Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hash-Based Signatures Johannes Buchmann, Andreas Hülsung Supported by DFG and DAAD Part XI: XMSS in Practice.

Published byJessie Elliott Modified over 9 years ago

Similar presentations

Presentation on theme: "Hash-Based Signatures Johannes Buchmann, Andreas Hülsung Supported by DFG and DAAD Part XI: XMSS in Practice."— Presentation transcript:

1 Hash-Based Signatures Johannes Buchmann, Andreas Hülsung Supported by DFG and DAAD Part XI: XMSS in Practice

2 AES Blowfish 3DES Twofish Threefish Serpent IDEA RC5 RC6 … Hash functions & Blockciphers SHA-2 SHA-3 BLAKE Grøstl JH Keccak Skein VSH MCH MSCQ SWIFFTX RFSB …

3 PRF and Hash Function from AES AES: PRF:  Plain AES Hash function  AES with Matyas-Meyer-Oseas in Merkle-Damgård mode

4 PRF and Hash Function from SHA2 SHA2: PRF  Simplified SHA2-HMAC: F K (M) = SHA2( Pad(K) || M )  Pad(x) prepends 0‘s to reach blocksize (512bit)  No MD-Strengthening needed Hash function  Plain SHA2

5 XMSS Implementations C Implementation C Implementation, using OpenSSL [BDH2011] Sign (ms) Verify (ms) Signature (bit) Public Key (bit) Secret Key (byte) Bit Security Comment XMSS-SHA-235.601.9816,67213,6003,364157h = 20, w = 64, XMSS-AES-NI0.520.0719,6167,3281,68484h = 20, w = 4 XMSS-AES1.060.1119,6167,3281,68484h = 20, w = 4 RSA 20483.080.09≤ 2,048≤ 4,096≤ 51287 Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz with Intel AES-NI

6 i j Reminder: Tree Chaining 2 h+1 → 2*2 h/2+1 = 2 h/2+2 But: Larger signatures!

7 XMSS Implementations Smartcard Implementation Sign (ms) Verify (ms) Keygen (ms) Signature (byte) Public Key (byte) Secret Key (byte) Bit Sec. Comment XMSS13423925,4002,3888002,44892H = 16, w = 4 XMSS + 106255,6003,4765443,76094H = 16, w = 4 RSA 2048 190711,000≤ 256≤ 512 87 Infineon SLE78 16Bit-CPU@33MHz, 8KB RAM, TRNG, sym. & asym. co-processor NVM: Card 16.5 million write cycles/ sector, XMSS + < 5 million write cycles (h=20) [HBB12]

8 Thank you! Questions?

Download ppt "Hash-Based Signatures Johannes Buchmann, Andreas Hülsung Supported by DFG and DAAD Part XI: XMSS in Practice."

Similar presentations

Research & Development Workshop on e-Voting and e-Government in the UK - February 27, 2006 Votinbox - a voting system based on smart cards Sébastien Canard.

Research & Development Workshop on e-Voting and e-Government in the UK - February 27, 2006 Votinbox - a voting system based on smart cards Sébastien Canard.
Web security: SSL and TLS

Web security: SSL and TLS
Enhancing Demand Response Signal Verification in Automated Demand Response Systems Daisuke Mashima, Ulrich Herberg, and Wei-Peng Chen SEDN (Solutions for.

Enhancing Demand Response Signal Verification in Automated Demand Response Systems Daisuke Mashima, Ulrich Herberg, and Wei-Peng Chen SEDN (Solutions for.
Conventional Encryption: Algorithms

Conventional Encryption: Algorithms
Network Security: Lab#2 J. H. Wang Apr. 28, 2011.

Network Security: Lab#2 J. H. Wang Apr. 28, 2011.
SSL Implementation Guide Onno W. Purbo

SSL Implementation Guide Onno W. Purbo
Transport Layer Security (TLS) Bill Burr November 2, 2001.

Transport Layer Security (TLS) Bill Burr November 2, 2001.
Customized Network Security Protocols Cristina Nita-Rotaru and Jeffrey Seibert SPONSORED BY DOUBLE-TAKE SOFTWARE (Jan. 2009 - July 2009) Department of.

Customized Network Security Protocols Cristina Nita-Rotaru and Jeffrey Seibert SPONSORED BY DOUBLE-TAKE SOFTWARE (Jan July 2009) Department of.
Using Cryptography to Protect Data in Computer Networks: case study Vsevolod Ievgiienko National Taras Shevchenko University of Kiev Faculty of Cybernetics.

Using Cryptography to Protect Data in Computer Networks: case study Vsevolod Ievgiienko National Taras Shevchenko University of Kiev Faculty of Cybernetics.
PlutoPlus: Policy and PKI Plans for FY00 Sheila Frankel Systems and Network Security Group Computer Security Division NIST

PlutoPlus: Policy and PKI Plans for FY00 Sheila Frankel Systems and Network Security Group Computer Security Division NIST
An In-Depth Examination of PKI Strengths, Weaknesses and Recommendations.

An In-Depth Examination of PKI Strengths, Weaknesses and Recommendations.
Web Security for Network and System Administrators1 Chapter 4 Encryption.

Web Security for Network and System Administrators1 Chapter 4 Encryption.
HASH ALGORITHMS - Chapter 12

HASH ALGORITHMS - Chapter 12
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
CSE331: Introduction to Networks and Security Lecture 18 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 18 Fall 2002.
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.

Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
CS 682 - Network Security Lecture 2 Prof. Katz. 9/7/2000Lecture 2 - Data Encryption2 DES – Data Encryption Standard Private key. Encrypts by series of.

CS Network Security Lecture 2 Prof. Katz. 9/7/2000Lecture 2 - Data Encryption2 DES – Data Encryption Standard Private key. Encrypts by series of.
Electronic mail security -- Pretty Good Privacy.

Electronic mail security -- Pretty Good Privacy.
S/MIME v3.2 draft-ietf-smime-3850bis-00.txt draft-ietf-smime-3851bis-00.txt Sean Turner Blake Ramsdell.

S/MIME v3.2 draft-ietf-smime-3850bis-00.txt draft-ietf-smime-3851bis-00.txt Sean Turner Blake Ramsdell.

Similar presentations

Ads by Google