Winternitz One-time Signature Scheme Research Articles

A lightweight remote attestation using PUFs and hash-based signatures for low-end IoT devices

Remote attestation is a powerful mechanism that allows a verifier to know if the hardware of an IoT (Internet-of-Thing) device (acting as a prover) has been counterfeited or tampered with and if its firmware has been altered. Remote attestation is based on collecting and reporting measurements in a trusted way, and should be lightweight for resource-constrained IoT devices. This work proposes to include a low-cost Root of Trust for Measuring and Reporting (RoTMR) in the prover, based on the combination of a Physically Unclonable Function (PUF) and an Attestation Read-Only Memory (A-ROM), and to use hash-based digital signatures in the attestation protocol. The proposed RoTMR is addressed to IoT devices based on a microcontroller that executes some application code (the measurable object) located in an external non-volatile memory accessible by an attacker. The secret keys required by the digital signatures are not stored but reconstructed using the PUF. The A-ROM contains the attestation instructions and ensures that its contents cannot be altered and that its instructions are executed sequentially without modification. The use of hash-based digital signatures makes the solution quantum-resistant and very robust because its security relies solely on the unidirectionality of a hash function. The proposed attestation protocol takes advantage of the fact that One-Time Signature (OTS) generation and Many-Time Signature (MTS) verification are very well suited for low-end devices, and the MTS scheme is suitable for the verifier application context. The proposal was validated experimentally with the ESP32 microcontroller, which is widely employed in IoT devices, by using its SRAM as PUF and implementing WOTS+, which is a type of Winternitz One-Time Signature scheme (WOTS), the One-Time Signature of Smart Digital Signatures scheme (SDS-OTS), and the MTS schemes constructed with them. The OTS schemes require smaller codes and thus smaller A-ROM than MTS and ECDSA (Elliptic Curve Digital Signature Algorithm). The code of one of the WOTS+ takes about 4 times less space than ECDSA. In terms of execution times, the OTS schemes are very fast. One of the WOTS+ performs all the signature operations in a few tens of milliseconds. The OTS schemes (especially the SDS-OTS) are also very efficient in terms of communication bandwidth because they use small signatures compared to other post-quantum solutions.

LETSRP: A Secure Routing Protocol for Manets

Reliable link between the nodes playsvital role during the transmission of data in the routing protocols of Mobile Ad-hoc Networks (MANETs). In this research paper, a routing protocol Link named Expiration Time based Routing Protocol (LETSRP)is proposed which uses Winternitz One-time Signature Scheme to checkthe authentication of transmitted data in the network. The packet sending node calculates maximum LET (MaxLET), minimum LET (MinLET) and average LET (AvgLET) using greedy algorithm in our proposed solution. The number of sent packets dependson the available bandwidth. Various steps in implementation are repeated until all the packets reach the destination node. Simulations are done with variable number of nodes between10-20 nodes with mobility setting from 10 m/s to 20 m/s.

An Efficient Signature Scheme From Supersingular Elliptic Curve Isogenies

Since supersingular elliptic curve isogenies are one of the several candidate sources of hardness for building post-quantum cryptographic primitives, the research of efficient signature schemes based on them is still a hot topic. In this paper, we present a many-time signature scheme based on the hash function from supersingular elliptic curve isogenies over the finite field F p2 where p = 2 521 - 1. Our signature scheme achieves smaller signature sizes relative to other post-quantum signature schemes based on supersingular elliptic curve isogenies, such as Galbraith's signature schemes (AsiaCrypt 2017) and Yoo's scheme (FC 2017). The structure of our scheme follows that of the hash-based signature scheme submitted to National Institute of Standards and Technology for post-quantum cryptography in 2018 with some modifications. To complete the construction, we firstly apply the method of Weil restriction to improve the efficiency of hash function from supersingular elliptic curve isogenies by approximately 30%, then propose a new Winternitz one-time signature scheme based on the hash function. Finally, we implement the signature scheme.

On the security of the WOTS-PRF signature scheme

We identify a flaw in the security proof and a flaw in the concrete security analysis of the WOTS-PRF variant of the Winternitz one-time signature scheme, and discuss the implications to its concrete security.

On the security of the Winternitz one-time signature scheme

We show that the Winternitz one-time signature scheme is existentially unforgeable under adaptive chosen message attacks when instantiated with a family of pseudorandom functions. Our result halves the signature size at the same security level, compared to previous results, which require a collision resistant hash function. We also consider security in the strong sense and show that the Winternitz one-time signature scheme is strongly unforgeable assuming additional properties of the pseudorandom function family. In this context we formally define several key-based security notions for function families and investigate their relation to pseudorandomness. All our reductions are exact and in the standard model and can directly be used to estimate the output length of the hash function required to meet a certain security level.

A novel cryptoprocessor architecture for chained Merkle signature scheme

One-time signature schemes rely on hash functions and are, therefore, assumed to be resistant to attacks by quantum computers. These approaches inherently raise a key management problem, as the key pair can be used only for one message. That means, for one-time signature schemes to work, the sender must deliver the verification key together with the message and the signature. Upon reception, the receiver has to verify the authenticity of the verification key before verifying the signature itself. Hash-tree based solutions tackle this problem by basing the authenticity of a large number of verification keys on the authenticity of a root key. This approach, however, causes computation, communication, and storage overhead. Due to hardware acceleration, this paper proposes, for the first time, a processor architecture which boosts the performance of a one-time signature scheme without degrading memory usage and communication properties. This architecture realizes the chained Merkle signature scheme on the basis of Winternitz one-time signature scheme. All operations, i.e., key generation, signing, and verification are implemented on an FPGA platform, which acts as a coprocessor. Timing measurements on the prototype show a performance boost of at least one order of magnitude compared to an identical software solution.