Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
Springer Nature Link
Log in

On the Security of the Winternitz One-Time Signature Scheme

  • Conference paper
Progress in Cryptology – AFRICACRYPT 2011 (AFRICACRYPT 2011)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6737))

Included in the following conference series:

Abstract

We show that the Winternitz one-time signature scheme is existentially unforgeable under adaptive chosen message attacks when instantiated with a family of pseudo random functions. Compared to previous results, which require a collision resistant hash function, our result provides significantly smaller signatures at the same security level. We also consider security in the strong sense and show that the Winternitz one-time signature scheme is strongly unforgeable assuming additional properties of the pseudo random function. In this context we formally define several key-based security notions for function families and investigate their relation to pseudorandomness. All our reductions are exact and in the standard model and can directly be used to estimate the output length of the hash function required to meet a certain security level.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Bellare, M.: New proofs for nmac and hmac: Security without collision-resistance. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 602–619. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  2. Bellare, M., Kilian, J., Rogaway, P.: The security of the cipher block chaining message authentication code. Journal of Computer and System Sciences 61(3), 362–399 (2000)

    Article  MathSciNet  MATH  Google Scholar 

  3. Bleichenbacher, D., Maurer, U.M.: Directed acyclic graphs, one-way functions and digital signatures. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 75–82. Springer, Heidelberg (1994)

    Google Scholar 

  4. Buchmann, J., Dahmen, E., Ereth, S., Hülsing, A., Rückert, M.: On the security of the winternitz one-time signature scheme. Cryptology ePrint Archive, Report 2011/191 (2011), http://eprint.iacr.org/

  5. Buchmann, J., Dahmen, E., Klintsevich, E., Okeya, K., Vuillaume, C.: Merkle signatures with virtually unlimited signature capacity. In: Katz, J., Yung, M. (eds.) ACNS 2007. LNCS, vol. 4521, pp. 31–45. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  6. Canetti, R., Micciancio, D., Reingold, O.: Perfectly one-way probabilistic hash functions (preliminary version). In: STOC, pp. 131–140 (1998)

    Google Scholar 

  7. Coronado García, L.C.: On the security and the efficiency of the merkle signature scheme. Technical Report 2005/192, Cryptology ePrint Archive (2005), Available at http://eprint.iacr.org/2005/192/

  8. Dahmen, E., Okeya, K., Takagi, T., Vuillaume, C.: Digital signatures out of second-preimage resistant hash functions. In: Buchmann, J., Ding, J. (eds.) PQCrypto 2008. LNCS, vol. 5299, pp. 109–123. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  9. Dods, C., Smart, N., Stam, M.: Hash based digital signature schemes. In: Smart, N.P. (ed.) Cryptography and Coding 2005. LNCS, vol. 3796, pp. 96–115. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  10. Fischlin, M.: Pseudorandom function tribe ensembles based on one-way permutations: Improvements and applications. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 432–445. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  11. Goldreich, O., Goldwasser, S., Micali, S.: How to construct random functions. J. ACM 33(4), 792–807 (1986)

    Article  MathSciNet  MATH  Google Scholar 

  12. Goldwasser, S., Micali, S., Rivest, R.L.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Comput. 17(2), 281–308 (1988)

    Article  MathSciNet  MATH  Google Scholar 

  13. Grover, L.K.: A fast quantum mechanical algorithm for database search. In: Proceedings of the Twenty-Eighth Annual Symposium on the Theory of Computing, pp. 212–219. ACM Press, New York (1996)

    Google Scholar 

  14. Hevia, A., Micciancio, D.: The provable security of graph-based one-time signatures and extensions to algebraic signature schemes. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 379–396. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  15. Lamport, L.: Constructing digital signatures from a one way function. Technical Report SRI-CSL-98, SRI International Computer Science Laboratory (1979)

    Google Scholar 

  16. Levin, L.: One way functions and pseudorandom generators. Combinatorica 7, 357–363 (1987)

    Article  MathSciNet  MATH  Google Scholar 

  17. Luk, M., Perrig, A., Whillock, B.: Seven cardinal properties of sensor network broadcast authentication. In: ACM Workshop on Security of Ad Hoc and Sensor Networks, SASN (2006)

    Google Scholar 

  18. Merkle, R.C.: A certified digital signature. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 218–238. Springer, Heidelberg (1990)

    Google Scholar 

  19. Perrig, A.: The biba one-time signature and broadcast authentication protocol. In: ACM Conference on Computer and Communications Security, pp. 28–37 (2001)

    Google Scholar 

  20. Perrig, A., Canetti, R., Tygar, J.D., Song, D.: Efficient authentication and signing of multicast streams over lossy channels. In: IEEE Symposium on Security and Privacy, pp. 56–73 (2000)

    Google Scholar 

  21. Reyzin, L., Reyzin, N.: Better than biBa: Short one-time signatures with fast signing and verifying. In: Batten, L.M., Seberry, J. (eds.) ACISP 2002. LNCS, vol. 2384, pp. 1–47. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  22. Rogaway, P., Shrimpton, T.: Cryptographic hash-function basics: Definitions, implications, and separations for preimage resistance, second-preimage resistance, and collision resistance. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 371–388. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  23. Rompel, J.: One-way functions are necessary and sufficient for secure signatures. In: STOC 1990: Proceedings of the twenty-second annual ACM symposium on Theory of computing, pp. 387–394. ACM Press, New York (1990)

    Chapter  Google Scholar 

  24. Shor, P.W.: Algorithms for quantum computation: Discrete logarithms and factoring. In: Proceedings of the 35th Annual IEEE Symposium on Foundations of Computer Science (FOCS 1994), pp. 124–134. IEEE Computer Society Press, Los Alamitos (1994)

    Chapter  Google Scholar 

  25. Yao, A.C.: Theory and application of trapdoor functions. Annual IEEE Symposium on Foundations of Computer Science 0, 80–91 (1982)

    MathSciNet  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Technische Universität Darmstadt, Germany

    Johannes Buchmann, Erik Dahmen, Sarah Ereth, Andreas Hülsing & Markus Rückert

Authors
  1. Johannes Buchmann
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Erik Dahmen
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sarah Ereth
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Andreas Hülsing
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Markus Rückert
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Département de Mathématiques, Université de Caen, Campus II, Boulevard Maréchal Juin, BP 5186, 14032, Caen Cedex, France

    Abderrahmane Nitaj

  2. École normale supérieure - CNRS - INRIA, Paris, France

    David Pointcheval

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Buchmann, J., Dahmen, E., Ereth, S., Hülsing, A., Rückert, M. (2011). On the Security of the Winternitz One-Time Signature Scheme. In: Nitaj, A., Pointcheval, D. (eds) Progress in Cryptology – AFRICACRYPT 2011. AFRICACRYPT 2011. Lecture Notes in Computer Science, vol 6737. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-21969-6_23

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-21969-6_23

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-21968-9

  • Online ISBN: 978-3-642-21969-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation