Skip to main content
Cryptography

Questions tagged [hash-based]

Ask Question

The tag has no summary.

8 questions
Newest Active Bountied Unanswered
0 votes
1 answer
61 views

Let us consider a stateful hash-based signature scheme (e.g. LMS or XMSS) with an $n$-bit hash function where each signature is composed of $x$ hash chains. Assuming an attacker has knowledge of $y &...
Raoul722's user avatar
  • 3,007
2 votes
0 answers
42 views

Stateful hash-based signatures are known to be complicated to deploy in practice due to the need of synchronizing the state, which is critical to the system security. However, I don't remember having ...
Raoul722's user avatar
  • 3,007
5 votes
1 answer
241 views

Over the years, new discoveries have weakened some of the mathematical primitives used in cryptography, like the broken Knapsack cryptosystem, Shor's algorithm, etc. What we believe to be hard ...
Jason Smith's user avatar
  • 225
0 votes
0 answers
53 views

I'm implementing parts of SHA-256 in EasyCrypt and need to define a power function (pow) that I can call from within other operator definitions (such as for logical shift operations). However, when I ...
m Amiri's user avatar
  • 1
3 votes
1 answer
619 views

By SHAKE256_256, I mean taking first 256 bits of the output of SHAKE256 i.e. SHAKE256_256(M) = SHAKE256(M,256) What is the motivation of choosing SHAKE256_256 ...
user's user avatar
  • 323
2 votes
1 answer
745 views

I was reading the SPHINCS+ paper and got confused in the signing with FORS (forest of random subsets) part. I understand how we can sign a message using FORS but I couldn't understand how we choose ...
Andrew's user avatar
  • 43
0 votes
1 answer
152 views

From what I understand, to reduce the time taken for public key generation, you can use nested trees in XMSS to form Multi-tree XMSS. For an instantion of 2 layers, it seems that the leaf of each L ...
João Diogo Duarte's user avatar
  • 25
2 votes
3 answers
305 views

From one-time hash-based signature, one can convert it into 2^d time signature by using Merkle hash tree. However, it seems to be a trick that enables multi-time signing. My question is: is there any ...
DiamondDuck's user avatar
  • 403