SPHINCS: Practical Stateless Hash-Based Signatures

@article{Bernstein2014SPHINCSPS,
  title={SPHINCS: Practical Stateless Hash-Based Signatures},
  author={Daniel J. Bernstein and Daira Hopwood and Andreas H{\"u}lsing and Tanja Lange and Ruben Niederhagen and Louiza Papachristodoulou and Peter Schwabe and Zooko Wilcox-O'Hearn},
  journal={IACR Cryptol. ePrint Arch.},
  year={2014},
  volume={2014},
  pages={795}
}
This paper introduces a high-security post-quantum stateless hash-based signature scheme that signs hundreds of messages per second on a modern 4-core 3.5GHz Intel CPU. Signatures are 41 KB, public keys are 1 KB, and private keys are 1 KB. The signature scheme is designed to provide long-term \(2^{128}\) security even against attackers equipped with quantum computers. Unlike most hash-based designs, this signature scheme is stateless, allowing it to be a drop-in replacement for current… 
SPHINCS+ digital signature scheme with GOST hash functions
TLDR
This contribution analyzes the use of the new Russian standardized hash function, known as Streebog, for the implementation of the SPHINCS signature scheme, and provides a performance comparison with SHA-256-based instantiation and gives benchmarks for various sets of parameters.
Hash-Based TPM Signatures for the Quantum World
TLDR
This paper replaces RSA-based digital signatures with a hash-based scheme and shows that this scheme can be implemented using reasonable amounts of space on the TPM and protected from rollback attacks against these state-sensitive signature operations.
Real-World Post-Quantum Digital Signatures
TLDR
This work discusses the reasons for the gap between theory and practice, and outlines a plan to bridge it, and details the work to realise the described plan.
Quantum Safe Cryptography Based on Hash Functions: A Survey
TLDR
This thesis presents a concise overview of multiple hash-based signature schemes and provides a comparative description and analysis of them, based on different signature scheme properties, such as key sizes, signature sizes and security level provided.
Let Live and Let Die — Handling the State of Hash-based Signatures
TLDR
This work presents strategies for handling the state of hashbased signatures for different use cases, ranging from infrequent software update authentication to high-frequency TLS connection initialization.
Coalition and Threshold Hash-Based Signatures
TLDR
This work shows how to construct a threshold version of stateful hash-based signature schemes like those defined in XMSS and LMS and proposes the addition of an untrusted Helper to manage the large storage required without being given access to any secret information.
Provably Secure Short Signature Scheme from Isogeny between Elliptic Curves
TLDR
The proposed signature scheme incurs 256 byte public key size and 128 byte signature size to achieve 128-bit security level (NIST-1 level of security) and achieves uf-cma security under a hard problem in isogeny, which is smaller than all other IBC based signature schemes at the 128- bit security level.
LMS vs XMSS : Comparion of two Hash-Based Signature Standards
TLDR
This work compares LMS and XMSS, two hash based signature schemes proposed in the IETF as quantum secure, to provide a clear understanding of the schemes’ similarities and differences for implementers and protocol designers to be able to make a decision as to which standard to chose.
Improving Stateless Hash-Based Signatures
TLDR
Based on a refined analysis of the subset resilience problem, it is shown that SPHINCS’ parameters can be modified to reduce the signature size while retaining a similar security level and computation time.
An Intermediate Secret-Guessing Attack on Hash-Based Signatures
TLDR
This work shows the subtleties of replacing randomness with pseudo-randomness in the key generation of hash-based signatures, and the need for careful analysis of such designs.
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 67 REFERENCES
W-OTS+ - Shorter Signatures for Hash-Based Signature Schemes
TLDR
It is proved that W-OTS+ is strongly unforgeable under chosen message attacks in the standard model, and an improvement in signature size directly carries over to all recent hash-based signature schemes.
XMSS - A Practical Forward Secure Signature Scheme based on Minimal Security Assumptions
TLDR
XMSS is the first provably (forward) secure and practical signature scheme with minimal security requirements: a pseudorandom and a second preimage resistant (hash) function family.
Multiple-Time Signature Schemes against Adaptive Chosen Message Attacks
TLDR
This work proposes a multiple-time signature scheme with very efficient signing and verifying, based on a combination of one-way functions and cover-free families, that is secure against the adaptive chosen-message attack.
CMSS - An Improved Merkle Signature Scheme
TLDR
CMSS, a variant of MSS, with reduced private key size, key pair generation time, and signature generation time is proposed, and it is demonstrated that CMSS is competitive in practice by presenting a highly efficient implementation within the Java Cryptographic Service Provider FlexiProvider.
Digital Signatures Out of Second-Preimage Resistant Hash Functions
TLDR
The resulting signature scheme is existentially unforgeable when the underlying hash function is second-preimage resistant, yields shorter signatures, and is affected neither by birthday attacks nor by the recent progresses in collision-finding algorithms.
Better than BiBa: Short One-Time Signatures with Fast Signing and Verifying
TLDR
This work proposes a one-time signature scheme with very efficient signing and verifying, and short signatures that is well-suited for broadcast authentication, and can be viewed as an improvement of the BiBa one- time signature.
Practical forward secure signatures using minimal security assumptions
TLDR
This work introduces two new digital signature schemes: XM SS and its extension XMSS^MT and introducesTwo new one-time signature schemes (OTS): WOTS+ and WOTS$, which have certain properties that make them favorable compared to today's signature schemes.
SipHash: A Fast Short-Input PRF
TLDR
This work proposes that hash tables switch to SipHash as a hash function, which is simpler than MACs based on universal hashing, and faster on short inputs than state-of-the-art MACs.
Optimal Parameters for XMSS MT
TLDR
This work introduces Multi Tree XMSS (XMSS MT), a hash-based signature scheme that can be used to sign a virtually unlimited number of messages and shows how to select provably optimal parameter sets for different use cases.
Merkle Signatures with Virtually Unlimited Signature Capacity
TLDR
GMSS is the first Merkle-type signature scheme that allows a cryptographically unlimited number of documents to be signed with one key pair and reduces the signature size as well as the signature generation cost.
...
1
2
3
4
5
...