state management for hash based signatures
play

State Management for Hash-Based Signatures David McGrew, Panos - PowerPoint PPT Presentation

Nov 21, 2022 •408 likes •701 views

State Management for Hash-Based Signatures David McGrew, Panos Kampanakis, Scott Fluhrer, Stefan-Lukas Gazdag , Denis Butin, Johannes Buchmann {mcgrew,pkampana,sfmuhrer}@cisco.com stefan-lukas_gazdag@genua.eu

  1. State Management for Hash-Based Signatures � David McGrew, Panos Kampanakis, Scott Fluhrer, Stefan-Lukas Gazdag , Denis Butin, Johannes Buchmann � {mcgrew,pkampana,sfmuhrer}@cisco.com � stefan-lukas_gazdag@genua.eu � {dbutin,buchmann}@cdc.informatik.tu-darmstadt.de SSR 2016

  2. What's so great about HBS? ● Well understood ● Post-Quantum ● No further intractability assumptions other than cryptographic hash functions ● Minimal security requirements feasible � ● Forward secure constructions possible � 12/06/16 2

  3. Intro: Hash-Based Signatures � 0 1 0 1 0 1 signature private key random data random data random data random data random data random data f f f f f f hash hash hash hash hash hash public key 12/06/16 3

  4. Intro: Hash-Based Signatures 12/06/16 4

  5. Statefulness � ● Private key has to be updated – Any copy may reveal secrets – Interrupts may threaten consistency – Key is critical resource – Data to be updated difgers by implementation decisions (Starting from single index to several nodes) 12/06/16 5

  6. How about stateless schemes? � ● SPHINCS (https://sphincs.cr.yp.to/) – Signatures size ~ 41 KB – Slower signing times Sig Size (B) Pub Key Size (B) LMS 2828 100 Defjnitely working for some use cases! XMSS 2820 68 But stateful schemes sometimes still the HSS 8688 112 better choice. XMSS^MT 8392 68 SPHINCS 41k 1056 Similar parameter sets, total height of 30 for LMS and XMSS, 12/06/16 6 total height of 60 for HSS, XMSS^MT and SPHINCS.

  7. How about stateless schemes? � ● SPHINCS (https://sphincs.cr.yp.to/) – Signatures size ~ 41 KB – Slower signing times Defjnitely working for some use cases! But stateful schemes are sometimes still the better choice. 12/06/16 7

  8. What's in line for standardization? � 12/06/16 8

  9. 12/06/16 9

  10. 12/06/16 10 �

  11. 12/06/16 11 �

  12. How can we cope with statefulness? � 12/06/16 12 �

  13. State Synchronization ● Synchronization delay affects performance ● Synchronization failure may occur ● Several copies may exist => Special case of cloning 12/06/16 13 �

  14. 12/06/16 14 The Linux Storage Stack Diagram http://www.thomas-krenn.com/en/wiki/Linux_Storage_Stack_Diagram Created by Werner Fischer and Georg Sc hönberger License: CC-BY-SA 3.0, see http://creativecommons.org/licenses/by-sa/3.0/

  15. 12/06/16 15 The Linux Storage Stack Diagram http://www.thomas-krenn.com/en/wiki/Linux_Storage_Stack_Diagram Created by Werner Fischer and Georg Sc hönberger License: CC-BY-SA 3.0, see http://creativecommons.org/licenses/by-sa/3.0/

  16. A classic digital signature � Scheme = (Key Generation, Signing, Verifjcation) 12/06/16 16 �

  17. A stateful digital signature � Scheme = (Key Generation, Reservation , Signing, Verifjcation) � 12/06/16 17

  18. Reservation ● Keys (pre-) generated in bulk ● Easy access management to critical resource ● Key synchronization and read/write operations alleviated ● Use case specific key pool feasible 12/06/16 18 �

  19. Hierarchical Signatures / Key Reservation � 12/06/16 19

  20. Hierarchical Signatures / Key Reservation � ● Synchronization delay � ● Synchronization failure ● Unintended cloning – Nonvolatile – Volatile 12/06/16 20 �

  21. Hierarchical Signatures / Key Reservation � ● Synchronization delay ● Synchronization failure ● Unintended cloning – Nonvolatile – Volatile 12/06/16 21

  22. Hybrid Scheme and Reservation � 12/06/16 22

  23. Hybrid Scheme and Reservation � ● Synchronization delay � ● Synchronization failure ● Unintended cloning – Nonvolatile – Volatile 12/06/16 23 �

  24. Hybrid Scheme and Reservation � ● Synchronization delay ● Synchronization failure ● Unintended cloning – Nonvolatile – Volatile 12/06/16 24

  25. Hybrid Scheme and Reservation � ● Synchronization delay ● Synchronization failure ● Unintended cloning – Nonvolatile ? – Volatile 12/06/16 25

  26. Hybrid Scheme and Reservation � ● Synchronization delay ● Synchronization failure ● Unintended cloning – Nonvolatile Breaks so much more: – Volatile - Entropy pools and PRNGs - Deterministic IVs and Nonces - Encryption counters - Digital signature seeds - One Time Passwords (OTP) - TCP sequence numbers - ... 12/06/16 26

  27. Conclusion ● First official standards available soon ● Safe deployment / good performance feasible ● Future work: standardization document on HBS deployment 12/06/16 27 �

  28. Any questions? � {mcgrew,pkampana,sfmuhrer}@cisco.com � stefan-lukas_gazdag@genua.eu � {dbutin,buchmann}@cdc.informatik.tu-darmstadt.de � 12/06/16 28 �

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Hash-based signatures Tanja Lange (with some slides by Daniel J. Bernstein) Eindhoven University

Hash-based signatures Tanja Lange (with some slides by Daniel J. Bernstein) Eindhoven University

Hash-based signatures Tanja Lange (with some slides by Daniel J. Bernstein) Eindhoven University of Technology 20 July 2020 Benefits of hash-based signatures Old idea: 1979 Lamport one-time signatures. 1979 Merkle extends to more

659 views • 40 slides
Hash-based signatures Peter Schwabe Radboud University, Nijmegen, The Netherlands June 28, 2018

Hash-based signatures Peter Schwabe Radboud University, Nijmegen, The Netherlands June 28, 2018

Hash-based signatures Peter Schwabe Radboud University, Nijmegen, The Netherlands June 28, 2018 PQCRYPTO Mini-School 2018, Taipei, Taiwan Just one talk on hash-based signatures . . . ? Post-quantum crypto so far 1. Take some hard problem,

1.02k views • 85 slides
Improving Stateless Hash-Based Signatures CT-RSA 2018 Jean-Philippe Aumasson 1 , Guillaume

Improving Stateless Hash-Based Signatures CT-RSA 2018 Jean-Philippe Aumasson 1 , Guillaume

Improving Stateless Hash-Based Signatures CT-RSA 2018 Jean-Philippe Aumasson 1 , Guillaume Endignoux 2 Wednesday 18 th April, 2018 1 Kudelski Security 2 Work done while at Kudelski Security and EPFL 1 Hash-based signatures What are hash-based

370 views • 36 slides
SPHINCS: practical stateless hash-based signatures Daniel J. Bernstein Daira Hopwood Andreas

SPHINCS: practical stateless hash-based signatures Daniel J. Bernstein Daira Hopwood Andreas

SPHINCS: practical stateless hash-based signatures Daniel J. Bernstein Daira Hopwood Andreas Hlsing Tanja Lange Ruben Niederhagen Louiza Papachristodoulou Michael Schneider Peter Schwabe Zooko Wilcox-OHearn 28 April 2015 Hash-based

586 views • 33 slides
SPHINCS: practical stateless hash-based signatures Daniel J. Bernstein Daira Hopwood Andreas H

SPHINCS: practical stateless hash-based signatures Daniel J. Bernstein Daira Hopwood Andreas H

SPHINCS: practical stateless hash-based signatures Daniel J. Bernstein Daira Hopwood Andreas H ulsing Tanja Lange Ruben Niederhagen Louiza Papachristodoulou Michael Schneider Peter Schwabe Zooko Wilcox-OHearn 2 April 2015 Traditional hash-based

288 views • 10 slides
Long-term secure signatures for the IoT Andreas Hlsing Hash-based Signature Schemes [Mer89]

Long-term secure signatures for the IoT Andreas Hlsing Hash-based Signature Schemes [Mer89]

Long-term secure signatures for the IoT Andreas Hlsing Hash-based Signature Schemes [Mer89] Long-term secure Only needs secure hash function Post-quantum Possibility of hash combiners IoT compatible? Only needs secure hash

285 views • 13 slides
Hash-based Signatures Andreas Hlsing Eindhoven University of Technology Executive School on

Hash-based Signatures Andreas Hlsing Eindhoven University of Technology Executive School on

Hash-based Signatures Andreas Hlsing Eindhoven University of Technology Executive School on Post-Quantum Cryptography July 2019, TU Eindhoven Post-Quantum Signatures Lattice, MQ, Coding Signature and/or key sizes 2 y

1.22k views • 101 slides
for hash-based signatures Andreas Hlsing Eindhoven University of Technology The quantum threat

for hash-based signatures Andreas Hlsing Eindhoven University of Technology The quantum threat

Simplified security arguments for hash-based signatures Andreas Hlsing Eindhoven University of Technology The quantum threat Shors algorithm breaks RSA, (EC)DSA, (EC)DH, Grovers algorithm asymptotically reduces complexity of

694 views • 48 slides
Cryptographic Hash Functions Signatures Requirements MD5 and SHA CSS441: Security and

Cryptographic Hash Functions Signatures Requirements MD5 and SHA CSS441: Security and

CSS441 Hash Functions Hash Functions Authentication Cryptographic Hash Functions Signatures Requirements MD5 and SHA CSS441: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by

1.04k views • 24 slides
Digital Signatures Dennis Hofheinz (slides based on slides by Bjrn Kaidel and Gunnar Hartung)

Digital Signatures Dennis Hofheinz (slides based on slides by Bjrn Kaidel and Gunnar Hartung)

Digital Signatures Dennis Hofheinz (slides based on slides by Bjrn Kaidel and Gunnar Hartung) Digital Signatures 2020-03-31 1 Outline Gennaro-Halevi-Rabin signatures Chameleon hash functions Digital Signatures 2020-03-31 2 RSA

627 views • 52 slides
Digital Signatures Dennis Hofheinz (slides based on slides by Bjrn Kaidel and Gunnar Hartung)

Digital Signatures Dennis Hofheinz (slides based on slides by Bjrn Kaidel and Gunnar Hartung)

Digital Signatures Dennis Hofheinz (slides based on slides by Bjrn Kaidel and Gunnar Hartung) Digital Signatures 2020-03-31 1 Outline Gennaro-Halevi-Rabin signatures Chameleon hash functions Digital Signatures 2020-03-31 2 RSA

785 views • 29 slides
Parallel-CFS Strengthening the CFS McEliece-Based Signature Scheme Matthieu Finiasz Digital

Parallel-CFS Strengthening the CFS McEliece-Based Signature Scheme Matthieu Finiasz Digital

Parallel-CFS Strengthening the CFS McEliece-Based Signature Scheme Matthieu Finiasz Digital Signatures The hash and sign paradigm m c slide 1/18 . Any public key encryption can be turned into a signature. Digital Signatures The hash and

759 views • 28 slides
Digital Signatures Dennis Hofheinz (slides based on slides by Bjrn Kaidel and Gunnar Hartung)

Digital Signatures Dennis Hofheinz (slides based on slides by Bjrn Kaidel and Gunnar Hartung)

Digital Signatures Dennis Hofheinz (slides based on slides by Bjrn Kaidel and Gunnar Hartung) Digital Signatures 2020-05-05 1 Outline More on BLS signatures Programmable Hash Functions Waters PHF Digital Signatures 2020-05-05 2

1.3k views • 97 slides
Digital Signatures Dennis Hofheinz (slides based on slides by Bjrn Kaidel and Gunnar Hartung)

Digital Signatures Dennis Hofheinz (slides based on slides by Bjrn Kaidel and Gunnar Hartung)

Digital Signatures Dennis Hofheinz (slides based on slides by Bjrn Kaidel and Gunnar Hartung) Digital Signatures 2020-05-05 1 Outline More on BLS signatures Programmable Hash Functions Waters PHF Digital Signatures 2020-05-05 2

441 views • 13 slides
Digital Signatures Dennis Hofheinz (slides based on slides by Bjrn Kaidel and Gunnar Hartung)

Digital Signatures Dennis Hofheinz (slides based on slides by Bjrn Kaidel and Gunnar Hartung)

Digital Signatures Dennis Hofheinz (slides based on slides by Bjrn Kaidel and Gunnar Hartung) Digital Signatures 2020-03-17 1 Outline RSA-based signature schemes RSA-FDH: Full Domain Hash Random Oracle Model RSA-FDH: Security Digital

944 views • 73 slides
Digital Signatures Dennis Hofheinz (slides based on slides by Bjrn Kaidel and Gunnar Hartung)

Digital Signatures Dennis Hofheinz (slides based on slides by Bjrn Kaidel and Gunnar Hartung)

Digital Signatures Dennis Hofheinz (slides based on slides by Bjrn Kaidel and Gunnar Hartung) Digital Signatures 2020-05-12 1 Outline Recap: programmable hash functions Waters PHF Waters signatures Digital Signatures 2020-05-12 2

1.02k views • 71 slides
Scalable Hashing-Based Network Discovery Tara Safavi , Chandra Sripada, Danai Koutra University

Scalable Hashing-Based Network Discovery Tara Safavi , Chandra Sripada, Danai Koutra University

Scalable Hashing-Based Network Discovery Tara Safavi , Chandra Sripada, Danai Koutra University of Michigan, Ann Arbor Networks are everywhere. Airport connections Internet routing Paper citations but are not always directly observed

642 views • 38 slides
G oteborg, 12 May 2004 Corrections, 16 May 2004 Title: The cost of iterator validity

G oteborg, 12 May 2004 Corrections, 16 May 2004 Title: The cost of iterator validity

G oteborg, 12 May 2004 Corrections, 16 May 2004 Title: The cost of iterator validity Speaker: Jyrki Katajainen University of Copenhagen These slides are available at http://www.cphstl.dk/ . Performance Engineering Laboratory c 1

582 views • 25 slides
What's new in MySQL 5.5? Performance/Scale Unleashed Mikael Ronstrm Senior MySQL Architect The

What's new in MySQL 5.5? Performance/Scale Unleashed Mikael Ronstrm Senior MySQL Architect The

<Insert Picture Here> What's new in MySQL 5.5? Performance/Scale Unleashed Mikael Ronstrm Senior MySQL Architect The preceding is intended to outline our general product direction. It is intended for information purposes only, and may

710 views • 38 slides
Hash functions and Cayley graphs: The end of the story ? Christophe Petit UCL Crypto Group Ch.

Hash functions and Cayley graphs: The end of the story ? Christophe Petit UCL Crypto Group Ch.

Hash functions and Cayley graphs: The end of the story ? Christophe Petit UCL Crypto Group Ch. Petit - Paris VI - Nov 2010 1 Microelectronics Laboratory Hash functions H : { 0 , 1 } { 0 , 1 } n UCL Crypto Group Ch. Petit - Paris VI

786 views • 45 slides
July 2019 Disclaimer This management presentation is intended to provide an overview of the

July 2019 Disclaimer This management presentation is intended to provide an overview of the

July 2019 Disclaimer This management presentation is intended to provide an overview of the business of Hut 8 Mining Corp. (Hut 8 or the Company). It has been prepared for information purposes only and does not purport to be complete.

522 views • 23 slides
Generic Views on Data Types Problem Towards a solution Generic Views Detour into GH The

Generic Views on Data Types Problem Towards a solution Generic Views Detour into GH The

Introduction Generic Views on Data Types Problem Towards a solution Generic Views Detour into GH The influence of S. Holdermans 1 J. Jeuring 1 oh 2 A. Rodriguez 1 A. L views Formal definition Validity Implementation 1 Department of

677 views • 56 slides
Research Paper Presentations Generalizing Monads to Arrows (SCP00) Akshay Balvant Kalbhor

Research Paper Presentations Generalizing Monads to Arrows (SCP00) Akshay Balvant Kalbhor

Research Paper Presentations Generalizing Monads to Arrows (SCP00) Akshay Balvant Kalbhor and Ari Zerner A Seamless, Client-centric Programming Model for Type Safe Web Applications (Haskell14) Alex Hedges and Christian Vaughan

220 views • 3 slides
Stack Traces in Haskell Arash Rouhani Chalmers University of Technology Master thesis

Stack Traces in Haskell Arash Rouhani Chalmers University of Technology Master thesis

Stack Traces in Haskell Arash Rouhani Chalmers University of Technology Master thesis presentation March 21, 2014 Contents Motivation Background The attempt in August 2013 Contribution Arash Rouhani Thesis presentation

904 views • 69 slides

More recommend