Hash-Based Signatures

This comprehensive guide delves into the practical applications of hash-based signatures, exploring implementations with XMSS, AES, SHA-2, and other cryptographic algorithms. The content covers XMSS implementations in C, smartcard setups, PRF and hash functions from AES and SHA-2, as well as comparisons between different schemes. Additionally, it discusses tree chaining, key generation, signing, verification, security levels, and performance metrics associated with various cryptographic systems.

• Hash-Based Signatures
• XMSS
• AES
• SHA-2
• Cryptographic Algorithms

edu_cl Follow

Uploaded on Feb 17, 2025 | 1 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

Presentation Transcript

1. Hash-Based Signatures Johannes Buchmann, Andreas H lsung Supported by DFG and DAAD Part XI: XMSS in Practice

2. Hash functions & Blockciphers AES Blowfish 3DES Twofish Threefish Serpent IDEA RC5 RC6 SHA-2 SHA-3 BLAKE Gr stl JH Keccak Skein VSH MCH MSCQ SWIFFTX RFSB

3. PRF and Hash Function from AES } 1 , 0 { } 1 , 0 { 128 128 128 } 1 , 0 { AES: PRF: Plain AES Hash function AES with Matyas-Meyer-Oseas in Merkle-Damg rd mode

4. PRF and Hash Function from SHA2 } 1 , 0 { } 1 , 0 { * 256 SHA2: PRF Simplified SHA2-HMAC: FK(M) = SHA2( Pad(K) || M ) Pad(x) prepends 0 s to reach blocksize (512bit) No MD-Strengthening needed Hash function Plain SHA2

5. XMSS Implementations C Implementation C Implementation, using OpenSSL [BDH2011] Sign (ms) Verify (ms) Signature (bit) Public Key (bit) Secret Key (byte) Bit Security Comment XMSS-SHA-2 35.60 1.98 16,672 13,600 3,364 157 h = 20, w = 64, XMSS-AES-NI 0.52 0.07 19,616 7,328 1,684 84 h = 20, w = 4 XMSS-AES 1.06 0.11 19,616 7,328 1,684 84 h = 20, w = 4 RSA 2048 3.08 0.09 2,048 4,096 512 87 Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz with Intel AES-NI

6. Reminder: Tree Chaining 2h+1 2*2h/2+1= 2h/2+2 j i But: Larger signatures!

7. XMSS Implementations Smartcard Implementation Sign (ms) Verify (ms) Keygen (ms) Signature (byte) Public Key (byte) Secret Key (byte) Bit Sec. Comment XMSS 134 23 925,400 2,388 800 2,448 92 H = 16, w = 4 XMSS+ 106 25 5,600 3,476 544 3,760 94 H = 16, w = 4 RSA 2048 190 7 11,000 256 512 512 87 Infineon SLE78 16Bit-CPU@33MHz, 8KB RAM, TRNG, sym. & asym. co-processor NVM: Card 16.5 million write cycles/ sector, XMSS+< 5 million write cycles (h=20) [HBB12]

8. Thank you! Questions?