Analysis of a Proposed Hash-Based Signature Standard

  • Jonathan KatzEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10074)


We analyze the concrete security of a hash-based signature scheme described in a recent series of Internet Drafts by McGrew and Curcio. We show that an original version of their proposal achieves only a “loose” security bound, but that the latest version can be proven to have tighter security in the random-oracle model.



I thank Laurie E. Law and Jerome A. Solinas for their encouragement and suggestions, as well as for bringing the Leighton-Micali patent [8] to my attention.


  1. 1.
    Bernstein, D.J., et al.: SPHINCS: practical stateless hash-based signatures. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015, Part I. LNCS, vol. 9056, pp. 368–397. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-46800-5_15 Google Scholar
  2. 2.
    Buchmann, J., Dahmen, E., Szydlo, M.: Hash-based digital signature schemes. In: Bernstein, D.J., Buchmann, J., Dahmen, E. (eds.) Post-Quantum Cryptography, pp. 35–93. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  3. 3.
    Galbraith, S.D., Malone-Lee, J., Smart, N.: Public-key signatures in the multi-user setting. Inf. Process. Lett. 83(5), 263–266 (2002)MathSciNetCrossRefzbMATHGoogle Scholar
  4. 4.
    Hülsing, A., Butin, D., Gazdag, S., Mohaisen, A.: XMSS: extended hash-based signatures. Internet Draft draft-irtf-cfrg-xmss-hash-based-signatures-06, 6 July 2016.
  5. 5.
    Katz, J., Lindell, Y.: Introduction to Modern Cryptography, 2nd edn. Chapman & Hall/CRC Press, New York (2014)zbMATHGoogle Scholar
  6. 6.
    Kiltz, E., Masny, D., Pan, J.: Optimal security proofs for signatures from identification schemes. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016, Part II. LNCS, vol. 9815, pp. 33–61. Springer, Heidelberg (2016). doi: 10.1007/978-3-662-53008-5_2 CrossRefGoogle Scholar
  7. 7.
    Lamport, L.: Constructing digital signatures from a one-way function. Tehcnical Report SRI-CSL-98, SRI Intl. Computer Science Laboratory (1979)Google Scholar
  8. 8.
    Leighton, F.T., Micali, S.: Large provably fast and secure digital signature schemes based on secure hash functions. U.S. Patent 5,432,852, 11 July 1995Google Scholar
  9. 9.
    McGrew, D., Curcio, M.: Hash-based signatures. Internet Draft draft-mcgrew-hash-sigs-02, 4 July 2014.
  10. 10.
    McGrew, D., Curcio, M.: Hash-based signatures. Internet Draft draft-mcgrew-hash-sigs-04, 21 March 2016.
  11. 11.
    Merkle, R.C.: Secrecy, authentication, and public-key systems. Ph.D. Thesis, Stanford University (1979)Google Scholar
  12. 12.
    Merkle, R.C.: A certified digital signature. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 218–238. Springer, Heidelberg (1990). doi: 10.1007/0-387-34805-0_21 CrossRefGoogle Scholar
  13. 13.
    Naor, M., Yung, M.: Universal one-way hash functions and their cryptographic applications. In: Proceedings of 21st Annual Symposium on Theory of Computing (STOC), pp. 33–44. ACM (1989)Google Scholar
  14. 14.
    Rompel, J.: One-way functions are necessary and sufficient for secure signatures. In: Proceedings of 22nd Annual ACM Symposium on Theory of Computing (STOC), pp. 387–394. ACM (1990)Google Scholar

Copyright information

© Springer International Publishing AG 2016

Authors and Affiliations

  1. 1.Department of Computer ScienceUniversity of MarylandCollege ParkUSA

Personalised recommendations