Mitigating Multi-target Attacks in Hash-Based Signatures

Conference paper

DOI: 10.1007/978-3-662-49384-7_15

Part of the Lecture Notes in Computer Science book series (LNCS, volume 9614)
Cite this paper as:
Hülsing A., Rijneveld J., Song F. (2016) Mitigating Multi-target Attacks in Hash-Based Signatures. In: Cheng CM., Chung KM., Persiano G., Yang BY. (eds) Public-Key Cryptography – PKC 2016. Lecture Notes in Computer Science, vol 9614. Springer, Berlin, Heidelberg


This work introduces XMSS-T, a new stateful hash-based signature scheme with tight security. Previous hash-based signatures are facing a loss of security, linear in performance parameters such as the total tree height. Our new scheme can achieve the same security level but using hash functions with a smaller output length, which immediately leads to a smaller signature size. The same techniques also apply directly to the recent stateless hash-based signature scheme SPHINCS (Eurocrypt 2015), and the signature size is reduced as well.

Being a little more specific and technical, the tight security stems from new multi-target notions of hash-function properties which we define and analyze. We show precise complexity for breaking these security properties under both classical and quantum generic attacks, thus establishing a reliable estimate for the quantum security of XMSS-T. Especially, we prove quantum query complexity tailored for cryptographic applications, which overcome some limitations of standard techniques in quantum query complexity such as they usually only consider worst-case complexity. Our proof techniques may be useful elsewhere.

We also implement XMSS-T and compare its performance to that of XMSS (PQCrypto 2011), the most recent stateful hash-based signature scheme before our work.


Post-quantum cryptography Hash-based signatures Hash function security Multi-target attacks Quantum query complexity 

Copyright information

© International Association for Cryptologic Research 2016

Authors and Affiliations

  1. 1.Department of Mathematics and Computer ScienceTechnische Universiteit EindhovenEindhovenThe Netherlands
  2. 2.Digital Security GroupRadboud UniversityNijmegenThe Netherlands
  3. 3.Department of Combinatorics and Optimization, Institute for Quantum ComputingUniversity of WaterlooWaterlooCanada

Personalised recommendations