Upload
amena
View
31
Download
1
Embed Size (px)
DESCRIPTION
Hash-Based Signatures. Johannes Buchmann, Andreas Hülsung Supported by DFG and DAAD. Part X: XMSS Security. X MSS has Minimal Security Requirements. Security Requirements of Current Signature Schemes. Intractability assumption. Collision resistant hash function. Digital signature scheme. - PowerPoint PPT Presentation
Citation preview
Hash-Based SignaturesJohannes Buchmann, Andreas HülsungSupported by DFG and DAAD
Part X: XMSS Security
XMSS has Minimal Security Requirements
Security Requirements of Current Signature Schemes
Intractability assumption
Digital signature scheme
Collision resistant hash function
Minimal Security Requirement of Signatures
One-way FFNaor, Yung 1989
Rompel 1990
Digital signature scheme
Target-collision resistant HFF
One-way FF
XMSSPseudorandom FF
Second-preimage resistant HFF
XMSS has minimal security requirements
Naor, Yung 1989Rompel 1990
Håstad, Impagliazzo, Levin, Luby 1999Goldreich, Goldwasser, Micali 1986
Digital signature scheme
Rompel 1990
XMSS Existential unforgeable under chosen message attacks
Security proof
PRFF
SPR-HFF
WOTS$ is EU-CMA
XMSS-Tree + WOTS is EU-CMA
[BDEHR., Africacrypt 2011]
[ DOTV,PQC 2008]
XMSS is EU-CMA
XMSS is forward secure
[BDH, PQC 2011]
[BDH, PQC 2011]