post-quantum cryptography and early adoptions in · euro project on quantum technologies •similar...
TRANSCRIPT
![Page 1: Post-quantum cryptography and early adoptions in · Euro project on quantum technologies •Similar range is spent in China •US administration passed a bill on spending $1.275 billion](https://reader033.vdocuments.us/reader033/viewer/2022050307/5f6fedf05ecd5d06b12fac4e/html5/thumbnails/1.jpg)
Post-quantum cryptography and early adoptions in
cryptocurrencies
Andreas HülsingEindhoven University of Technology
Cyber Security Summer School 2019
![Page 2: Post-quantum cryptography and early adoptions in · Euro project on quantum technologies •Similar range is spent in China •US administration passed a bill on spending $1.275 billion](https://reader033.vdocuments.us/reader033/viewer/2022050307/5f6fedf05ecd5d06b12fac4e/html5/thumbnails/2.jpg)
04.07.2019 https://huelsing.net 2
![Page 3: Post-quantum cryptography and early adoptions in · Euro project on quantum technologies •Similar range is spent in China •US administration passed a bill on spending $1.275 billion](https://reader033.vdocuments.us/reader033/viewer/2022050307/5f6fedf05ecd5d06b12fac4e/html5/thumbnails/3.jpg)
The quantum threat
• Shor’s algorithm breaks RSA, (EC)DSA, (EC)DH,…
• Grover’s algorithm asymptotically reduces complexity of brute-force search attacks by a square-root factor.
04.07.2019 https://huelsing.net 3
![Page 4: Post-quantum cryptography and early adoptions in · Euro project on quantum technologies •Similar range is spent in China •US administration passed a bill on spending $1.275 billion](https://reader033.vdocuments.us/reader033/viewer/2022050307/5f6fedf05ecd5d06b12fac4e/html5/thumbnails/4.jpg)
Why care today
• EU launched a one billion Euro project on quantum technologies
• Similar range is spent in China
• US administration passed a bill on spending $1.275 billion US dollar on quantum computing research
• Google, IBM, Microsoft, Alibaba, and others run their own research programs.
04.07.2019 https://huelsing.net 4
![Page 5: Post-quantum cryptography and early adoptions in · Euro project on quantum technologies •Similar range is spent in China •US administration passed a bill on spending $1.275 billion](https://reader033.vdocuments.us/reader033/viewer/2022050307/5f6fedf05ecd5d06b12fac4e/html5/thumbnails/5.jpg)
It‘s a question of risk assessment
04.07.2019 https://huelsing.net 5
![Page 6: Post-quantum cryptography and early adoptions in · Euro project on quantum technologies •Similar range is spent in China •US administration passed a bill on spending $1.275 billion](https://reader033.vdocuments.us/reader033/viewer/2022050307/5f6fedf05ecd5d06b12fac4e/html5/thumbnails/6.jpg)
Real world cryptography development
Develop systems
Analyze securityImplement
systems
Analyze implementation
security
Select best systems and standardize
them
Integrate systems into products & protocols
Role out secure products
04.07.2019 6https://huelsing.net
![Page 7: Post-quantum cryptography and early adoptions in · Euro project on quantum technologies •Similar range is spent in China •US administration passed a bill on spending $1.275 billion](https://reader033.vdocuments.us/reader033/viewer/2022050307/5f6fedf05ecd5d06b12fac4e/html5/thumbnails/7.jpg)
Who would store all encrypted data traffic? That must be expensive!
04.07.2019 https://huelsing.net 7
![Page 8: Post-quantum cryptography and early adoptions in · Euro project on quantum technologies •Similar range is spent in China •US administration passed a bill on spending $1.275 billion](https://reader033.vdocuments.us/reader033/viewer/2022050307/5f6fedf05ecd5d06b12fac4e/html5/thumbnails/8.jpg)
Blockchain? Blockchain!
General quantum computer impact:• Finding hash function inputs such that output
fulfills some property: Squareroot speed-up• Forging digital signatures for (EC-)DSA / RSA:
Exponential speed-up. PoW blockchains: • Can change transactions not yet in a stable block• Quantum miners (more forks)PoS blockchains: • Can change arbitrary blocks! Allows to rewrite
history!
04.07.2019 https://huelsing.net 8
![Page 9: Post-quantum cryptography and early adoptions in · Euro project on quantum technologies •Similar range is spent in China •US administration passed a bill on spending $1.275 billion](https://reader033.vdocuments.us/reader033/viewer/2022050307/5f6fedf05ecd5d06b12fac4e/html5/thumbnails/9.jpg)
Hash-based signatures [Lam79,Mer89]
No new hardness assumptions*
Provably (post-quantum) secure if (post-quantum) securehash function is used
Basic concept extremely easy
Stateful
04.07.2019 https://huelsing.net 9
* We only assume hash functions do not show non-random behaviour.
![Page 10: Post-quantum cryptography and early adoptions in · Euro project on quantum technologies •Similar range is spent in China •US administration passed a bill on spending $1.275 billion](https://reader033.vdocuments.us/reader033/viewer/2022050307/5f6fedf05ecd5d06b12fac4e/html5/thumbnails/10.jpg)
Source: http://hari-cio-8a.blog.ugm.ac.id/files/2013/03/DSA.jpg
Digital Signature
https://huelsing.net 1004.07.2019
![Page 11: Post-quantum cryptography and early adoptions in · Euro project on quantum technologies •Similar range is spent in China •US administration passed a bill on spending $1.275 billion](https://reader033.vdocuments.us/reader033/viewer/2022050307/5f6fedf05ecd5d06b12fac4e/html5/thumbnails/11.jpg)
Basic construction
![Page 12: Post-quantum cryptography and early adoptions in · Euro project on quantum technologies •Similar range is spent in China •US administration passed a bill on spending $1.275 billion](https://reader033.vdocuments.us/reader033/viewer/2022050307/5f6fedf05ecd5d06b12fac4e/html5/thumbnails/12.jpg)
Lamport OTS [Lam79]
Message M = b1,…,bm, OWF H = n bit
SK
PK
Sig
04.07.2019
sk1,0 sk1,1 skm,0 skm,1
pk1,0 pk1,1 pkm,0 pkm,1
H H H H H H
sk1,b1 skm,bm
*
Muxb1 Muxb2 Muxbm
https://huelsing.net 12
![Page 13: Post-quantum cryptography and early adoptions in · Euro project on quantum technologies •Similar range is spent in China •US administration passed a bill on spending $1.275 billion](https://reader033.vdocuments.us/reader033/viewer/2022050307/5f6fedf05ecd5d06b12fac4e/html5/thumbnails/13.jpg)
Security
Theorem:
If H is one-way then LD-OTS is one-time (eu-cma-)secure.
02/07/2019 https://huelsing.net 13
Key pair can be used to sign one message
![Page 14: Post-quantum cryptography and early adoptions in · Euro project on quantum technologies •Similar range is spent in China •US administration passed a bill on spending $1.275 billion](https://reader033.vdocuments.us/reader033/viewer/2022050307/5f6fedf05ecd5d06b12fac4e/html5/thumbnails/14.jpg)
Merkle’s Hash-based Signatures [Mer89]
04.07.2019
OTS
OTS OTS OTS OTS OTS OTS OTS
HH H H H H H H
H H H H
H H
H
PK
SIG = (i=2, , , , , )
OTS
SK
https://huelsing.net 14
![Page 15: Post-quantum cryptography and early adoptions in · Euro project on quantum technologies •Similar range is spent in China •US administration passed a bill on spending $1.275 billion](https://reader033.vdocuments.us/reader033/viewer/2022050307/5f6fedf05ecd5d06b12fac4e/html5/thumbnails/15.jpg)
Security
Theorem:
MSS is (eu-cma-)secure if OTS is a one-time (eu-cma) secure signature scheme and H is a collision resistant hash function.
https://huelsing.net 15
For tree of height h key pair can be used to sign 2h message
04.07.2019
![Page 16: Post-quantum cryptography and early adoptions in · Euro project on quantum technologies •Similar range is spent in China •US administration passed a bill on spending $1.275 billion](https://reader033.vdocuments.us/reader033/viewer/2022050307/5f6fedf05ecd5d06b12fac4e/html5/thumbnails/16.jpg)
Winternitz-OTS[Mer89]
![Page 17: Post-quantum cryptography and early adoptions in · Euro project on quantum technologies •Similar range is spent in China •US administration passed a bill on spending $1.275 billion](https://reader033.vdocuments.us/reader033/viewer/2022050307/5f6fedf05ecd5d06b12fac4e/html5/thumbnails/17.jpg)
Lamport-OTS in MSS
Verification:
1. Verify
2. Verify authenticity of
We can do better!
SIG = (i=2, , , , , )
04.07.2019 https://huelsing.net 17
![Page 18: Post-quantum cryptography and early adoptions in · Euro project on quantum technologies •Similar range is spent in China •US administration passed a bill on spending $1.275 billion](https://reader033.vdocuments.us/reader033/viewer/2022050307/5f6fedf05ecd5d06b12fac4e/html5/thumbnails/18.jpg)
WOTS in MSS
Verification:
1. Compute from
2. Verify authenticity of
Steps 1 + 2 together verify
SIG = (i=2, , , , , )X
04.07.2019 https://huelsing.net 18
![Page 19: Post-quantum cryptography and early adoptions in · Euro project on quantum technologies •Similar range is spent in China •US administration passed a bill on spending $1.275 billion](https://reader033.vdocuments.us/reader033/viewer/2022050307/5f6fedf05ecd5d06b12fac4e/html5/thumbnails/19.jpg)
Function chains
Hash function ℎ ∶ {0,1}𝑛→ {0,1}𝑛
Parameter 𝑤
Chain: 𝑐𝑖 𝑥 = ℎ 𝑐𝑖−1 𝑥 = ℎ ∘ ℎ ∘ ⋯ ∘ ℎ(𝑥)
c0(x) = x
𝑐1(𝑥) = ℎ(𝑥)𝒄𝒘−𝟏(𝑥)
i-times
04.07.2019 https://huelsing.net 19
![Page 20: Post-quantum cryptography and early adoptions in · Euro project on quantum technologies •Similar range is spent in China •US administration passed a bill on spending $1.275 billion](https://reader033.vdocuments.us/reader033/viewer/2022050307/5f6fedf05ecd5d06b12fac4e/html5/thumbnails/20.jpg)
WOTSWinternitz parameter w (usually a power of 2), security
parameter n, message length m, hash function ℎ
Key Generation: Compute 𝑙, sample ℎ𝑘
c0(skl ) = skl
c1(skl ) pkl = cw-1(skl )
c0(sk1) = sk1
c1(sk1)
pk1 = cw-1(sk1)
04.07.2019 https://huelsing.net 20
![Page 21: Post-quantum cryptography and early adoptions in · Euro project on quantum technologies •Similar range is spent in China •US administration passed a bill on spending $1.275 billion](https://reader033.vdocuments.us/reader033/viewer/2022050307/5f6fedf05ecd5d06b12fac4e/html5/thumbnails/21.jpg)
WOTS Signature generation
M
b1 b2 b3 b4 … … … … … … … bm‘ bm‘+1 bm‘+2 … … bl
C
c0(skl ) = skl
pkl = cw-1(skl )
c0(sk1) = sk1pk1 = cw-1(sk1)
σ1=cb1(sk1)
σl =cbl (skl )
Signature:
σ = (σ1, …, σl )
04.07.2019 https://huelsing.net 21
![Page 22: Post-quantum cryptography and early adoptions in · Euro project on quantum technologies •Similar range is spent in China •US administration passed a bill on spending $1.275 billion](https://reader033.vdocuments.us/reader033/viewer/2022050307/5f6fedf05ecd5d06b12fac4e/html5/thumbnails/22.jpg)
WOTS Signature Verification
b1 b2 b3 b4 … … … … … … … bm‘ bm‘+1 bl 1+2 … … bl
pkl
pk1
Signature:
σ = (σ1, …, σl )
σ1
σl
𝒄𝟏 (σ1)
𝒄𝟐(σ1)
𝒄𝟑(σ1)
𝒄𝒘−𝟏−𝒃𝟏 (σ1)
𝒄𝒘−𝟏−𝒃𝒍 (σl )
=?
=?
Verifier knows: M, w
04.07.2019 https://huelsing.net 22
![Page 23: Post-quantum cryptography and early adoptions in · Euro project on quantum technologies •Similar range is spent in China •US administration passed a bill on spending $1.275 billion](https://reader033.vdocuments.us/reader033/viewer/2022050307/5f6fedf05ecd5d06b12fac4e/html5/thumbnails/23.jpg)
Multi-Tree MSSMMM: Tal Malkin, Daniele Micciancio, Sara K. Miner, 2002
CMSS: Johannes Buchmann, Luis Carlos Coronado Garcia, Erik Dahmen, Martin Döring, Elena Klintsevich, 2006
![Page 24: Post-quantum cryptography and early adoptions in · Euro project on quantum technologies •Similar range is spent in China •US administration passed a bill on spending $1.275 billion](https://reader033.vdocuments.us/reader033/viewer/2022050307/5f6fedf05ecd5d06b12fac4e/html5/thumbnails/24.jpg)
Multi-Tree MSS / Hypertree
Uses multiple layers of trees to reduce key generation time
-> Key state generation & stateless signing(= Building one tree on each layer)
Θ 2ℎ → Θ 𝑑2ℎ/𝑑
-> Worst-case stateful signing timesΘ ℎ/2 → Θ ℎ/2𝑑
-> Increases signature size by d-1 one-time signatures
04.07.2019 https://huelsing.net 24
![Page 25: Post-quantum cryptography and early adoptions in · Euro project on quantum technologies •Similar range is spent in China •US administration passed a bill on spending $1.275 billion](https://reader033.vdocuments.us/reader033/viewer/2022050307/5f6fedf05ecd5d06b12fac4e/html5/thumbnails/25.jpg)
XMSSJoint work with Johannes Buchmann, Erik Dahmen
![Page 26: Post-quantum cryptography and early adoptions in · Euro project on quantum technologies •Similar range is spent in China •US administration passed a bill on spending $1.275 billion](https://reader033.vdocuments.us/reader033/viewer/2022050307/5f6fedf05ecd5d06b12fac4e/html5/thumbnails/26.jpg)
XMSS
Tree: Uses bitmasks
Leafs: Use binary treewith bitmasks
OTS: WOTS+
Message digest: Randomized hashing
Collision-resilient
-> signature size halved
H
bi
H
https://huelsing.net 2604.07.2019
![Page 27: Post-quantum cryptography and early adoptions in · Euro project on quantum technologies •Similar range is spent in China •US administration passed a bill on spending $1.275 billion](https://reader033.vdocuments.us/reader033/viewer/2022050307/5f6fedf05ecd5d06b12fac4e/html5/thumbnails/27.jpg)
Standards: XMSS & LMS RFCs
04.07.2019 https://huelsing.net 27
![Page 28: Post-quantum cryptography and early adoptions in · Euro project on quantum technologies •Similar range is spent in China •US administration passed a bill on spending $1.275 billion](https://reader033.vdocuments.us/reader033/viewer/2022050307/5f6fedf05ecd5d06b12fac4e/html5/thumbnails/28.jpg)
XMSS / XMSS-T Implementation
C Implementation, using OpenSSL [HRS16]
Sign (ms) Signature (kB) Public Key (kB)
Secret Key (kB)
Bit Securityclassical/quantum
Comment
XMSS 3.24 2.8 1.3 2.2 236 /118
h = 20,d = 1,
XMSS-T 9.48 2.8 0.064 2.2 256 /128
h = 20,d = 1
XMSS 3.59 8.3 1.3 14.6 196 /98
h = 60,d = 3
XMSS-T 10.54 8.3 0.064 14.6 256 /128
h = 60,d = 3
Intel(R) Core(TM) i7 CPU @ 3.50GHzXMSS-T uses message digest from Internet-DraftAll using SHA2-256, w = 16 and k = 2 https://huelsing.net 28
![Page 29: Post-quantum cryptography and early adoptions in · Euro project on quantum technologies •Similar range is spent in China •US administration passed a bill on spending $1.275 billion](https://reader033.vdocuments.us/reader033/viewer/2022050307/5f6fedf05ecd5d06b12fac4e/html5/thumbnails/29.jpg)
HBS in blockchain applications
![Page 30: Post-quantum cryptography and early adoptions in · Euro project on quantum technologies •Similar range is spent in China •US administration passed a bill on spending $1.275 billion](https://reader033.vdocuments.us/reader033/viewer/2022050307/5f6fedf05ecd5d06b12fac4e/html5/thumbnails/30.jpg)
Early adopters: QRL
• QRL = Quantum Resistant Ledger
• Replaces ECC signatures by XMSS (with SHA2 or SHAKE)
• Adaptive, unbalanced multi-tree mode: Can add "Slaves" -> needs transaction to publish!
• Blockchain used to track index (but warn to also keep track yourself)
04.07.2019 https://huelsing.net 30
![Page 31: Post-quantum cryptography and early adoptions in · Euro project on quantum technologies •Similar range is spent in China •US administration passed a bill on spending $1.275 billion](https://reader033.vdocuments.us/reader033/viewer/2022050307/5f6fedf05ecd5d06b12fac4e/html5/thumbnails/31.jpg)
Why use full MSS?
• Transaction in bitcoin works on full input.
• Why not use a OTS?
• Also seems to increase privacy!
04.07.2019 https://huelsing.net 31
![Page 32: Post-quantum cryptography and early adoptions in · Euro project on quantum technologies •Similar range is spent in China •US administration passed a bill on spending $1.275 billion](https://reader033.vdocuments.us/reader033/viewer/2022050307/5f6fedf05ecd5d06b12fac4e/html5/thumbnails/32.jpg)
Early adopters: IOTA
• Gained (unwanted) popularity due to “rolling their own crypto”. See e.g. http://blog.lekkertech.net/blog/2018/03/07/iota-signatures/ (gets term “WOTS” wrong but still figures out a massive issue)
However:
• Among the first to use plain OTS
• Issue: "used up“ keys
04.07.2019 https://huelsing.net 32
![Page 33: Post-quantum cryptography and early adoptions in · Euro project on quantum technologies •Similar range is spent in China •US administration passed a bill on spending $1.275 billion](https://reader033.vdocuments.us/reader033/viewer/2022050307/5f6fedf05ecd5d06b12fac4e/html5/thumbnails/33.jpg)
04.07.2019 https://huelsing.net 33
![Page 34: Post-quantum cryptography and early adoptions in · Euro project on quantum technologies •Similar range is spent in China •US administration passed a bill on spending $1.275 billion](https://reader033.vdocuments.us/reader033/viewer/2022050307/5f6fedf05ecd5d06b12fac4e/html5/thumbnails/34.jpg)
Things that can get you in trouble
• Transaction in bitcoin (and most other coins) not guaranteed to get into blockchain!• Might have to increase fee -> new transaction -> new signature!
• Branching• Transaction might not get confirmed for a long time! (issue if transaction
„promotes“next key!)
• Might want long term addresses, e.g., for foundations that receive donations.• What if you receive a payment after you used your private key to sign?
04.07.2019 https://huelsing.net 34
![Page 35: Post-quantum cryptography and early adoptions in · Euro project on quantum technologies •Similar range is spent in China •US administration passed a bill on spending $1.275 billion](https://reader033.vdocuments.us/reader033/viewer/2022050307/5f6fedf05ecd5d06b12fac4e/html5/thumbnails/35.jpg)
BPQS [Chalkias,Brown, Hearn, Lillehagen, Nitto, Schroeter, 2018]
• BPQS = Blockchained Post-Quantum Signatures
• Combination of hash-chained scheme (BPQS-FEW)
• And certification chain (sign two pks) (BPQS-EXT)
• BPQS uses a FEW scheme where the last leave is a EXT root.
• BPQS-mixed refers to arbitrary typologies that use as last root a pk of an arbitrary scheme.
04.07.2019 https://huelsing.net 35
Source: [CBHLNS’18]
![Page 36: Post-quantum cryptography and early adoptions in · Euro project on quantum technologies •Similar range is spent in China •US administration passed a bill on spending $1.275 billion](https://reader033.vdocuments.us/reader033/viewer/2022050307/5f6fedf05ecd5d06b12fac4e/html5/thumbnails/36.jpg)
BPQS [Chalkias,Brown, Hearn, Lillehagen, Nitto, Schroeter, 2018]
04.07.2019 https://huelsing.net 36
Source: [CBHLNS’18]
Solves the used-up address issue (to some extend)
![Page 37: Post-quantum cryptography and early adoptions in · Euro project on quantum technologies •Similar range is spent in China •US administration passed a bill on spending $1.275 billion](https://reader033.vdocuments.us/reader033/viewer/2022050307/5f6fedf05ecd5d06b12fac4e/html5/thumbnails/37.jpg)
XNYSS [Hülsing, v.d.Linde, Schwabe, Yarom 2018]
• NY‘89: Proposal of generic BPQS-EXT
• XNYSS = eXtended Naor-Yung signature scheme
• XNYSS: • With each message (= transaction) signature certify k new key pairs
• If something goes wrong, we can use at least k-1 other OTS keys + possibly old back-up keys.
• Wouter’s thesis: Many practical aspects • Nodes can store list of association of long-term keys
and current OTS keys.
• Relation between k and failure probability
04.07.2019 https://huelsing.net 37
Solves long-term address issue
![Page 38: Post-quantum cryptography and early adoptions in · Euro project on quantum technologies •Similar range is spent in China •US administration passed a bill on spending $1.275 billion](https://reader033.vdocuments.us/reader033/viewer/2022050307/5f6fedf05ecd5d06b12fac4e/html5/thumbnails/38.jpg)
Proof-of-Stake blockchains (ongoing research)
• Want forward-secure signature scheme
• XMSS is forward-secure (with FS-PRG)
• Performance might be bottleneck.
04.07.2019 https://huelsing.net 38
![Page 39: Post-quantum cryptography and early adoptions in · Euro project on quantum technologies •Similar range is spent in China •US administration passed a bill on spending $1.275 billion](https://reader033.vdocuments.us/reader033/viewer/2022050307/5f6fedf05ecd5d06b12fac4e/html5/thumbnails/39.jpg)
We can overcome all these issues at once!
04.07.2019 https://huelsing.net 39
![Page 40: Post-quantum cryptography and early adoptions in · Euro project on quantum technologies •Similar range is spent in China •US administration passed a bill on spending $1.275 billion](https://reader033.vdocuments.us/reader033/viewer/2022050307/5f6fedf05ecd5d06b12fac4e/html5/thumbnails/40.jpg)
SPHINCSJoint work with Daniel J. Bernstein, Daira Hopwood, Tanja Lange, Ruben Niederhagen, Louiza Papachristodoulou, Michael Schneider, Peter Schwabe, and Zooko Wilcox-O’Hearn
![Page 41: Post-quantum cryptography and early adoptions in · Euro project on quantum technologies •Similar range is spent in China •US administration passed a bill on spending $1.275 billion](https://reader033.vdocuments.us/reader033/viewer/2022050307/5f6fedf05ecd5d06b12fac4e/html5/thumbnails/41.jpg)
Stateless hash-based signatures [NY89,Gol87,Gol04]
Goldreich’s approach [Gol04]:
Security parameter 𝜆 = 128
Use binary tree as in Merkle, but...
• …for security• pick index i at random;• requires huge tree to avoid index
collisions (e.g., height h = 2𝜆 = 256).
• …for efficiency:• use binary certification tree of OTS key pairs
(= Hypertree with 𝑑 = ℎ),• all OTS secret keys are
generated pseudorandomly.
OTS
OTS OTS
OTS OTS
OTS OTS
OTS OTS
04.07.2019 https://huelsing.net 41
![Page 42: Post-quantum cryptography and early adoptions in · Euro project on quantum technologies •Similar range is spent in China •US administration passed a bill on spending $1.275 billion](https://reader033.vdocuments.us/reader033/viewer/2022050307/5f6fedf05ecd5d06b12fac4e/html5/thumbnails/42.jpg)
SPHINCS [BHH+15]
• Select index pseudo-randomly
• Use a few-time signature key-pair onleaves to sign messages• Few index collisions allowed
• Allows to reduce tree height
• Use hypertree: Use d << h.
04.07.2019 https://huelsing.net 42
![Page 43: Post-quantum cryptography and early adoptions in · Euro project on quantum technologies •Similar range is spent in China •US administration passed a bill on spending $1.275 billion](https://reader033.vdocuments.us/reader033/viewer/2022050307/5f6fedf05ecd5d06b12fac4e/html5/thumbnails/43.jpg)
SPHINCS+
Joint work with Jean-Philippe Aumasson, Daniel J. Bernstein, Christoph Dobraunig, Maria Eichlseder, Scott Fluhrer, Stefan-Lukas Gazdag, Panos Kampanakis, Stefan Kölbl, Tanja Lange, Martin M. Lauridsen, Florian Mendel, Ruben Niederhagen, Christian Rechberger, Joost Rijneveld, Peter Schwabe
![Page 44: Post-quantum cryptography and early adoptions in · Euro project on quantum technologies •Similar range is spent in China •US administration passed a bill on spending $1.275 billion](https://reader033.vdocuments.us/reader033/viewer/2022050307/5f6fedf05ecd5d06b12fac4e/html5/thumbnails/44.jpg)
SPHINCS+ (our NIST submission)
• Strengthened security gives smaller signatures
• Collision- and multi-target attack resilient (XMSS tweakable hash)
• Fixed length signatures
• Small keys, medium size signatures (lv 3: 17kB)
• Sizes can be much smaller if q_sign gets reduced
• The conservative choice
44https://huelsing.net04.07.2019
![Page 45: Post-quantum cryptography and early adoptions in · Euro project on quantum technologies •Similar range is spent in China •US administration passed a bill on spending $1.275 billion](https://reader033.vdocuments.us/reader033/viewer/2022050307/5f6fedf05ecd5d06b12fac4e/html5/thumbnails/45.jpg)
Instantiations (after second round tweaks)• SPHINCS+-SHAKE256-robust
• SPHINCS+-SHAKE256-simple
• SPHINCS+-SHA-256-robust
• SPHINCS+-SHA-256-simple
• SPHINCS+-Haraka-robust
• SPHINCS+-Haraka-simple
45https://huelsing.net04.07.2019
NEW!
NEW!
NEW!
![Page 46: Post-quantum cryptography and early adoptions in · Euro project on quantum technologies •Similar range is spent in China •US administration passed a bill on spending $1.275 billion](https://reader033.vdocuments.us/reader033/viewer/2022050307/5f6fedf05ecd5d06b12fac4e/html5/thumbnails/46.jpg)
Instantiations (small vs fast)
46https://huelsing.net04.07.2019
![Page 47: Post-quantum cryptography and early adoptions in · Euro project on quantum technologies •Similar range is spent in China •US administration passed a bill on spending $1.275 billion](https://reader033.vdocuments.us/reader033/viewer/2022050307/5f6fedf05ecd5d06b12fac4e/html5/thumbnails/47.jpg)
02/07/2019 https://huelsing.net 47
![Page 48: Post-quantum cryptography and early adoptions in · Euro project on quantum technologies •Similar range is spent in China •US administration passed a bill on spending $1.275 billion](https://reader033.vdocuments.us/reader033/viewer/2022050307/5f6fedf05ecd5d06b12fac4e/html5/thumbnails/48.jpg)
Conclusion
• Hash-based signatures can make blockchains post-quantum secure
• Care is needed because...
... Hash-based signatures can make blockchains insecure already inthe classical setting!
04.07.2019 https://huelsing.net 48
![Page 49: Post-quantum cryptography and early adoptions in · Euro project on quantum technologies •Similar range is spent in China •US administration passed a bill on spending $1.275 billion](https://reader033.vdocuments.us/reader033/viewer/2022050307/5f6fedf05ecd5d06b12fac4e/html5/thumbnails/49.jpg)
Thank you!
Questions?
04.07.2019 PAGE 49
For references, literature & longer lectures see https://huelsing.net
https://huelsing.net