Hash-based signatures for the internet of things

While numerous digital signature schemes exist in the literature, most real-world system rely on RSA-based signature schemes or on the digital signature algorithm (DSA), including its elliptic curve cryptography variant ECDSA. In this position paper we review a family of alternative signature schemes, based on hash functions, and we make the case for their application in Internet of Things (IoT) settings. Hash-based signatures provide postquantum security, and only make minimal security assumptions, in general requiring only a secure cryptographic hash function. This makes them extremely flexible, as they can be implemented on top of any hash function that satisfies basic security properties. Hash-based signatures also feature numerous parameters defining aspects such as signing speed and key size, that enable trade-offs in constrained environments. Simplicity of implementation and customization make hash based signatures an attractive candidate for the IoT ecosystem, which is composed of a number of diverse, constrained devices

CONSTRUCTION OF EFFICIENT AUTHENTICATION SCHEMES USING TRAPDOOR HASH FUNCTIONS

In large-scale distributed systems, where adversarial attacks can have widespread impact, authentication provides protection from threats involving impersonation of entities and tampering of data. Practical solutions to authentication problems in distributed systems must meet specific constraints of the target system, and provide a reasonable balance between security and cost. The goal of this dissertation is to address the problem of building practical and efficient authentication mechanisms to secure distributed applications. This dissertation presents techniques to construct efficient digital signature schemes using trapdoor hash functions for various distributed applications. Trapdoor hash functions are collision-resistant hash functions associated with a secret trapdoor key that allows the key-holder to find collisions between hashes of different messages. The main contributions of this dissertation are as follows: 1. A common problem with conventional trapdoor hash functions is that revealing a collision producing message pair allows an entity to compute additional collisions without knowledge of the trapdoor key. To overcome this problem, we design an efficient trapdoor hash function that prevents all entities except the trapdoor key-holder from computing collisions regardless of whether collision producing message pairs are revealed by the key-holder. 2. We design a technique to construct efficient proxy signatures using trapdoor hash functions to authenticate and authorize agents acting on behalf of users in agent-based computing systems. Our technique provides agent authentication, assurance of agreement between delegator and agent, security without relying on secure communication channels and control over an agent’s capabilities. 3. We develop a trapdoor hash-based signature amortization technique for authenticating real-time, delay-sensitive streams. Our technique provides independent verifiability of blocks comprising a stream, minimizes sender-side and receiver-side delays, minimizes communication overhead, and avoids transmission of redundant information. 4. We demonstrate the practical efficacy of our trapdoor hash-based techniques for signature amortization and proxy signature construction by presenting discrete log-based instantiations of the generic techniques that are efficient to compute, and produce short signatures. Our detailed performance analyses demonstrate that the proposed schemes outperform existing schemes in computation cost and signature size. We also present proofs for security of the proposed discrete-log based instantiations against forgery attacks under the discrete-log assumption

A New Approach to Constructing Digital Signature Schemes (Extended Paper)

A new hash-based, server-supported digital signature scheme was proposed recently. We decompose the concept into forward-resistant tags and a generic cryptographic time-stamping service. Based on the decomposition, we propose more tag constructions which allow efficient digital signature schemes with interesting properties to be built. In particular, the new schemes are more suitable for use in personal signing devices, such as smart cards, which are used infrequently. We define the forward-resistant tags formally and prove that (1) the discussed constructs are indeed tags and (2) combining such tags with time-stamping services gives us signature schemes

On Randomizing Hash Functions to Strengthen the Security of Digital Signatures

Halevi and Krawczyk proposed a message randomization algorithm called RMX as a front-end tool to the hash-then-sign digital signature schemes such as DSS and RSA in order to free their reliance on the collision resistance property of the hash functions. They have shown that to forge a RMX-hash-then-sign signature scheme, one has to solve a cryptanalytical task which is related to finding second preimages for the hash function. In this article, we will show how to use Dean’s method of finding expandable messages for finding a second preimage in the Merkle-Damgård hash function to existentially forge a signature scheme based on a t-bit RMX-hash function which uses the Davies-Meyer compression functions (e.g., MD4, MD5, SHA family) in 2 t/2 chosen messages plus 2 t/2 + 1 off-line operations of the compression function and similar amount of memory. This forgery attack also works on the signature schemes that use Davies-Meyer schemes and a variant of RMX published by NIST in its Draft Special Publication (SP) 800-106. We discuss some important applications of our attack

SPHINCS+^+ post-quantum digital signature scheme with Streebog hash function

Many commonly used public key cryptosystems will become insecure once a scalable quantum computer is built. New cryptographic schemes that can guarantee protection against attacks with quantum computers, so-called post-quantum algorithms, have emerged in recent decades. One of the most promising candidates for a post-quantum signature scheme is SPHINCS$^+$, which is based on cryptographic hash functions. In this contribution, we analyze the use of the new Russian standardized hash function, known as Streebog, for the implementation of the SPHINCS$^+$ signature scheme. We provide a performance comparison with SHA-256-based instantiation and give benchmarks for various sets of parameters.Comment: 5 pages, 2 figures, 3 table