# Leighton-Micali Hash-Based Signatures in the Quantum Random-Oracle Model

@inproceedings{Eaton2017LeightonMicaliHS, title={Leighton-Micali Hash-Based Signatures in the Quantum Random-Oracle Model}, author={Edward Eaton}, booktitle={SAC}, year={2017} }

Digital signatures constructed solely from hash functions offer competitive signature sizes and fast signing and verifying times. Moreover, the security of hash functions against a quantum adversary is believed to be well understood. This means that hash-based signatures are strong candidates for standard use in a post-quantum world. The Leighton-Micali signature scheme (LMS) is one such scheme being considered for standardization. However all systematic analyses of LMS have only considered a…

## 11 Citations

### LMS vs XMSS : Comparion of two Hash-Based Signature Standards

- Computer Science
- 2017

This work compares LMS and XMSS, two hash based signature schemes proposed in the IETF as quantum secure, to provide a clear understanding of the schemes’ similarities and differences for implementers and protocol designers to be able to make a decision as to which standard to chose.

### Hash-based signature revisited

- Computer Science, MathematicsCybersecur.
- 2022

The overall design idea of different categories of hash-based signatures, as well as the construction, security reduction and performance efficiency of specific schemes are analyzed.

### Quantum security proofs using semi-classical oracles

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2018

An improved version of the one-way to hiding (O2H) Theorem by Unruh is presented, which gives higher flexibility (arbitrary joint distributions of oracles and inputs, multiple reprogrammed points) and tighter bounds (removing square-root factors, taking parallelism into account).

### A Note on the Instantiability of the Quantum Random Oracle

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2019

This work shows that security in the QROM cannot imply standard-model security, and considers two schemes that establish such a separation, one with length-restricted messages, and one without, and shows both to be secure in theQROM.

### On the non-tightness of measurement-based reductions for key encapsulation mechanism in the quantum random oracle model

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2019

The tightness limits of the black-box reductions are shown, and it is proved that a measurement-based reduction in the QROM will inevitably incur a quadratic loss of the security, where “measurement-based” means the reduction measures a hash query from the adversary and uses the measurement outcome to break the underlying security of PKE.

### How to Record Quantum Queries, and Applications to Quantum Indifferentiability

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2018

The quantum random oracle model (QROM) has become the standard model in which to prove the post-quantum security of random-oracle-based constructions. Unfortunately, none of the known proof…

### Post-quantum Hash-based Signatures for Multi-chain Blockchain Technologies

- Computer Science, Mathematics
- 2019

In this work, research is conducted on stateful hash-based signatures for multi-chain blockchain technologies, and a digital signature scheme specifically designed for these systems is proposed.

### Succinct Arguments in the Quantum Random Oracle Model

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2019

SNARGs are highly efficient certificates of membership in non-deterministic languages and are widely believed to be post-quantum secure, provided the oracle is instantiated with a suitable post- quantum hash function.

### Recommendation for Stateful Hash-Based Signature Schemes

- Computer Science
- 2020

This recommendation specifies two algorithms that can be used to generate a digital signature, both of which are stateful hash-based signature schemes: the Leighton-Micali Signature (LMS) system and…

### On the security of the WOTS-PRF signature scheme

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2017

A flaw is identified in the security proof and in the concrete security analysis of the WOTS-PRF variant of the Winternitz one-time signature scheme, and the implications to its concrete security are discussed.

## References

SHOWING 1-10 OF 19 REFERENCES

### Mitigating Multi-Target Attacks in Hash-based Signatures

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2015

This work introduces XMSS-T, a new stateful hash-based signature scheme with tight security that can achieve the same security level but using hash functions with a smaller output length, which immediately leads to a smaller signature size.

### Further Analysis of a Proposed Hash-Based Signature Standard

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2017

It is shown that, even with a large number of different keys the attacker can choose from, and a huge computational budget, the attacker succeeds in creating a forgery with negligible probability (< 2−129).

### Making Existential-Unforgeable Signatures Strongly Unforgeable in the Quantum Random-Oracle Model

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2015

This work investigates a generic transformation that compiles any existential-unforgeable scheme into a strongly unforgeable one, and shows that the transformation also works against quantum adversaries in the quantum random-oracle model.

### Revisiting TESLA in the Quantum Random Oracle Model

- Computer Science, MathematicsPQCrypto
- 2017

We study a scheme of Bai and Galbraith (CT-RSA’14), also known as TESLA. TESLA was thought to have a tight security reduction from the learning with errors problem (LWE) in the random oracle model…

### Another Look at Tightness

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2011

A natural, but non-tight, reductionist security proof for deterministic message authentication code (MAC) schemes in the multi-user setting is examined, finding deficiencies in the security assurances provided by non- Tight Proofs including ones for network authentication and aggregate MACs.

### Random Oracles in a Quantum World

- Computer Science, MathematicsASIACRYPT
- 2011

It is shown that certain post-quantum proposals, including ones based on lattices, can be proven secure using history-free reductions and are therefore postquantum secure.

### Secure Signatures and Chosen Ciphertext Security in a Quantum Computing World

- Computer Science, MathematicsCRYPTO
- 2013

The study of quantum-secure digital signatures and quantum chosen ciphertext security is initiated by allowing the adversary to issue quantum chosen message queries: given a superposition of messages, the adversary receives asuperposition of signatures on those messages.

### Analysis of a Proposed Hash-Based Signature Standard

- Computer Science, MathematicsSSR
- 2016

We analyze the concrete security of a hash-based signature scheme described in a recent series of Internet Drafts by McGrew and Curcio. We show that an original version of their proposal achieves…

### Hash Based Digital Signature Schemes

- Computer Science, MathematicsIMACC
- 2005

This work discusses various issues associated with signature schemes based solely upon hash functions, which is the first complete treatment of practical implementations of hash based signature schemes in the literature.

### Revocable Quantum Timed-Release Encryption

- Computer Science, MathematicsJ. ACM
- 2013

It is shown that revocable timed-release encryption without trusted parties is possible using quantum cryptography (while trivially impossible classically) and two proof techniques in the quantum random oracle model are developed.