Hash-based Signature Research Articles

An Intrusion Resistant SCADA Framework Based on Quantum and Post-Quantum Scheme

The rapid emergence of quantum computing threatens current Supervisory Control and Data Acquisition (SCADA) security standards, mainly, American Gas Association (AGA)-12. Therefore, researchers are developing various security schemes based on either quantum or post-quantum algorithms. However, the efficiency of quantum algorithms impacts the security of the post-quantum digital signature scheme. We propose an intrusion resistant algorithm exploiting and applying quantum principles in the post-quantum signature algorithm. We use the Bennett 1992 (B92) protocol, a quantum key distribution scheme, to obtain the cipher, and the practical Stateless Hash-based Signatures (SPHINCS)-256 protocol to obtain a post-quantum signature. However, instead of Chacha-12, a well-known cryptographically secure pseudo-random number generator, we apply a quantum random number generator to obtain a truly random Hash to Obtain Random Subset (HORS) signature with Tree (HORST) secret key used in SPHINCS-256. We have implemented the design in Python with the Quantum Information Toolkit. We have validated the proposed algorithm using the Probabilistic Model Checking for Performance and Reliability Analysis (PRISM) and Scyther tools. Moreover, the National Institute of Standards and Technology (NIST) statistical tests show that the proposed algorithm key pairs have randomness of 98% and RSA and ECDSA are below 96%.

On the Role of Hash-Based Signatures in Quantum-Safe Internet of Things: Current Solutions and Future Directions

The Internet of Things (IoT) is gaining ground as a pervasive presence around us by enabling miniaturized “things” with computation and communication capabilities to collect, process, analyze, and interpret information. Consequently, trustworthy data act as fuel for applications that rely on the data generated by these things, for critical decision-making processes, data debugging, risk assessment, forensic analysis, and performance tuning. Currently, secure and reliable data communication in IoT is based on public-key cryptosystems such as the elliptic curve cryptosystem (ECC). Nevertheless, the reliance on the security of de-facto cryptographic primitives is at risk of being broken by the impending quantum computers. Therefore, the transition from classical primitives to quantum-safe primitives is indispensable to ensure the overall security of data en route. In this article, we investigate applications of one of the postquantum signatures called hash-based signature (HBS) schemes for the security of IoT devices in the quantum era. We give a succinct overview of the evolution of HBS schemes with an emphasis on their construction parameters and associated strengths and weaknesses. Then, we outline the striking features of HBS schemes and their significance for IoT security in the quantum era. We also investigate the optimal selection of HBS in the IoT networks with respect to their performance-constrained requirements, resource-constrained nature, and design optimization objectives. In addition to ongoing standardization efforts, we also highlight current and future research and deployment challenges along with possible solutions. Finally, we outline the essential measures and recommendations that must be adopted by the IoT ecosystem while preparing for the quantum world.

Comparative analysis of one-time hash-based signatures

Hash-based signatures are a wide class of post-quantum cryptographic algorithms, their security is based on the complexity of collision and preimage search problems for cryptographic hash functions. The main advantages of this class are post-quantization, easy modification and a well-researched mathematical base. The disadvantages are large sizes of signatures and limited number of uses of one key pair. The most promising algorithms of this class include algorithms of the SPHINCS type, which have a complex structure, including, among others, a one-time Winternitz signature. The paper analyzes the existing one-time signature algorithms, both well-known Lamport and Winternitz schemes, taking into account modifications of the latter one, and alternative methods. An analysis of the security of modified algorithms has been shown, which showed that their security is based on the same mathematical basis as the security of the original algorithms. The one-time use requirement remains critical to the safety of each of the algorithms studied. The sizes of keys and signatures and computational complexity of various algorithms are compared, in what their basic differences consist. The modified algorithms do not add fundamentally new components in cryptosystems but they make it possible to achieve a certain optimization, shifting the conditions of space-time compromise. The extended Lamport signature is of a particular interest, having the same computational complexity and key sizes as the original algorithm, and at the same time allowing one to halve the signature size. In the context of the SPHINCS cryptosystem, the Winternitz signature remains the best option, since it allows the complete computation of the public key directly from the signature.

Efficient Parallelism of Post-Quantum Signature Scheme SPHINCS

SPHINCS was recently proposed as a stateless, quantum-resilient hash-based signature scheme. However, one possible limitation of SPHINCS is its signing speed, namely, the best known implementation merely produces a few hundred of signatures per second, which is not good enough, e.g., for a social website with a huge amount of users. Aiming at improving the singing throughput, we present highly parallel and optimized implementations of SPHINCS, which can be deployed on various multi-core platforms. As a first step, we give an elementary implementation on x86/64 processors, which proves the effectiveness and correctness of our implementations. To obtain a significantly higher throughput, we implement SPHINCS on Graphics Processing Units (GPUs). Furthermore, we develop a few general and hardware-specific techniques to take full advantage of the computing power of targeted platforms. We instantiate the underlying hash functions with three primitives. Our comprehensive benchmark shows that our work outperforms all the state-of-the-art implementations of SPHINCS regarding throughput with reasonable latency, and has scalability on multiple cores and multiple GPU cards. For instance, for the key generation algorithm instantiated with ChaCha running on a GeForce GTX 1080, we obtain 5152 signatures per second which is $7.88\times$ 7 . 88 × speedup faster than a recent FPGA implementation. When upgrade to TITAN Xp, 6,651 signatures are generated in one second. With four TITAN Xp GPUs, the obtained throughput satisfies vast majority scenarios.

Privacy-Preserving Multilayer In-Band Network Telemetry and Data Analytics: For Safety, Please do Not Report Plaintext Data

With the evolution of Internet infrastructure and network services, multilayer in-band network telemetry (ML-INT) and data analytics (DA) have been considered as key enabling techniques to realize real-time and fine-grained network monitoring, especially for backbone IP-over-Optical networks. However, the existing ML-INT&DA systems have privacy and security issues, because plaintext ML-INT data is reported from the data plane and gets analyzed in the control plane. In this work, we address these issues by designing a privacy-preserving ML-INT&DA system for IP-over-Optical networks. We first leverage vector homomorphic encryption (VHE) to design a lightweight encryption scheme, which overcomes the security breaches due to eavesdropping and preserves the delicate correlations buried in multi-dimensional ML-INT data. Then, we develop an effective data compression scheme to further encode the encrypted ML-INT data and make the results suitable for hash-based signature. The signature is for data certification and enables the DA in the control plane to verify the integrity of received ML-INT data. Hence, the threats from data tampering are removed. Next, we architect a deep learning (DL) model that can directly operate on encrypted ML-INT data for anomaly detection. Finally, we implement the proposed ML-INT&DA system, and experimentally demonstrate its effectiveness in a real IP over elastic optical network (IP-over-EON) testbed, whose key elements, i.e., optical line system (OLS), bandwidth-variable wavelength-selective switches (BV-WSS’) and programmable data plane (PDP) switches, are all commercial products.

WOTS-S: A Quantum Secure Compact Signature Scheme for Distributed Ledger

The digital signature scheme, which underpins most of the existing distributed ledgers, is generally based on non-quantum-resilient algorithms (e.g. elliptic curve digital signature algorithm). This highlights the need for quantum-secure signature schemes in future distributed ledgers (and other products). Therefore, in this paper, we propose a novel quantum-secure digital signature scheme designed specifically for cryptocurrencies. Our proposed scheme is a hash-based signature scheme, which is a variant of Winternitz-one time signature scheme. A comparison of the proposed scheme and two other competing quantum-secure cryptocurrencies (IoTA and QRL) reveals that our scheme respectively achieves 59% and 24% reductions in signature lengths without compromising the level of security. A salient feature of the proposed approach is that, unlike the previously proposed variants of Winternitz scheme, we avoid the need for any expensive computation. In addition, we formally model the classical cryptocurrency and the proposed quantum-secure cryptocurrency using high-level Petri-nets, which allows the implementer to understand their workings in the presence of a quantum attacker. Furthermore, we also provide formal security proof in the random oracle model.

The Kupyna hash function application to SPHINCS+ signatures

In recent years, there has been a substantial amount of research on quantum computers – machines that exploit quantum mechanical phenomena to solve mathematical problems that are difficult or intractable for conventional computers. The possibility of quantum attacks formed a new chapter in cryptology field – postquantum cryptology, where DSA schemes became one of the main research vectors. The most representative samples are schemes based on hash transformations. Hash-based signature schemes were developed as one-time signature schemes in the late 1970s by Lamport and extended to more signatures by Merkle. In further more complicated schemes were introduced. NIST declared about the competition of new postquantum standards both for encryption (key generation) and signatures As for the 2nd round there are 9 Digital signature candidates. SPHINCS+ (former SPHINCS) is in the list. The algorithm can be briefly described as a stateless hash-based signature scheme. It uses many components from XMSS but works with larger keys and signature to eliminate state. The scheme can be used with different hash functions. The main goal of this paper is to analyze the application of the national standard hash function the scheme of the NIST submission candidate SPHINCS+. The research showed the national standard hash could be applied to the seed randomness generation and hashing the input message. Since Kupyna function returns fixed-size output, its application looks similar to SHA-256 hashes.

An Efficient Signature Scheme From Supersingular Elliptic Curve Isogenies

Since supersingular elliptic curve isogenies are one of the several candidate sources of hardness for building post-quantum cryptographic primitives, the research of efficient signature schemes based on them is still a hot topic. In this paper, we present a many-time signature scheme based on the hash function from supersingular elliptic curve isogenies over the finite field F p2 where p = 2 521 - 1. Our signature scheme achieves smaller signature sizes relative to other post-quantum signature schemes based on supersingular elliptic curve isogenies, such as Galbraith's signature schemes (AsiaCrypt 2017) and Yoo's scheme (FC 2017). The structure of our scheme follows that of the hash-based signature scheme submitted to National Institute of Standards and Technology for post-quantum cryptography in 2018 with some modifications. To complete the construction, we firstly apply the method of Weil restriction to improve the efficiency of hash function from supersingular elliptic curve isogenies by approximately 30%, then propose a new Winternitz one-time signature scheme based on the hash function. Finally, we implement the signature scheme.

Privacy aware IOTA ledger: Decentralized mixing and unlinkable IOTA transactions

IOTA is a distributed ledger technology for the Internet-of-Things (IoT) industry. The protocol distinguishes itself from existing distributed ledgers by being formed on a directed acyclic graph. To enable micro-transactions for smart devices, it uses a scalable approach for network growth and transaction confirmations. Being a public distributed ledger, the transactions on the ledger are completely transparent hence opening up the possibilities for linking and identification attacks. Different promising privacy enhancing techniques have been proposed for improving anonymity in distributed ledgers. However, many of the proposed approaches provide security guarantees only against Elliptic Curve Digital Signature (ECDSA) schemes and thus become incompatible with the IOTA ledger because IOTA uses quantum resilient hash-based signatures. While centralized solutions can still work with IOTA ledger for enhancing privacy, they are still proprietary and prone to single point of failures. We propose a novel decentralized mixing protocol for the IOTA ledger that incorporates a combination of decryption mixnets and multi-signatures. Our technique does not require any (trusted or accountable) third party and it is completely compatible with the IOTA protocol. Analysis of our results for this technique shows that the security and privacy are guaranteed even in the presence of malicious entities in the system. Our technique provides strong privacy to the IOTA ledger and the degree of anonymity it adds, protects entities against identification and linking attacks.

Winternitz Signature Scheme Using Nonadjacent Forms

Hash-based signatures are gaining attention as one of the alternatives that can replace current digital signatures that are not secure against an attack by quantum computers along with lattice-based signatures, multivariate signatures, and code-based signatures. Up to now, all hash-based signatures have used binary representations to generate signatures. In this paper, we propose using the nonadjacent form (NAF) when generating signatures in hash-based signatures. Concretely, we propose a hash-based signature scheme, WSS-N, which is obtained by applying nonadjacent forms (NAF) to the Winternitz signature scheme. We prove that WSS-N is existentially unforgeable under chosen message attacks in the standard model. And we show that WSS-N needs less hash function calls compared to the Winternitz signature scheme using the binary representation, WSS-B. For a specific parameter with a 256-bit security, we can see that WSS-N generates signatures faster than WSS-B by 8%. Finally, we implement both WSS-N and WSS-B and show that WSS-N generates signatures faster than WSS-B on a desktop computer.

The Impact of Quantum Computing on Present Cryptography

The aim of this paper is to elucidate the implications of quantum computing in present cryptography and to introduce the reader to basic post-quantum algorithms. In particular the reader can delve into the following subjects: present cryptographic schemes (symmetric and asymmetric), differences between quantum and classical computing, challenges in quantum computing, quantum algorithms (Shor’s and Grover’s), public key encryption schemes affected, symmetric schemes affected, the impact on hash functions, and post quantum cryptography. Specifically, the section of Post-Quantum Cryptography deals with different quantum key distribution methods and mathematicalbased solutions, such as the BB84 protocol, lattice-based cryptography, multivariate-based cryptography, hash-based signatures and code-based cryptography.

Haraka v2 – Efficient Short-Input Hashing for Post-Quantum Applications

Recently, many efficient cryptographic hash function design strategies have been explored, not least because of the SHA-3 competition. These designs are, almost exclusively, geared towards high performance on long inputs. However, various applications exist where the performance on short (fixed length) inputs matters more. Such hash functions are the bottleneck in hash-based signature schemes like SPHINCS or XMSS, which is currently under standardization. Secure functions specifically designed for such applications are scarce. We attend to this gap by proposing two short-input hash functions (or rather simply compression functions). By utilizing AES instructions on modern CPUs, our proposals are the fastest on such platforms, reaching throughputs below one cycle per hashed byte even for short inputs, while still having a very low latency of less than 60 cycles. Under the hood, this results comes with several innovations. First, we study whether the number of rounds for our hash functions can be reduced, if only second-preimage resistance (and not collision resistance) is required. The conclusion is: only a little. Second, since their inception, AES-like designs allow for supportive security arguments by means of counting and bounding the number of active S-boxes. However, this ignores powerful attack vectors using truncated differentials, including the powerful rebound attacks. We develop a general tool-based method to include arguments against attack vectors using truncated differentials.

Haraka v2 – Efficient Short-Input Hashing for Post-Quantum Applications

Recently, many efficient cryptographic hash function design strategies have been explored, not least because of the SHA-3 competition. These designs are, almost exclusively, geared towards high performance on long inputs. However, various applications exist where the performance on short (fixed length) inputs matters more. Such hash functions are the bottleneck in hash-based signature schemes like SPHINCS or XMSS, which is currently under standardization. Secure functions specifically designed for such applications are scarce. We attend to this gap by proposing two short-input hash functions (or rather simply compression functions). By utilizing AES instructions on modern CPUs, our proposals are the fastest on such platforms, reaching throughputs below one cycle per hashed byte even for short inputs, while still having a very low latency of less than 60 cycles. Under the hood, this results comes with several innovations. First, we study whether the number of rounds for our hash functions can be reduced, if only second-preimage resistance (and not collision resistance) is required. The conclusion is: only a little. Second, since their inception, AES-like designs allow for supportive security arguments by means of counting and bounding the number of active S-boxes. However, this ignores powerful attack vectors using truncated differentials, including the powerful rebound attacks. We develop a general tool-based method to include arguments against attack vectors using truncated differentials.

High Performance of Hash-based Signature Schemes

Hash-based signature schemes, whose security is based on properties of the underlying hash functions, are promising candidates to be quantum-safe digital signatures schemes. In this work, we present a software implementation of two recent standard proposals for hash-based signature schemes, Leighton and Micali Signature (LMS) scheme and Extended Merkle Signature Scheme (XMSS), using a set of AVX2 instructions on Intel processors. The implementation uses several optimization techniques for speeding up the underlying hash functions SHA2 or SHA3, and other building block functions which lead to high performance for signature operations on both schemes. On an Intel Skylake processor, using a tree of height 60 with 12 layers, the signing operation for XMSS takes 3,841,199 cycles (1,043 signatures per second) at 128-bit security level (against quantum attacks). For an equivalent security, the LMS system computes a signature in 1,307,376 cycles (3,065 signatures per second). We also provide the first comparative performance results for signing and verification of both schemes using different parameters. The results of our implementation indicate that both schemes LMS and XMSS can achieve high performance using vector instructions on modern processors.

해시 기반 서명 기법 최신 기술 동향 및 전망

해시 기반 서명 기법 최신 기술 동향 및 전망

Fault Detection Architectures for Post-Quantum Cryptographic Stateless Hash-Based Secure Signatures Benchmarked on ASIC

Symmetric-key cryptography can resist the potential post-quantum attacks expected with the not-so-faraway advent of quantum computing power. Hash-based, code-based, lattice-based, and multivariate-quadratic equations are all other potential candidates, the merit of which is that they are believed to resist both classical and quantum computers, and applying “Shor’s algorithm”—the quantum-computer discrete-logarithm algorithm that breaks classical schemes—to them is infeasible. In this article, we propose, assess, and benchmark reliable constructions for stateless hash-based signatures. Such architectures are believed to be one of the prominent post-quantum schemes, offering security proofs relative to plausible properties of the hash function; however, it is well known that their confidentiality does not guarantee reliable architectures in the presence natural and malicious faults. We propose and benchmark fault diagnosis methods for this post-quantum cryptography variant through case studies for hash functions and present the simulations and implementations results (through application-specific integrated circuit evaluations) to show the applicability of the presented schemes. The proposed approaches make such hash-based constructions more reliable against natural faults and help protecting them against malicious faults and can be tailored based on the resources available and for different reliability objectives.

Precomputation Methods for Hash-Based Signatures on Energy-Harvesting Platforms

Energy-harvesting techniques can be combined with wireless embedded sensors to obtain battery-free platforms with an extended lifetime. Although energy-harvesting offers a continuous supply of energy, the delivery rate is typically limited to a few Joules per day. This is a severe constraint to the achievable computing throughput on the embedded sensor node, and to the achievable latency obtained from applications running on those nodes. In this paper, we address these constraints with precomputation. The idea is to reduce the amount of computations required in response to application inputs, by partitioning the algorithm in an offline part, computed before the inputs are available, and an online part, computed in response to the actual input. We show that this technique works well on hash-based cryptographic signatures, which have a complex key generation for each new message that requires a signature. By precomputing the key-material, and by storing it as run-time coupons in non-volatile memory, there is a drastic reduction of the run-time energy needs for a signature, and a drastic reduction of the run-time latency to generate it. For a Winternitz hash-based scheme at 84-bit quantum security level on a MSP430 microcontroller, we measured a run-time energy reduction of 11.9 $\times$ and a run-time latency reduction of 23.5 $\times$ .

Shorter hash-based signatures

We describe an efficient hash-based signature scheme that yields shorter signatures than the state of the art. Signing and verification are faster as well, and the overall scheme is suitable for constrained platforms typical of the Internet of Things. We describe an efficient implementation of our improved scheme and show memory, time, and energy consumption benchmarks over a real device, i.e. the ATmega128l 8-bit AVR microcontroller embedded in MICAz, a typical sensor node used in wireless sensor networks.

A modeling framework of content pollution in Peer-to-Peer video streaming systems

Peer-to-Peer (P2P) live video streaming systems are known to suffer from intermediate attacks due to its inherent vulnerabilities. The content pollution is one of the common attacks that have received little attention in P2P live streaming systems. In this paper, we propose a modeling framework of content pollution in P2P live streaming systems. This model considers both unstructured and structured overlays, and captures the key factors including churns, user interactions, multiple attackers and defensive techniques. The models are verified with simulations and implemented in a real working system, Anysee. We analyze content pollution and its effect in live streaming system. We show that: (1) the impact from content pollution can exponentially increase, similar to the random scanning worms, leading to playback interruption and unnecessary bandwidth consumption; (2) content pollution is influenced by peer cooperation, peer degree and bandwidth in unstructured overlays, and topology breadth in structured ones; (3) the structured overlay is more resilient to content pollution; (4) a hybrid overlay result in better reliability and pollution resistance; (5) hash-based chunk signature scheme is most promising against content pollution.

An Empirical Analysis of Disk Sector Hashes for Data Carving

ABSTRACT Discovering known illicit material on digital storage devices is an important component of a digital forensic investigation. Using existing data carving techniques and tools, it is typically difficult to recover remaining fragments of deleted illicit files whose file system metadata and file headers have been overwritten by newer files. In such cases, a sector-based scan can be used to locate those sectors whose content matches those of sectors from known illicit files. However, brute-force sector-by-sector comparison is prohibitive in terms of time required. Techniques that compute and compare hash-based signatures of sectors in order to filter out those sectors that do not produce the same signatures as sectors from known illicit files are required for accelerating the process. This article reports the results of a case study in which the hashes for over 528 million sectors extracted from over 433,000 files of different types were analyzed. The hashes were computed using SHA1, MD5, CRC64, and CRC32 algorithms and hash collisions of sectors from JPEG and WAV files to other sectors were recorded. The analysis of the results shows that although MD5 and SHA1 produce no false-positive indications, the occurrence of false positives is relatively low for CRC32 and especially CRC64. Furthermore, the CRC-based algorithms produce considerably smaller hashes than SHA1 and MD5, thereby requiring smaller storage capacities. CRC64 provides a good compromise between number of collisions and storage capacity required for practical implementations of sector-scanning forensic tools.