Leighton-Micali Hash-Based Signatures in the Quantum Random-Oracle Model

  title={Leighton-Micali Hash-Based Signatures in the Quantum Random-Oracle Model},
  author={Edward Eaton},
  • Edward Eaton
  • Published in SAC 16 August 2017
  • Computer Science, Mathematics
Digital signatures constructed solely from hash functions offer competitive signature sizes and fast signing and verifying times. Moreover, the security of hash functions against a quantum adversary is believed to be well understood. This means that hash-based signatures are strong candidates for standard use in a post-quantum world. The Leighton-Micali signature scheme (LMS) is one such scheme being considered for standardization. However all systematic analyses of LMS have only considered a… 

LMS vs XMSS : Comparion of two Hash-Based Signature Standards

This work compares LMS and XMSS, two hash based signature schemes proposed in the IETF as quantum secure, to provide a clear understanding of the schemes’ similarities and differences for implementers and protocol designers to be able to make a decision as to which standard to chose.

Hash-based signature revisited

The overall design idea of different categories of hash-based signatures, as well as the construction, security reduction and performance efficiency of specific schemes are analyzed.

Quantum security proofs using semi-classical oracles

An improved version of the one-way to hiding (O2H) Theorem by Unruh is presented, which gives higher flexibility (arbitrary joint distributions of oracles and inputs, multiple reprogrammed points) and tighter bounds (removing square-root factors, taking parallelism into account).

A Note on the Instantiability of the Quantum Random Oracle

This work shows that security in the QROM cannot imply standard-model security, and considers two schemes that establish such a separation, one with length-restricted messages, and one without, and shows both to be secure in theQROM.

On the non-tightness of measurement-based reductions for key encapsulation mechanism in the quantum random oracle model

The tightness limits of the black-box reductions are shown, and it is proved that a measurement-based reduction in the QROM will inevitably incur a quadratic loss of the security, where “measurement-based” means the reduction measures a hash query from the adversary and uses the measurement outcome to break the underlying security of PKE.

How to Record Quantum Queries, and Applications to Quantum Indifferentiability

  • Mark Zhandry
  • Computer Science, Mathematics
    IACR Cryptol. ePrint Arch.
  • 2018
The quantum random oracle model (QROM) has become the standard model in which to prove the post-quantum security of random-oracle-based constructions. Unfortunately, none of the known proof

Post-quantum Hash-based Signatures for Multi-chain Blockchain Technologies

In this work, research is conducted on stateful hash-based signatures for multi-chain blockchain technologies, and a digital signature scheme specifically designed for these systems is proposed.

Succinct Arguments in the Quantum Random Oracle Model

SNARGs are highly efficient certificates of membership in non-deterministic languages and are widely believed to be post-quantum secure, provided the oracle is instantiated with a suitable post- quantum hash function.

Recommendation for Stateful Hash-Based Signature Schemes

This recommendation specifies two algorithms that can be used to generate a digital signature, both of which are stateful hash-based signature schemes: the Leighton-Micali Signature (LMS) system and

On the security of the WOTS-PRF signature scheme

A flaw is identified in the security proof and in the concrete security analysis of the WOTS-PRF variant of the Winternitz one-time signature scheme, and the implications to its concrete security are discussed.



Mitigating Multi-Target Attacks in Hash-based Signatures

This work introduces XMSS-T, a new stateful hash-based signature scheme with tight security that can achieve the same security level but using hash functions with a smaller output length, which immediately leads to a smaller signature size.

Further Analysis of a Proposed Hash-Based Signature Standard

It is shown that, even with a large number of different keys the attacker can choose from, and a huge computational budget, the attacker succeeds in creating a forgery with negligible probability (< 2−129).

Making Existential-Unforgeable Signatures Strongly Unforgeable in the Quantum Random-Oracle Model

This work investigates a generic transformation that compiles any existential-unforgeable scheme into a strongly unforgeable one, and shows that the transformation also works against quantum adversaries in the quantum random-oracle model.

Revisiting TESLA in the Quantum Random Oracle Model

We study a scheme of Bai and Galbraith (CT-RSA’14), also known as TESLA. TESLA was thought to have a tight security reduction from the learning with errors problem (LWE) in the random oracle model

Another Look at Tightness

A natural, but non-tight, reductionist security proof for deterministic message authentication code (MAC) schemes in the multi-user setting is examined, finding deficiencies in the security assurances provided by non- Tight Proofs including ones for network authentication and aggregate MACs.

Random Oracles in a Quantum World

It is shown that certain post-quantum proposals, including ones based on lattices, can be proven secure using history-free reductions and are therefore postquantum secure.

Secure Signatures and Chosen Ciphertext Security in a Quantum Computing World

The study of quantum-secure digital signatures and quantum chosen ciphertext security is initiated by allowing the adversary to issue quantum chosen message queries: given a superposition of messages, the adversary receives asuperposition of signatures on those messages.

Analysis of a Proposed Hash-Based Signature Standard

We analyze the concrete security of a hash-based signature scheme described in a recent series of Internet Drafts by McGrew and Curcio. We show that an original version of their proposal achieves

Hash Based Digital Signature Schemes

This work discusses various issues associated with signature schemes based solely upon hash functions, which is the first complete treatment of practical implementations of hash based signature schemes in the literature.

Revocable Quantum Timed-Release Encryption

It is shown that revocable timed-release encryption without trusted parties is possible using quantum cryptography (while trivially impossible classically) and two proof techniques in the quantum random oracle model are developed.