TY - GEN
T1 - That’s Not My Signature! Fail-Stop Signatures for a Post-quantum World
AU - Boschini, Cecilia
AU - Dahari, Hila
AU - Naor, Moni
AU - Ronen, Eyal
N1 - Publisher Copyright:
© International Association for Cryptologic Research 2024.
PY - 2024
Y1 - 2024
N2 - The Snowden’s revelations kick-started a community-wide effort to develop cryptographic tools against mass surveillance. In this work, we propose to add another primitive to that toolbox: Fail-Stop Signatures (FSS) [49]. FSS are digital signatures enhanced with a forgery-detection mechanism that can protect a computationally bounded signer from more powerful attackers. Despite the fascinating concept, research in this area stalled after the ’90 s. However, the ongoing transition to post-quantum cryptography, with its hiccups due to the novelty of underlying assumptions, has become the perfect use case for FSS. This paper aims to reboot research on FSS with practical use in mind: Our framework for FSS includes “fine-grained” security definitions (that assume a powerful, but bounded adversary e.g.: can break 128-bit of security, but not 256-bit). As an application, we show new FSS constructions for the post-quantum setting. We show that FSS are equivalent to standard, provably secure digital signatures that do not require rewinding or programming random oracles, and that this implies lattice-based FSS. Our main construction is an FSS version of SPHINCS+, which required building FSS versions of all its building blocks: WOTS+, XMSS, and FORS. In the process, we identify and provide generic solutions for two fundamental issues arising when deriving a large number of private keys from a single seed, and when building FSS for Hash-and-Sign-based signatures.
AB - The Snowden’s revelations kick-started a community-wide effort to develop cryptographic tools against mass surveillance. In this work, we propose to add another primitive to that toolbox: Fail-Stop Signatures (FSS) [49]. FSS are digital signatures enhanced with a forgery-detection mechanism that can protect a computationally bounded signer from more powerful attackers. Despite the fascinating concept, research in this area stalled after the ’90 s. However, the ongoing transition to post-quantum cryptography, with its hiccups due to the novelty of underlying assumptions, has become the perfect use case for FSS. This paper aims to reboot research on FSS with practical use in mind: Our framework for FSS includes “fine-grained” security definitions (that assume a powerful, but bounded adversary e.g.: can break 128-bit of security, but not 256-bit). As an application, we show new FSS constructions for the post-quantum setting. We show that FSS are equivalent to standard, provably secure digital signatures that do not require rewinding or programming random oracles, and that this implies lattice-based FSS. Our main construction is an FSS version of SPHINCS+, which required building FSS versions of all its building blocks: WOTS+, XMSS, and FORS. In the process, we identify and provide generic solutions for two fundamental issues arising when deriving a large number of private keys from a single seed, and when building FSS for Hash-and-Sign-based signatures.
KW - Fail-stop signature
KW - SPHINCS+
KW - foundations
KW - hash-based signature
UR - http://www.scopus.com/inward/record.url?scp=85202216056&partnerID=8YFLogxK
U2 - 10.1007/978-3-031-68376-3_4
DO - 10.1007/978-3-031-68376-3_4
M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???
AN - SCOPUS:85202216056
SN - 9783031683756
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 107
EP - 140
BT - Advances in Cryptology – CRYPTO 2024 - 44th Annual International Cryptology Conference, Proceedings
A2 - Reyzin, Leonid
A2 - Stebila, Douglas
PB - Springer Science and Business Media Deutschland GmbH
T2 - 44th Annual International Cryptology Conference, CRYPTO 2024
Y2 - 18 August 2024 through 22 August 2024
ER -