Cryptography Reference
In-Depth Information
DSA using a 2048-bit key are assumed to be secure until 2022. The timings for
RSA and DSA where taken using the OpenSSL
speed
command. As this does
not provide timings for key generation, we had to leave this field blank. The
results show that XMSS is comparable to existing signature schemes. Only the
key generation takes a lot of time. But as key generation is an oine task, it can
be scheduled.
The last row of table 1 shows the signature size and public key size for MSS-
SPR [14]. To make the results from [14] comparable, we computed the signature
and public key size for message length
m
= 256 bit, using their formulas. [14] does
not provide runtimes, therefore we had to leave these fields blank. Comparing
XMSS using SHA-256 and
w
= 108 with MSS-SPR shows that even for a slightly
higher bit security we achieve a signature length of less than 25 % of the signature
length of MSS-SPR. We also tried to compare XMSS with GMSS [10], but as
the authors do not provide a security proof, a fair comparison is not possible
without presenting a security proof for GMSS.
References
1. Anderson, R.: Two remarks on public key cryptology. In: Manuscript. Relevant
material presented by the author in an invited lecture at the 4th ACM Conference
on Computer and Communications Security, CCS, pp. 1-4. Citeseer (1997)
2. Bellare, M., Canetti, R., Krawczyk, H.: Keying Hash Functions for Message Au-
thentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 1-15.
Springer, Heidelberg (1996)
3. Bellare, M., Canetti, R., Krawczyk, H.: Pseudorandom functions revisited: The
cascade construction and its concrete security. In: Proceedings of 37th Annual
Symposium on Foundations of Computer Science, pp. 514-523. IEEE (1996)
4. Bellare, M., Miner, S.K.: A Forward-Secure Digital Signature Scheme. In: Wiener,
M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 431-448. Springer, Heidelberg (1999)
5. Bellare, M., Rogaway, P.: Collision-Resistant Hashing: Towards Making UOWHFs
Practical. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 470-484.
Springer, Heidelberg (1997)
6. Bellare, M., Yee, B.S.: Forward-Security in Private-Key Cryptography. In: Joye,
M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 1-18. Springer, Heidelberg (2003)
7. Black, J.A., Rogaway, P., Shrimpton, T.: Black-Box Analysis of the Block-Cipher-
Based Hash-Function Constructions from PGV. In: Yung, M. (ed.) CRYPTO 2002.
LNCS, vol. 2442, pp. 103-118. Springer, Heidelberg (2002)
8. Bleichenbacher, D., Maurer, U.M.: Optimal Tree-based One-time Digital Signature
Schemes. In: Puech, C., Reischuk, R. (eds.) STACS 1996. LNCS, vol. 1046, pp.
363-374. Springer, Heidelberg (1996)
9. Buchmann, J., Dahmen, E., Ereth, S., Hulsing, A., Ruckert, M.: On the Security of
the Winternitz One-Time Signature Scheme. In: Nitaj, A., Pointcheval, D. (eds.)
AFRICACRYPT 2011. LNCS, vol. 6737, pp. 363-378. Springer, Heidelberg (2011)
10. Buchmann, J., Dahmen, E., Klintsevich, E., Okeya, K., Vuillaume, C.: Merkle
Signatures with Virtually Unlimited Signature Capacity. In: Katz, J., Yung, M.
(eds.) ACNS 2007. LNCS, vol. 4521, pp. 31-45. Springer, Heidelberg (2007)
11. Buchmann, J., Dahmen, E., Schneider, M.: Merkle Tree Traversal Revisited. In:
Buchmann, J., Ding, J. (eds.) PQCrypto 2008. LNCS, vol. 5299, pp. 63-78.
Springer, Heidelberg (2008)
