Skip to main content
Cryptography

Questions tagged [hash-based]

Ask Question

The tag has no summary.

8 questions
Newest Active Bountied Unanswered
0 votes
1 answer
57 views

Security impact of partial key knowledge for stateful hash-based signatures

Let us consider a stateful hash-based signature scheme (e.g. LMS or XMSS) with an $n$-bit hash function where each signature is composed of $x$ hash chains. Assuming an attacker has knowledge of $y &...
Raoul722's user avatar
Raoul722
  • 3,007
2 votes
0 answers
41 views

Real world example of stateful hash-based signature failure

Stateful hash-based signatures are known to be complicated to deploy in practice due to the need of synchronizing the state, which is critical to the system security. However, I don't remember having ...
Raoul722's user avatar
Raoul722
  • 3,007
5 votes
1 answer
229 views

Hash-based public-key encryption

Over the years, new discoveries have weakened some of the mathematical primitives used in cryptography, like the broken Knapsack cryptosystem, Shor's algorithm, etc. What we believe to be hard ...
Jason Smith's user avatar
Jason Smith
  • 225
0 votes
0 answers
47 views

How can I call a recursively defined operator from another operator in EasyCrypt?

I'm implementing parts of SHA-256 in EasyCrypt and need to define a power function (pow) that I can call from within other operator definitions (such as for logical shift operations). However, when I ...
m Amiri's user avatar
m Amiri
  • 1
3 votes
1 answer
614 views

SHA3-256 vs SHAKE256_256 in XMSS and SPHINCS

By SHAKE256_256, I mean taking first 256 bits of the output of SHAKE256 i.e. SHAKE256_256(M) = SHAKE256(M,256) What is the motivation of choosing SHAKE256_256 ...
user's user avatar
user
  • 323
2 votes
1 answer
726 views

How does signing with FORS work in SPHINCS+?

I was reading the SPHINCS+ paper and got confused in the signing with FORS (forest of random subsets) part. I understand how we can sign a message using FORS but I couldn't understand how we choose ...
Andrew's user avatar
Andrew
  • 43
0 votes
1 answer
149 views

How come we only need to generate the first tree in each layer in XMSS MT

From what I understand, to reduce the time taken for public key generation, you can use nested trees in XMSS to form Multi-tree XMSS. For an instantion of 2 layers, it seems that the leaf of each L ...
João Diogo Duarte's user avatar
João Diogo Duarte
  • 25
2 votes
3 answers
303 views

What are some use cases for signature scheme that can only sign finite amount of time?

From one-time hash-based signature, one can convert it into 2^d time signature by using Merkle hash tree. However, it seems to be a trick that enables multi-time signing. My question is: is there any ...
DiamondDuck's user avatar
DiamondDuck
  • 403