Proof-of-forgery for hash-based signatures

05/30/2019
by   E. O. Kiktenko, et al.
0

In the present work, a peculiar property of hash-based signatures allowing detection of their forgery event is explored. This property relies on the fact that a successful forgery of a hash-based signature most likely results in a collision with respect to the employed hash function, while the demonstration of this collision could serve as convincing evidence of the forgery. Here we prove that with properly adjusted parameters Lamport and Winternitz one-time signatures schemes could exhibit a forgery detection availability property. This property is of significant importance in the framework of crypto-agility paradigm since the considered forgery detection serves as an alarm that the employed cryptographic hash function becomes insecure to use and the corresponding scheme has to be replaced.

READ FULL TEXT

page 8

page 12

page 13

research
02/18/2020

Security analysis of the W-OTS^+ signature scheme: Updating security bounds

In this work, we discuss in detail a flaw in the original security proof...
research
07/29/2018

SHAH: Hash Function based on Irregularly Decimated Chaotic Map

In this paper, we propose a novel hash function based on irregularly dec...
research
04/17/2018

Lightweight Hardware Architectures for Efficient Secure Hash Functions ECHO and Fugue

In cryptographic engineering, extensive attention has been devoted to am...
research
07/12/2021

Weakened Random Oracle Models with Target Prefix

Weakened random oracle models (WROMs) are variants of the random oracle ...
research
05/21/2023

Compact Lattice Gadget and Its Applications to Hash-and-Sign Signatures

This work aims to improve the practicality of gadget-based cryptosystems...
research
02/13/2020

Learning to Represent Programs with Property Signatures

We introduce the notion of property signatures, a representation for pro...
research
02/22/2018

Options for encoding names for data linking at the Australian Bureau of Statistics

Publicly, ABS has said it would use a cryptographic hash function to con...

Please sign up or login with your details

Forgot password? Click here to reset