On the security of the Winternitz one-time signature scheme (Q381135): Difference between revisions
From MaRDI portal
Created a new Item |
Set profile property. |
||
(4 intermediate revisions by 3 users not shown) | |||
Property / author | |||
Property / author: Johannes A. Buchmann / rank | |||
Property / author | |||
Property / author: Johannes A. Buchmann / rank | |||
Normal rank | |||
Property / review text | |||
Summary: We show that the Winternitz one-time signature scheme is existentially unforgeable under adaptive chosen message attacks when instantiated with a family of pseudorandom functions. Our result halves the signature size at the same security level, compared to previous results, which require a collision resistant hash function. We also consider security in the strong sense and show that the Winternitz one-time signature scheme is strongly unforgeable assuming additional properties of the pseudorandom function family. In this context we formally define several key-based security notions for function families and investigate their relation to pseudorandomness. All our reductions are exact and in the standard model and can directly be used to estimate the output length of the hash function required to meet a certain security level. | |||
Property / review text: Summary: We show that the Winternitz one-time signature scheme is existentially unforgeable under adaptive chosen message attacks when instantiated with a family of pseudorandom functions. Our result halves the signature size at the same security level, compared to previous results, which require a collision resistant hash function. We also consider security in the strong sense and show that the Winternitz one-time signature scheme is strongly unforgeable assuming additional properties of the pseudorandom function family. In this context we formally define several key-based security notions for function families and investigate their relation to pseudorandomness. All our reductions are exact and in the standard model and can directly be used to estimate the output length of the hash function required to meet a certain security level. / rank | |||
Normal rank | |||
Property / Mathematics Subject Classification ID | |||
Property / Mathematics Subject Classification ID: 94A60 / rank | |||
Normal rank | |||
Property / Mathematics Subject Classification ID | |||
Property / Mathematics Subject Classification ID: 94A62 / rank | |||
Normal rank | |||
Property / zbMATH DE Number | |||
Property / zbMATH DE Number: 6227472 / rank | |||
Normal rank | |||
Property / zbMATH Keywords | |||
hash-based signatures | |||
Property / zbMATH Keywords: hash-based signatures / rank | |||
Normal rank | |||
Property / zbMATH Keywords | |||
post-quantum signatures | |||
Property / zbMATH Keywords: post-quantum signatures / rank | |||
Normal rank | |||
Property / zbMATH Keywords | |||
pseudorandom functions | |||
Property / zbMATH Keywords: pseudorandom functions / rank | |||
Normal rank | |||
Property / zbMATH Keywords | |||
prfs | |||
Property / zbMATH Keywords: prfs / rank | |||
Normal rank | |||
Property / zbMATH Keywords | |||
security reductions | |||
Property / zbMATH Keywords: security reductions / rank | |||
Normal rank | |||
Property / zbMATH Keywords | |||
applied cryptography | |||
Property / zbMATH Keywords: applied cryptography / rank | |||
Normal rank | |||
Property / zbMATH Keywords | |||
one-time signature schemes | |||
Property / zbMATH Keywords: one-time signature schemes / rank | |||
Normal rank | |||
Property / zbMATH Keywords | |||
winternitz | |||
Property / zbMATH Keywords: winternitz / rank | |||
Normal rank | |||
Property / zbMATH Keywords | |||
EU-CMA | |||
Property / zbMATH Keywords: EU-CMA / rank | |||
Normal rank | |||
Property / zbMATH Keywords | |||
SU-CMA | |||
Property / zbMATH Keywords: SU-CMA / rank | |||
Normal rank | |||
Property / zbMATH Keywords | |||
security notions | |||
Property / zbMATH Keywords: security notions / rank | |||
Normal rank | |||
Property / zbMATH Keywords | |||
adaptive chosen message attacks | |||
Property / zbMATH Keywords: adaptive chosen message attacks / rank | |||
Normal rank | |||
Property / zbMATH Keywords | |||
security levels | |||
Property / zbMATH Keywords: security levels / rank | |||
Normal rank | |||
Property / MaRDI profile type | |||
Property / MaRDI profile type: MaRDI publication profile / rank | |||
Normal rank | |||
links / mardi / name | links / mardi / name | ||
Revision as of 01:06, 5 March 2024
scientific article
Language | Label | Description | Also known as |
---|---|---|---|
English | On the security of the Winternitz one-time signature scheme |
scientific article |
Statements
On the security of the Winternitz one-time signature scheme (English)
0 references
15 November 2013
0 references
Summary: We show that the Winternitz one-time signature scheme is existentially unforgeable under adaptive chosen message attacks when instantiated with a family of pseudorandom functions. Our result halves the signature size at the same security level, compared to previous results, which require a collision resistant hash function. We also consider security in the strong sense and show that the Winternitz one-time signature scheme is strongly unforgeable assuming additional properties of the pseudorandom function family. In this context we formally define several key-based security notions for function families and investigate their relation to pseudorandomness. All our reductions are exact and in the standard model and can directly be used to estimate the output length of the hash function required to meet a certain security level.
0 references
hash-based signatures
0 references
post-quantum signatures
0 references
pseudorandom functions
0 references
prfs
0 references
security reductions
0 references
applied cryptography
0 references
one-time signature schemes
0 references
winternitz
0 references
EU-CMA
0 references
SU-CMA
0 references
security notions
0 references
adaptive chosen message attacks
0 references
security levels
0 references