TY - GEN
T1 - Revisiting the Constant-Sum Winternitz One-Time Signature with Applications to SPHINCS+ and XMSS
AU - Zhang, Kaiyi
AU - Cui, Hongrui
AU - Yu, Yu
N1 - Publisher Copyright:
© 2023, International Association for Cryptologic Research.
PY - 2023
Y1 - 2023
N2 - Hash-based signatures offer a conservative alternative to post-quantum signatures with arguably better-understood security than other post-quantum candidates. As a core building block of hash-based signatures, the efficiency of one-time signature (OTS) largely dominates that of hash-based signatures. The WOTS+ signature scheme (Africacrypt 2013) is the current state-of-the-art OTS adopted by the signature schemes standardized by NIST—XMSS, LMS, and SPHINCS+. A natural question is whether there is (and how much) room left for improving one-time signatures (and thus standard hash-based signatures). In this paper, we show that WOTS+ one-time signature, when adopting the constant-sum encoding scheme (Bos and Chaum, Crypto 1992), is size-optimal not only under Winternitz’s OTS framework, but also among all tree-based OTS designs. Moreover, we point out a flaw in the DAG-based OTS design previously shown to be size-optimal at Asiacrypt 1996, which makes the constant-sum WOTS+ the most size-efficient OTS to the best of our knowledge. Finally, we evaluate the performance of constant-sum WOTS+ integrated into the SPHINCS+ (CCS 2019) and XMSS (PQC 2011) signature schemes which exhibit certain degrees of improvement in both signing time and signature size.
AB - Hash-based signatures offer a conservative alternative to post-quantum signatures with arguably better-understood security than other post-quantum candidates. As a core building block of hash-based signatures, the efficiency of one-time signature (OTS) largely dominates that of hash-based signatures. The WOTS+ signature scheme (Africacrypt 2013) is the current state-of-the-art OTS adopted by the signature schemes standardized by NIST—XMSS, LMS, and SPHINCS+. A natural question is whether there is (and how much) room left for improving one-time signatures (and thus standard hash-based signatures). In this paper, we show that WOTS+ one-time signature, when adopting the constant-sum encoding scheme (Bos and Chaum, Crypto 1992), is size-optimal not only under Winternitz’s OTS framework, but also among all tree-based OTS designs. Moreover, we point out a flaw in the DAG-based OTS design previously shown to be size-optimal at Asiacrypt 1996, which makes the constant-sum WOTS+ the most size-efficient OTS to the best of our knowledge. Finally, we evaluate the performance of constant-sum WOTS+ integrated into the SPHINCS+ (CCS 2019) and XMSS (PQC 2011) signature schemes which exhibit certain degrees of improvement in both signing time and signature size.
KW - Hash-Based Signature
KW - Post-Quantum Cryptography
KW - SPHINCS
UR - https://www.scopus.com/pages/publications/85173000758
U2 - 10.1007/978-3-031-38554-4_15
DO - 10.1007/978-3-031-38554-4_15
M3 - 会议稿件
AN - SCOPUS:85173000758
SN - 9783031385537
T3 - Lecture Notes in Computer Science
SP - 455
EP - 483
BT - Advances in Cryptology – CRYPTO 2023 - 43rd Annual International Cryptology Conference, CRYPTO 2023, Proceedings
A2 - Handschuh, Helena
A2 - Lysyanskaya, Anna
PB - Springer Science and Business Media Deutschland GmbH
T2 - 43rd Annual International Cryptology Conference, CRYPTO 2023
Y2 - 20 August 2023 through 24 August 2023
ER -