signatures Sebastian Faust KU Leuven Joint work with Eike Kiltz CWI Krzysztof Pietrzak CWI Guy Rothblum Princeton TCC 2010, Zurich, Switzerland.
The School of Electrical Engineering and Computer Science (EECS) CS/ECE Network Security Hash-based Primitives Credits: Dr. Peng Ning and Dr. Adrian Perrig.
B+-tree and Hashing.
Generic Object Detection using Feature Maps Oscar Danielsson Stefan Carlsson
Authenticating streamed data in the presence of random packet loss March 17th, Philippe Golle, Stanford University.
Scalable Secure Bidirectional Group Communication Yitao Duan and John Canny Berkeley Institute of Design Computer Science.
Multicast Security May 10, 2004 Sam Irvine Andy Nguyen.
SIA: Secure Information Aggregation in Sensor Networks Dhiman Barman Authors: Bartosz Przydateck, Dawn Song, and Adrian Perrig CMU SenSys 2003.
Foundations of Cryptography Lecture 8 Lecturer: Moni Naor.
XMSS - A Practical Forward Secure Signature Scheme based on Minimal Security Assumptions J. Buchmann, E. Dahmen, A. Hülsing | TU Darmstadt |
Reliability of Wireless Sensors with Code Attestation for Intrusion Detection Presented by: Yating Wang.
Cryptography in a Post Quantum Computing World Máire O’Neill.
Basel Alomair, Krishna Sampigethaya, and Radha Poovendran University of Washington TexPoint fonts used in EMF.
CS548 Advanced Information Security Presented by Gowun Jeong Mar. 9, 2010.
Neural Key Exchange Presented by: Jessica Lowell 10 December 2009 CS 6750.
02/22/2005 Joint Seminer Satoshi Koga Information Technology & Security Lab. Kyushu Univ. A Distributed Online Certificate Status Protocol with Low Communication.
Certification asynchrone à grande échelle avec des arbres de vérification de certificats Josep Domingo-Ferrer Universitat Rovira i Virgili
Forward-Secure Signatures (basic + generic schemes)
Dong Hoon Lee CIST Korea University Efficient Communication-Storage Tradeoffs for Broadcast Encryption Schemes ( will be published.
SIA: Secure Information Aggregation in Sensor Networks B. Przydatek, D. Song, and A. Perrig. In Proc. of ACM SenSys 2003 Natalia Stakhanova cs610.
Hash-Based Signatures Johannes Buchmann, Andreas Hülsung Supported by DFG and DAAD Part XI: XMSS in Practice.
On the Communication Complexity of SFE with Long Output Daniel Wichs (Northeastern) joint work with Pavel Hubáček.
A secure re-keying scheme Introduction Background Re-keying scheme User revocation User join Conclusion.
Computationally Secure Hierarchical Self- Healing Group Key Distribution for Heterogeneous Wireless Sensor Networks Y.J. Yang, J.Y. Zhou, R.H. Deng, F.
Attacking Cryptographic Schemes Based on ‘Perturbation Polynomials’ Martin Albrecht (Royal Holloway), Craig Gentry (IBM), Shai Halevi (IBM), Jonathan Katz.
Multicast Security: A Taxonomy and Some Efficient Constructions By Cannetti et al, appeared in INFOCOMM 99. Presenter: Ankur Gupta.
Merkle trees Introduced by Ralph Merkle, 1979 An authentication scheme
Computer Science CSC 774 Adv. Net. Security1 Presenter: Tong Zhou 11/21/2015 Practical Broadcast Authentication in Sensor Networks.
The Hierarchy of Key Evolving Signatures and a Characterization of Proxy Signatures Tal Malkin (Columbia Univ.) Satoshi Obana (NEC and Columbia Univ.)
Fast Verification for Improved Versions of the UOV and Rainbow Signature Schemes Albrecht Petzoldt, Stanislav Bulygin and Johannes Buchmann TU Darmstadt,
Multi-user Broadcast Authentication in Wireless Sensor Networks Kui Ren, Wenjing Lou, Yanchao Zhang SECON2007 Manar Mahmoud Abou elwafa.
1 The Encoding Complexity of Network Coding Michael Langberg California Institute of Technology Joint work with Jehoshua Bruck and Alex Sprintson.
Lattice Based Signatures Johannes Buchmann Erik Dahmen Richard Lindner Markus Rückert Michael Schneider.
Jonathan Katz University of Maryland Andrew Lindell Aladdin Knowledge Systems and Bar-Ilan University 04/08/08 CRYP-108 Aggregate Message- Authentication.
International Conference Security in Pervasive Computing(SPC’06) MMC Lab. 임동혁.
Security Review Q&A Session May 1. Outline  Class 1 Security Overview  Class 2 Security Introduction  Class 3 Advanced Security Constructions  Class.
Online/Offline Attribute-Based Encryption Brent WatersSusan Hohenberger Presented by Shai Halevi.
Database Laboratory Regular Seminar TaeHoon Kim Article.
Forward Secure Signatures on Smart Cards A. Hülsing, J. Buchmann, C. Busold | TU Darmstadt | A. Hülsing | 1.
Round-Efficient Broadcast Authentication Protocols for Fixed Topology Classes Haowen Chan, Adrian Perrig Carnegie Mellon University 1.
| TU Darmstadt | Andreas Hülsing | 1 W-OTS + – Shorter Signatures for Hash-Based Signature Schemes Andreas Hülsing.
Research Title:Analysis of Advanced Cryptography Technologies Hash-based Post-quantum One-time Digital Signature Schemes Dr. Douglas Stebila Kaan Osmanagaoglu.
SPHINCS: Practical Stateless Hash-based Signatures
A Simple Provably Secure AKE from the LWE Problem
Hash-Based Signatures Update and Batch Message Signing
Hash-Based Signatures
CS/ECE 578 Cyber-Security
Semantic Security and Indistinguishability in the Quantum World
Long-term secure signatures for the IoT
Hash-based signatures & Hash-and-sign without collision-resistance
Mitigating Multi-Target-Attacks in Hash-based Signatures
SPHINCS: practical stateless hash-based signatures
CS/ECE 478 Introduction to Network Security
Hash-based Signatures
Hash-based Signatures
SPHINCS: practical stateless hash-based signatures
Towards A Standard for Practical Hash-based Signatures
Data Integrity: Applications of Cryptographic Hash Functions
XMSS Practical Hash-Based Signatures Andreas Hülsing joint work with Johannes Buchmann and Erik Dahmen | TU Darmstadt | Andreas Hülsing.
CS 394B Introduction Marco Canini.
Hash-based Primitives Credits: Dr. Peng Ning and Dr. Adrian Perrig
SPHINCS: practical stateless hash-based signatures
SPHINCS+ Submission to the NIST post-quantum project
How to Use Charm Crypto Lib
Presentation transcript:

| TU Darmstadt | Andreas Hülsing | 1 Optimal Parameters for XMSS MT Andreas Hülsing, Lea Rausch, and Johannes Buchmann

Digital Signatures are Important! Software updates E-Commerce … and many others | TU Darmstadt | Andreas Hülsing | 2

What if… IBM 2012: „…optimism about superconducting qubits and the possibilities for a future quantum computer are rapidely growing.“ | TU Darmstadt | Andreas Hülsing | 3

Post-Quantum Signatures Based on Lattice, MQ, Coding Signature and/or key sizes Runtimes Secure parameters | TU Darmstadt | Andreas Hülsing | 4

Hash-based Signature Schemes [Merkle, Crypto‘89] Not only “post-quantum”Fast, also without HW-accelerationStrong security guaranteesForward secureRestricted number of signaturesMany parameters | TU Darmstadt | Andreas Hülsing | 5

Forward Secure Signatures | TU Darmstadt | Andreas Hülsing | 6

Forward Secure Signatures time classical pk sk Key gen. forward sec pk sk sk 1 sk 2 sk i sk T t1t1 t2t2 titi tTtT | TU Darmstadt | Andreas Hülsing | 7

Construction | TU Darmstadt | Andreas Hülsing | 8

Hash-based Signatures OTS HH H HH HH H HH HH H H H PK SK SIG = (i,,,,, ) h h H Parameter | TU Darmstadt | Andreas Hülsing | 9

Winternitz OTS [Merkle, Crypto‘89; Even et al., JoC‘96] 1. = f( ) 2. Trade-off between runtime and signature size, controlled by parameter w 3. Minimal security requirements [Buchmann et al.,Africacrypt’11] 4. Uses PRFF F SIG = (i,,,,, ) w F h H Parameter | TU Darmstadt | Andreas Hülsing | 10

Generated using forward secure pseudorandom generator (FSPRG), build using PRFF F: Secret key: Random SEED for pseudorandom generation of current signature key. XMSS – secret key PRG FSPRG w F h H Parameter | TU Darmstadt | Andreas Hülsing | 11

BDS-Tree Traversal [Buchmann et al., 2008]  Computes authentication paths  Left nodes are cheap h # 2 h-1 # 2 h-2 k  Store most expensive nodes  Distribute costs  (h-k)/2 updates per round k w F h H Parameter | TU Darmstadt | Andreas Hülsing | 12

i j Accelerate key generation Tree Chaining [Buchmann et al., 2006] Generalized distributed signature generation from [Huelsing et al., SAC’12] d k w F h H Parameter wiwi kiki hihi | TU Darmstadt | Andreas Hülsing | 13

Parameter Selection | TU Darmstadt | Andreas Hülsing | 14

Trade-Offs hHwFkd T Sig T Ver T Kg |Sig| |SK| |PK| Security # Sigs | TU Darmstadt | Andreas Hülsing | 15

Linear Optimization Input: h, b min, T F, T H Output: b, d, (h,w,k) i Obj. Minimize weighted sum of runtimes & sizes  Linearization: Generalized lambda method [Moritz, 2007]  Complexity reduction: Split into sub-problems | TU Darmstadt | Andreas Hülsing | 16

Conclusion | TU Darmstadt | Andreas Hülsing | 17

complex flexible XMSS MT other (pq-)schemes Optimization | TU Darmstadt | Andreas Hülsing | 18

Thank you!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.