Secure and efficient post-quantum cryptographic digital signature algorithms

Mahmoud, Mahmoud Yehia Ahmed

24 August 2021

Cryptographic digital signatures provide authentication to communicating parties over communication networks. They are integral asymmetric primitives in cryptography. The current digital signature infrastructure adopts schemes that rely on the hardness of finding discrete logarithms and factoring in finite groups. Given the recent advances in physics which point towards the eventual construction of large scale quantum computers, these hard problems will be solved in polynomial time using Shor’s algorithm. Hence, there is a clear need to migrate the cryptographic infrastructure to post-quantum secure alternatives. Such an initiative is demonstrated by the PQCRYPTO project and the current Post-Quantum Cryptography (PQC) standardization competition run by the National Institute of Standards and Technology (NIST). This dissertation considers hash-based digital signature schemes. Such algorithms rely on simple security notions such as preimage, and weak and strong collision resistances of hash functions. These notions are well-understood and their security against quantum computers has been well-analyzed. However, existing hash-based signature schemes have large signature sizes and high computational costs. Moreover, the signature size increases with the number of messages to be signed by a key pair. The goal of this work is to develop hash-based digital signature schemes to overcome the aforementioned limitations. First, FORS, the underlying few-time signature scheme of the NIST PQC alternate candidate SPHINCS+ is analyzed against adaptive chosen message attacks, and DFORS, a few-time signature scheme with adaptive chosen message security, is proposed. Second, a new variant of SPHINCS+ is introduced that improves the computational cost and security level. Security analysis for the new variant is presented. In addition, the hash-based group digital signature schemes, Group Merkle (GM) and Dynamic Group Merkle (DGM), are studied and their security is analyzed. Group Merkle Multi-Treem (GMMT) is proposed to solve some of the limitations of the GM and DGM hash-based group signature schemes. / Graduate

Digital signature schemes

Hash-based signature schemes

Post-quantum cryptography

Group signature schemes

Merkle trees

z-NAF e clipping: two improvements for post-quantum hash-based digital signatures. / z-NAF e clipping: duas melhorias para assinaturas digitais pós-quânticas baseadas em hash.

Zheng, Amós Yi Cong Lu

19 February 2019

Hash-based signature schemes are a class of post-quantum algorithms that usually consist of hash-trees built upon OTS solutions. These schemes have small key sizes, eficient processing and are simple to implement, while their security properties rely basically on the pre-image or collision resistance of the their underlying hash function. Despite such advantages, however, they have relatively large signature sizes compared to traditional signature algorithms. One way of tackling this issue is to reduce the sizes of their underlying OTS algorithms. Besides that, in applications where signature verifications are done much more frequently than signature generation (e.g. trusted software distribution), it is desirable that signature verification has less overhead than signature generation. In this work, two contributions are presented to tackle these issues. The first one is a probabilistic technique that, with negligible processing overhead, allows reductions in the underlying OTS signature sizes; namely, up to 12.5% average size reduction can be achieved depending on the w parameter chosen for the signature (however, for w = 4 the reduction is only 0.2%). The second contribution is a novel OTS scheme which has all advantages of W-OTS and W-OTS+ and yet has much faster signature verification times at the cost of slightly slower signature generation times. / Esquemas de assinaturas baseadas em hash são uma classe de algoritmos pós-quânticos que basicamente consistem em árvores de hash construídas em cima de soluções de assinaturas unitárias (OTS). Tais esquemas possuem tamanhos pequenos de chaves, processamento eficiente e são simples de se implementar, enquanto que a segurança desses esquemas baseia-se na resistência à pré-imagem ou à colisão das funções de hash utilizadas. Apesar dessas vantagens, eles possuem tamanhos de assinaturas relativamente grandes comparados aos algoritmos tradicionais de assinatura. Nesse caso, uma forma de lidar com essa questão é reduzir os tamanhos de assinatura das OTS utilizadas. Além disso, em aplicações em que se faz muito mais verificações de assinatura do que gerações de assinatura, é desejável que a vericação seja significativamente mais rápida do que a geração. Nesse trabalho, duas contribuições são apresentadas para mitigar os problemas acima mencionados. A primeira é uma técnica probabilística que permite a redução do tamanho das assinaturas nas OTS utilizadas com custo adicional de processamento desprezível, isto é, pode-se alcançar uma redução média de até 12.5% dependendo do valor de w escolhido para a assinatura (no entanto, para w = 4 a redução é de apenas 0.2%). A segunda contribuição é um esquema inovador de assinatura digital que possui todas as vantagens do W-OTS e do W-OTS+, além de possuir verificação bem mais rápida do que estes em troca de uma geração de assinatura um pouco mais lenta.

Algorithms

Algoritmos

Assinaturas baseadas em hash

Assinaturas unitárias

Computer security

Criptologia

Cryptography

Hash-based signature schemes

One-time signature schemes

Post-quantum cryptography

Segurança de computadores