Leighton-Micali Hash-Based Signatures in the Quantum Random-Oracle Model
Digital signatures constructed solely from hash functions offer competitive signature sizes and fast signing and verifying times. Moreover, the security of hash functions against a quantum adversary is believed to be well understood. This means that hash-based signatures are strong candidates for standard use in a post-quantum world. The Leighton-Micali signature scheme (LMS) is one such scheme being considered for standardization. However all systematic analyses of LMS have only considered a classical adversary. In this work we close this gap by showing a proof of the security of LMS in the quantum random-oracle model. Our results match the bounds imposed by Grover’s search algorithm within a constant factor, and remain tight in the multi-user setting.
KeywordsPost-quantum cryptography Digital signatures Random oracles Hash functions Multi-user setting
Thanks to Gus Gutoski and Alfred Menezes for insightful discussion, as well as their helpful editorial skills. Additional thanks to Philip Lafrance.
- 1.Alkim, E., Bindel, N., Buchmann, J., Dagdelen, Ö., Eaton, E., Gutoski, G., Krämer, J., Pawlega, F.: Revisiting TESLA in the quantum random oracle model. In: Lange, T., Takagi, T. (eds.) PQCrypto 2017. LNCS, vol. 10346, pp. 143–162. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-59879-6_9 CrossRefGoogle Scholar
- 7.Eaton, E.: Leighton-micali hash-based signatures in the quantum random-oracle model. Cryptology ePrint Archive, Report 2017/607 (2017). http://eprint.iacr.org/2017/607
- 8.Eaton, E., Song, F.: Making existential-unforgeable signatures strongly unforgeable in the quantum random-oracle model. In: 10th Conference on the Theory of Quantum Computation, Communication, and Cryptography (TQC), pp. 147–162 (2015)Google Scholar
- 9.Fluhrer, S.: Further analysis of a proposed hash-based signature standard. Cryptology ePrint Archive, Report 2017/553 (2017)Google Scholar
- 12.Lamport, L.: Constructing digital signatures from a one way function. Technical report, October 1979. https://www.microsoft.com/en-us/research/publication/constructing-digital-signatures-one-way-function/
- 13.Leighton, F., Micali, S.: Large provably fast and secure digital signature schemes based on secure hash functions, 11 July 1995. https://www.google.com/patents/US5432852. US Patent 5,432,852
- 14.McGrew, D., Curcio, M., Fluhrer, S.: Hash-Based Signatures. Internet-Draft draft-mcgrew-hash-sigs-06, Internet Engineering Task Force, March 2017. In press. https://datatracker.ietf.org/doc/html/draft-mcgrew-hash-sigs-06
- 16.Merkle, R.C.: Method of providing digital signatures, 5 January 1982. https://www.google.com/patents/US4309569. US Patent 4,309,569
- 17.Panos Kampanakis, S.F.: LMS vs XMSS: A comparison of the stateful hash-based signature proposed standards. Cryptology ePrint Archive, Report 2017/349 (2017)Google Scholar