long term secure signatures
play

Long-term secure signatures for the IoT Andreas Hlsing Hash-based - PowerPoint PPT Presentation

Aug 22, 2023 •150 likes •285 views

Long-term secure signatures for the IoT Andreas Hlsing Hash-based Signature Schemes [Mer89] Long-term secure Only needs secure hash function Post-quantum Possibility of hash combiners IoT compatible? Only needs secure hash

  1. Long-term secure signatures for the IoT Andreas Hülsing

  2. Hash-based Signature Schemes [Mer89] Long-term secure • Only needs secure hash function • Post-quantum • Possibility of hash combiners IoT compatible? • Only needs secure hash function

  3. Lamport-Diffie OTS [Lam79] Message M = b1,…, bm, OWF H = n bit * SK sk 1,0 sk 1,1 sk m,0 sk m,1 H H H H H H PK pk 1,0 pk 1,1 pk m,0 pk m,1 b1 Mux b2 Mux bm Mux Sig sk 1,b1 sk m,bm 6-11-2017 PAGE 3

  4. One-time signatures • Can only be used once • Basic building block • Secret keys can be generated pseudorandomly WOTS + [Hue13] • Shorter signatures • Size-speed trade-off

  5. Chain-based OTS H H H H H H H PK OTS OTS OTS OTS OTS OTS OTS SK

  6. Chain-based OTS [NY89] • Extremely fast signing via „ pebbeling “ • Extremely fast verification of sequential signatures • Small keys • Small sigs (for sequential signatures) • Extremely useful in combination with aggregator • Stateful See e.g. Dahmen, Krauss. Short Hash-Based Signatures for Wireless Sensor Networks. CANS 2009.

  7. Merkle’s signature scheme PK SIG = ( i=2 , , , , , ) H H H OTS H H H H H H H H H H H H OTS OTS OTS OTS OTS OTS OTS OTS SK 6-11-2017 PAGE 7

  8. Merkle‘s signature scheme • Fast signing via „tree traversal algorithms“ • Extremely fast verification • Small keys • Medium size sigs • Stateful Latest: XMSS-T (Hülsing, Rijneveld, Song. Mitigating Multi-Target Attacks in Hash-based Signatures . PKC ‘16)

  9. Multi-Tree XMSS [MMM02] Uses multiple layers of trees -> Key generation (= Building first tree on each layer) Θ ( 2 h ) → Θ ( d* 2 h/d ) -> Allows to reduce worst-case signing times Θ ( h/2 ) → Θ ( h/2d )

  10. SPHINCS [BHH + 15] • Stateless Scheme • XMSS MT + HORST + (pseudo-)random index • Collision-resilient • Deterministic signing • SPHINCS-256: • 128-bit post-quantum secure • Hundrest of signatures / sec • 41 kb signature • 1 kb keys

  11. Performance on small devices • STM32L100C development board: Cortex M3, 32MHz, 32-bit architecture, 256KB Flash, 16KB RAM KeyGen Sign Verify XMSS MT 278.80s 0.61s 0.16s SPHINCS 0.88s 18.41s 0.51s • Issue: SPHINCS sigs (41KB) don‘t fit single APDU

  12. Future • XMSS Internet Draft in IRSG poll • At least two SPHINCS submissions for NIST • Faster / smaller signatures • Several works on dedicated hash functions (Haraka, Siempira)

  13. Thank you! Questions? 9-10-2017 PAGE 13

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Introduction to the West Midlands Combined Authority Aims Secure long term investment rather

Introduction to the West Midlands Combined Authority Aims Secure long term investment rather

Introduction to the West Midlands Combined Authority Aims Secure long term investment rather than short term budget allocations to stimulate economic growth for the region Tackle the long term challenges faced by all local authorities and

498 views • 17 slides
Digital Signatures for e-Government Challenges a Long-Term Security Architecture Mediated

Digital Signatures for e-Government Challenges a Long-Term Security Architecture Mediated

Signatures for e-Government Ba skiewicz, Kubiak, Kutyowski Digital Signatures for e-Government Challenges a Long-Term Security Architecture Mediated RSA Floating exponents Strong mRSA Przemysaw Ba skiewicz, Przemysaw

580 views • 20 slides
Long term Sec rit Long-term Security through g Quantum Cryptography D Dominique Unruh i i U

Long term Sec rit Long-term Security through g Quantum Cryptography D Dominique Unruh i i U

Long term Sec rit Long-term Security through g Quantum Cryptography D Dominique Unruh i i U h University of Tartu EWSCS 2011 March 2, 2011 Dominique Unruh Dominique Unruh Recall Recall Long term security: Protocol is secure if L

786 views • 25 slides
RSA-PSS Provable Secure RSA Signatures and their Implementation Overview What is RSA-PSS?

RSA-PSS Provable Secure RSA Signatures and their Implementation Overview What is RSA-PSS?

RSA-PSS Provable Secure RSA Signatures and their Implementation Overview What is RSA-PSS? Why RSA-PSS? Comparing original and standardized PSS Status of Protocols, Standards and Imple- mentations RSA-PSS in X.509

718 views • 19 slides
COMPLETE INVENTORY CONTROL SOLUTIONS WHY INVENTORY SOLUTIONS? Secure long-term contracts

COMPLETE INVENTORY CONTROL SOLUTIONS WHY INVENTORY SOLUTIONS? Secure long-term contracts

COMPLETE INVENTORY CONTROL SOLUTIONS WHY INVENTORY SOLUTIONS? Secure long-term contracts Add Value to your Proposition Promote Partnership Grow business in existing accounts Better service your accounts Get your foot in the

706 views • 58 slides
Tightly Secure Signatures and Public-Key Encryp8on Dennis

Tightly Secure Signatures and Public-Key Encryp8on Dennis

Tightly Secure Signatures and Public-Key Encryp8on Dennis Ho<einz and Tibor Jager Karlsruhe Ins,tute of Technology CRYPTO 2012 1 Tight

477 views • 15 slides
The signatures of long-lived spirals in disk galaxies The signatures of long-lived spirals in disk

The signatures of long-lived spirals in disk galaxies The signatures of long-lived spirals in disk

South Korea 2013 The signatures of long-lived spirals in disk galaxies The signatures of long-lived spirals in disk galaxies The signatures of long-lived spirals in disk galaxies The signatures of long-lived spirals in disk galaxies Eric E.

719 views • 43 slides
Tightly-Secure Signatures from Chameleon Hash Functions NIST, Maryland , PKC 2015 Olivier Blazy 1

Tightly-Secure Signatures from Chameleon Hash Functions NIST, Maryland , PKC 2015 Olivier Blazy 1

Tightly-Secure Signatures from Chameleon Hash Functions NIST, Maryland , PKC 2015 Olivier Blazy 1 , Saqib A. Kakvi 2 , Eike Kiltz 2 , Jiaxin Pan 2 1 University of Limoges, France 2 Ruhr University Bochum, Germany Keywords 1. Signatures 2. Tight

725 views • 44 slides
South Burlington School District Proposed Long-Term Bond Why issue a long term bond? Entities

South Burlington School District Proposed Long-Term Bond Why issue a long term bond? Entities

South Burlington School District Proposed Long-Term Bond Why issue a long term bond? Entities issue long-term bonds to finance long-term infrastructure assets with extended lives. The large dollar cost of these projects can be difficult to

776 views • 16 slides
Long-Term Stewardship of Three Evapotranspirative Covers, 15 years Sue Collins, Long-Term

Long-Term Stewardship of Three Evapotranspirative Covers, 15 years Sue Collins, Long-Term

August 20 23, 2018 Grand Junction, Colorado 2018 Long-Term Stewardship Conference Long-Term Stewardship of Three Evapotranspirative Covers, 15 years Sue Collins, Long-Term Stewardship Program Lead Sandia National Laboratories Track 2.2:

344 views • 17 slides
Long term test of LED Long term test of LED pulsing pulsing Long time LED system stability

Long term test of LED Long term test of LED pulsing pulsing Long time LED system stability

Long term test of LED Long term test of LED pulsing pulsing Long time LED system stability measurement Aging of part of optical system Future plans Jaroslav Zalesak, Jan Smolik Institute of Physics ASCR, Prague Sep 13, 2007 CALICE

298 views • 11 slides
Digital Signatures Dennis Hofheinz (slides based on slides by Bjrn Kaidel) Digital Signatures

Digital Signatures Dennis Hofheinz (slides based on slides by Bjrn Kaidel) Digital Signatures

Digital Signatures Dennis Hofheinz (slides based on slides by Bjrn Kaidel) Digital Signatures 2020-03-03 1 Outline Why assumptions? Efficient one-time signatures Digital Signatures 2020-03-03 2 Recap: Lamport EUF-1-CMA secure

1.14k views • 37 slides
Secure Income REIT Plc 9 March 2018 www.SecureIncomeREIT.co.uk Secure Income REIT Plc is a

Secure Income REIT Plc 9 March 2018 www.SecureIncomeREIT.co.uk Secure Income REIT Plc is a

Secure Income REIT Plc 9 March 2018 www.SecureIncomeREIT.co.uk Secure Income REIT Plc is a specialist UK REIT, selectively investing in key operating real estate assets in defensive sectors that provide long term rental income with inflation

822 views • 60 slides
The Future of Long Term Care in Ontario Adrienne Palmer Ontario Long Term Care Association LTC

The Future of Long Term Care in Ontario Adrienne Palmer Ontario Long Term Care Association LTC

The Future of Long Term Care in Ontario Adrienne Palmer Ontario Long Term Care Association LTC Transformation in Ontario March 2012 Why Not Now? LTC Innovation Report July 2010 released Long Term May 2008 Shirlee Sharkeys

352 views • 16 slides
GFDR 2015 Lo Long-term Finance Cha hapt pter 3: Th The Use of Markets for Long ng-term

GFDR 2015 Lo Long-term Finance Cha hapt pter 3: Th The Use of Markets for Long ng-term

GFDR 2015 Lo Long-term Finance Cha hapt pter 3: Th The Use of Markets for Long ng-term Fina nanc nce GFDR SEMINAR SERIES FEBRUARY 24, 2015 Introduction Lack of long-termfinance: importantand challenging concernin many countries

1.04k views • 57 slides
Antithrombotic Therapy for Long-Term Secondary Prevention Considerations for Long-Term DAPT

Antithrombotic Therapy for Long-Term Secondary Prevention Considerations for Long-Term DAPT

Antithrombotic Therapy for Long-Term Secondary Prevention Considerations for Long-Term DAPT Marc P. Bonaca, MD, MPH Vascular Section, Cardiovascular Division Investigator TIMI Study Group Brigham and Womens Hospital Assistant Professor,

774 views • 60 slides
Bottom-Up and Top-Down Reasoning with Hierarchical Rectified Gaussians Peiyun Hu, UC Irvine

Bottom-Up and Top-Down Reasoning with Hierarchical Rectified Gaussians Peiyun Hu, UC Irvine

Bottom-Up and Top-Down Reasoning with Hierarchical Rectified Gaussians Peiyun Hu, UC Irvine Deva Ramanan, Carnegie Mellon University Inspiration from human vision Top-down Feedback Bottom-Up Feedforward We explore efficient bidirectional

602 views • 14 slides
OTS Technical Advisory Committee Meeting Wednesday, April 4 th , 2018 Meeting Objective The

OTS Technical Advisory Committee Meeting Wednesday, April 4 th , 2018 Meeting Objective The

OTS Technical Advisory Committee Meeting Wednesday, April 4 th , 2018 Meeting Objective The Technical Advisory Committee meeting is intended to provide updates from OTS, and get feedback and suggestions from program Participants of a general

264 views • 24 slides
OTS Technical Advisory Committee Meeting Wednesday, May 24th, 2017 For Audio Dial 416-343-2285

OTS Technical Advisory Committee Meeting Wednesday, May 24th, 2017 For Audio Dial 416-343-2285

OTS Technical Advisory Committee Meeting Wednesday, May 24th, 2017 For Audio Dial 416-343-2285 or 1-877-969-8433 PIN# 4467765 Meeting Objective The Technical Advisory Committee meeting is intended to provide updates from OTS, and get feedback

153 views • 13 slides
Progress and Status of gated IPM collaboration: FY2018 KEK/J-PARC Kenichirou Satou /

Progress and Status of gated IPM collaboration: FY2018 KEK/J-PARC Kenichirou Satou /

US-Japan Meeting on Accelerators and Beam Equipment for High-Intensity Neutrino Beams: 19, 21/03/2019 Progress and Status of gated IPM collaboration: FY2018 KEK/J-PARC Kenichirou Satou / Introduction Issue on gain degradation of MCP

357 views • 21 slides
K-TIME SIGNATURES FOR SMARTGRID MULTICAST NOVEMBER 12, 2014 KELSEY CAIRNS PHD STUDENT,

K-TIME SIGNATURES FOR SMARTGRID MULTICAST NOVEMBER 12, 2014 KELSEY CAIRNS PHD STUDENT,

ANNUAL INDUSTRY WORKSHOP NOVEMBER 12-13, 2014 K-TIME SIGNATURES FOR SMARTGRID MULTICAST NOVEMBER 12, 2014 KELSEY CAIRNS PHD STUDENT, WASHINGTON STATE UNIVERSITY TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.ORG 1 UNIVERSITY

400 views • 11 slides
Coding and Data Compression Mathias Winther Madsen mathias.winther@gmail.com Institute for

Coding and Data Compression Mathias Winther Madsen mathias.winther@gmail.com Institute for

Coding and Data Compression Mathias Winther Madsen mathias.winther@gmail.com Institute for Logic, Language, and Computation University of Amsterdam March 2015 Information Theory E M Y 2 H y x T REASONABLE CAUSES FOR EACH E 2 H x y T

599 views • 21 slides
for Occupational Therapists 1 2 3 . 4 7

for Occupational Therapists 1 2 3 . 4 7

SNOMED CT for Occupational Therapists 1 2 3 . 4 7 1 The Language of Health brochure A good An overview of SNOMED CT HSCIC brochure

285 views • 12 slides
CISC 322 Software Architecture Lecture 14: Design Patterns Emad Shihab Material drawn from

CISC 322 Software Architecture Lecture 14: Design Patterns Emad Shihab Material drawn from

CISC 322 Software Architecture Lecture 14: Design Patterns Emad Shihab Material drawn from [Gamma95, Coplien95] Slides adapted from Spiros Mancoridis and Ahmed E. Hassan Motivation Good designers know not to solve every problem from

934 views • 27 slides

More recommend