On the Security of the Winternitz One-Time Signature Scheme

We show that the Winternitz one-time signature scheme is existentially unforgeable under adaptive chosen message attacks when instantiated with a family of pseudo random functions. Compared to previous results, which require a collision resistant hash function, our result provides significantly smaller signatures at the same security level. We also consider security in the strong sense and show that the Winternitz one-time signature scheme is strongly unforgeable assuming additional properties of the pseudo random function. In this context we formally define several key-based security notions for function families and investigate their relation to pseudorandomness. All our reductions are exact and in the standard model and can directly be used to estimate the output length of the hash function required to meet a certain security level

Supply chain cybersecurity and the implementation of blockchain technology

The same information that has massively contributed the evolution of the supply chain productivity for both private and public entities is the same posing companywide cybersecurity threats that has been on the rise due to the digitalization of multiple aspects of the supply chain and the lack of security protocols in thereof. Information and Communication Technologies (ICT) are essential for the flow of goods and services from the starting point until it reaches the end customer. Yet, cybersecurity has not been on the spotlight when it came to supply chain disruptions as much as terrorist attacks or global pandemics despite having the potential to inflict severe damage. Luckily, the evolution of these threats came in parallel with the evolution of technologies that can help prevent and minimize them with blockchain showcasing its ability to ensure transparency along the blockchain, fraud detection and ensuring a time and cost-efficient process. This research will discuss the application of Blockchain technologies in the supply chain network, its horizons and some of its setbacks

Sketches for Blockchains

Blockchains suffer from a critical scalability problem where traditionally each network node maintains all network state, including records since the establishment of the blockchain. Sketches are popular hash-based data structures used to represent a large amount of data while supporting particular queries such as on set membership, cardinality estimation and identification of large elements. Often, to achieve time and memory savings, sketches allow potential inaccuracies in answers to the queries. The design of popular blockchain networks such as Bitcoin and Ethereum makes use of sketches for various tasks such as summarization of transaction blocks or declaring the interests of light nodes. Similarly, they seem natural to deal with the size of the state in blockchains. In this paper, we study existing and potential future applications of sketches in blockchains. We first summarize current blockchain use cases of sketches. Likewise, we explore how this coupling can be generalized to a wider range of sketches and additional functionalities. In particular, we explain how sketches can detect anomalies based on efficient an summary of the state or traffic

Digital Signature Schemes Based on Hash Functions

Cryptographers and security experts around the world have been awakened to the reality that one day (potentially soon) large-scale quantum computers may be available. Most of the public-key cryptosystems employed today on the Internet, in both software and in hardware, are based on number-theoretic problems which are thought to be intractable on a classical (non-quantum) computer and hence are considered secure. The most popular such examples are the RSA encryption and signature schemes, and the Elliptic Curve Diffie-Hellman (ECDH) key-exchange protocol employed widely in the SSL/TLS protocols. However, these schemes offer essentially zero security against an adversary in possession of a large-scale quantum computer. Thus, there is an urgent need to develop, analyze and implement cryptosystems and algorithms that are secure against such adversaries. It is widely believed that cryptographic hash functions are naturally resilient to attacks by a quantum adversary, and thus, signature schemes have been developed whose security relies on this belief. The goal of this thesis is to give an overview of hash-based cryptography. We describe the most important hash-based signature schemes as well as the schemes and protocols used as subroutines within them. We give a juxtaposition between stateful and stateless signature schemes, discussing the pros and cons of both while including detailed examples. Furthermore, we detail serious flaws in the security proof for the WOTS-PRF signature scheme. This scheme had the feature that its security proof was based on minimal security assumptions, namely the pseudorandomness of the underlying function family. We explore how this flawed security argument affects the other signature schemes that utilize WOTS-PRF

Constrained Device Performance Benchmarking with the Implementation of Post-Quantum Cryptography

Advances in quantum computers may pose a significant threat to existing public-key encryption methods, which are crucial to the current infrastructure of cyber security. Both RSA and ECDSA, the two most widely used security algorithms today, may be (in principle) solved by the Shor algorithm in polynomial time due to its ability to efficiently solve the discrete logarithm problem, potentially making present infrastructures insecure against a quantum attack. The National Institute of Standards and Technology (NIST) reacted with the post-quantum cryptography (PQC) standardization process to develop and optimize a series of post-quantum algorithms (PQAs) based on difficult mathematical problems that are not susceptible to being solved by Shor’s algorithm. Whilst high-powered computers can run these PQAs efficiently, further work is needed to investigate and benchmark the performance of these algorithms on lower-powered (constrained) devices and the ease with which they may be integrated into existing protocols such as TLS. This paper provides quantitative benchmark and handshake performance data for the most recently selected PQAs from NIST, tested on a Raspberry Pi 4 device to simulate today’s IoT (Internet of Things) devices, and provides quantitative comparisons with previous benchmarking data on a range of constrained systems. CRYSTALS-Kyber and CRYSTALS-Dilithium are shown to be the most efficient PQAs in the key encapsulation and signature algorithms, respectively, with Falcon providing the optimal TLS handshake size

Oops, I did it again -- Security of One-Time Signatures under Two-Message Attacks

One-time signatures (OTS) are called one-time, because the accompanying reductions only guarantee security under single-message attacks. However, this does not imply that efficient attacks are possible under two-message attacks. Especially in the context of hash-based OTS (which are basic building blocks of recent standardization proposals) this leads to the question if accidental reuse of a one-time key pair leads to immediate loss of security or to graceful degradation. In this work we analyze the security of the most prominent hash-based OTS, Lamport\u27s scheme, its optimized variant, and WOTS, under different kinds of two-message attacks. Interestingly, it turns out that the schemes are still secure under two message attacks, asymptotically. However, this does not imply anything for typical parameters. Our results show that for Lamport\u27s scheme, security only slowly degrades in the relevant attack scenarios and typical parameters are still somewhat secure, even in case of a two-message attack. As we move on to optimized Lamport and its generalization WOTS, security degrades faster and faster, and typical parameters do not provide any reasonable level of security under two-message attacks