Real-World Post-Quantum Digital Signatures

Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 530)


Digital signatures are ubiquitous in modern security infrastructures. Their lack of diversity in industrial settings makes most contemporary systems susceptible to quantum computer-aided attacks. Alternatives exist, among which a family of well-understood schemes with minimal security requirements: hash-based signatures. In addition to being quantum-safe, hash-based signatures are modular, providing long-term security. They are not yet being used in practice. We discuss the reasons for this gap between theory and practice and outline a strategy to bridge it. We then detail our work to realise the described plan.


Authenticity Post-quantum Usability Integration 


  1. 1.
    OpenSSL: The Open Source toolkit for SSL/TLS.
  2. 2.
    Legion of the Bouncy Castle (2013).
  3. 3.
    de Oliveira, A.K.D.S.: An efficient software implementation of XMSS. Presented at LATINCRYPT 2014 (2014)Google Scholar
  4. 4.
    Bellare, M., Miner, S.K.: A forward-secure digital signature scheme. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, p. 431. Springer, Heidelberg (1999) Google Scholar
  5. 5.
    Bernstein, D.J., et al.: SPHINCS: practical stateless hash-based signatures. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 368–397. Springer, Heidelberg (2015) Google Scholar
  6. 6.
    Bertoni, G., Daemen, J., Peeters, M., Assche, G.V.: The Keccak reference (2011).
  7. 7.
    Bos, J.W., Costello, C., Naehrig, M., Stebila, D.: Post-quantum key exchange for the TLS protocol from the ring learning with errors problem. IEEE Symposium on Security and Privacy, pp. 553-570 (2015)Google Scholar
  8. 8.
    Boura, C., Canteaut, A.: Zero-sum distinguishers for iterated permutations and application to Keccak-f and Hamsi-256. In: Biryukov, A., Gong, G., Stinson, D.R. (eds.) SAC 2010. LNCS, vol. 6544, pp. 1–17. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  9. 9.
    Braun, J., Hülsing, A., Wiesmaier, A., Vigil, M.A.G., Buchmann, J.: How to avoid the breakdown of public key infrastructures. In: De Capitani di Vimercati, S., Mitchell, C. (eds.) EuroPKI 2012. LNCS, vol. 7868, pp. 53–68. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  10. 10.
    Buchmann, J., Dahmen, E., Hülsing, A.: XMSS - a practical forward secure signature scheme based on minimal security assumptions. In: Yang, B.-Y. (ed.) PQCrypto 2011. LNCS, vol. 7071, pp. 117–129. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  11. 11.
    Buchmann, J., Dahmen, E., Klintsevich, E., Okeya, K., Vuillaume, C.: Merkle signatures with virtually unlimited signature capacity. In: Katz, J., Yung, M. (eds.) ACNS 2007. LNCS, vol. 4521, pp. 31–45. Springer, Heidelberg (2007) CrossRefGoogle Scholar
  12. 12.
    Buchmann, J., García, L.C.C., Dahmen, E., Döring, M., Klintsevich, E.: CMSS – an improved Merkle signature scheme. In: Barua, R., Lange, T. (eds.) INDOCRYPT 2006. LNCS, vol. 4329, pp. 349–363. Springer, Heidelberg (2006) CrossRefGoogle Scholar
  13. 13.
    Courtois, N.T., Finiasz, M., Sendrier, N.: How to achieve a McEliece-based digital signature scheme. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, p. 157. Springer, Heidelberg (2001) CrossRefGoogle Scholar
  14. 14.
    DeAngelis, S.F.: Closing In On Quantum Computing. Wired (2014)Google Scholar
  15. 15.
    Ding, J., Schmidt, D.: Rainbow, a new multivariable polynomial signature scheme. In: Ioannidis, J., Keromytis, A.D., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 164–175. Springer, Heidelberg (2005) CrossRefGoogle Scholar
  16. 16.
    Dods, C., Smart, N.P., Stam, M.: Hash based digital signature schemes. In: Smart, N.P. (ed.) Cryptography and Coding 2005. LNCS, vol. 3796, pp. 96–115. Springer, Heidelberg (2005) CrossRefGoogle Scholar
  17. 17.
    Duc, A., Guo, J., Peyrin, T., Wei, L.: Unaligned rebound attack: application to Keccak. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 402–421. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  18. 18.
    Ducas, L., Durmus, A., Lepoint, T., Lyubashevsky, V.: Lattice signatures and bimodal gaussians. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part I. LNCS, vol. 8042, pp. 40–56. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  19. 19.
    El Gamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 10–18. Springer, Heidelberg (1985) CrossRefGoogle Scholar
  20. 20.
    ETSI: White paper: Quantum Safe Cryptography and Security; An introduction, benefits, enablers and challenges. (2014)
  21. 21.
    Gazdag, S., Butin, D.: Practical Hash-based Signatures (Quantencomputer-resistente Signaturverfahren für die Praxis) (2014).
  22. 22.
  23. 23.
    Grover, L.K.: A fast quantum mechanical algorithm for database search. In: Symposium on Theory of Computing (STOC), pp. 212–219. ACM (1996)Google Scholar
  24. 24.
    Housley, R.: Use of the hash-based Merkle tree signature (MTS) algorithm in the cryptographic message syntax (CMS). IETF (2015) (Internet-Draft )Google Scholar
  25. 25.
    Hülsing, A.: Practical Forward Secure Signatures using Minimal Security Assumptions. Ph.D. thesis, Technische Universität Darmstadt (2013)Google Scholar
  26. 26.
    Hülsing, A.: W-OTS+ – shorter signatures for hash-based signature schemes. In: Youssef, A., Nitaj, A., Hassanien, A.E. (eds.) AFRICACRYPT 2013. LNCS, vol. 7918, pp. 173–188. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  27. 27.
    Hülsing, A., Busold, C., Buchmann, J.: Forward secure signatures on smart cards. In: Knudsen, L.R., Wu, H. (eds.) SAC 2012. LNCS, vol. 7707, pp. 66–80. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  28. 28.
    Hülsing, A., Butin, D., Gazdag, S.L., Mohaisen, A.: XMSS: Extended Hash-Based Signatures. IETF (2015) (Internet-Draft)Google Scholar
  29. 29.
    Hülsing, A., Rausch, L., Buchmann, J.: Optimal parameters for XMSS\(^{MT}\). In: Cuzzocrea, A., Kittl, C., Simos, D.E., Weippl, E., Xu, L. (eds.) CD-ARES Workshops 2013. LNCS, vol. 8128, pp. 194–208. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  30. 30.
  31. 31.
    Johnson, D., Menezes, A., Vanstone, S.: The elliptic curve digital signature algorithm (ECDSA). Int. J. Inf. Secur. 1(1), 36–63 (2001)CrossRefGoogle Scholar
  32. 32.
    Lamport, L.: Constructing Digital Signatures from a One Way Function. Technical report, SRI International Computer Science Laboratory (1979)Google Scholar
  33. 33.
    Lenstra, A.K., Verheul, E.R.: Selecting cryptographic key sizes. J. Crypt. 14(4), 255–293 (2001)MathSciNetCrossRefzbMATHGoogle Scholar
  34. 34.
    McGrew, D., Curcio, M.: Hash-Based Signatures. IETF (2014) (Internet-Draft)Google Scholar
  35. 35.
    Merkle, R.C.: A certified digital signature. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 218–238. Springer, Heidelberg (1990) Google Scholar
  36. 36.
    National Institute of Standards and Technology: FIPS PUB 186–4: Digital Signature Standard (DSS). National Institute for Standards and Technology (2013).
  37. 37.
    Nguyen, P.Q., Regev, O.: Learning a parallelepiped: cryptanalysis of GGH and NTRU signatures. J. Crypt. 22(2), 139–160 (2009)MathSciNetCrossRefzbMATHGoogle Scholar
  38. 38.
    OpenBSD: LibreSSL (2014).
  39. 39.
    OpenSSL Security Advisory: SSL/TLS MITM vulnerability (CVE-2014-0224) (2014).
  40. 40.
    OpenSSL Security Advisory: TLS heartbeat read overrun (CVE-2014-0160) (2014).
  41. 41.
    Pop, I.M., Geerlings, K., Catelani, G., Schoelkopf, R.J., Glazman, L.I., Devoret, M.H.: Coherent suppression of electromagnetic dissipation due to superconducting quasiparticles. Nat. 508(7496), 369–372 (2014)CrossRefGoogle Scholar
  42. 42.
    Rich, S., Gellman, B.: NSA seeks to build quantum computer that could crack most types of encryption. The Washington Post (2014)Google Scholar
  43. 43.
    Rivest, R., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21, 120–126 (1978)MathSciNetCrossRefzbMATHGoogle Scholar
  44. 44.
    Saeedi, K., et al.: Room-temperature quantum bit storage exceeding 39 minutes using ionized donors in silicon-28. Sci. 342(6160), 830–833 (2013)CrossRefGoogle Scholar
  45. 45.
    Shor, P.W.: Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM J. Comput. 26(5), 1484–1509 (1997)MathSciNetCrossRefzbMATHGoogle Scholar
  46. 46.
    TU Darmstadt: FlexiProvider, an open source Java Cryptographic Service Provider (2006).

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.TU DarmstadtDarmstadtGermany
  2. 2.genua mbHKirchheim Bei MünchenGermany

Personalised recommendations