“Oops, I did it again” – Security of one-time signatures under two-message attacks

L. Groot Bruinderink; A.T. Hülsing

doi:10.1007/978-3-319-72565-9_15

“Oops, I did it again” – Security of one-time signatures under two-message attacks

L. Groot Bruinderink, A.T. Hülsing

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

1 Citation (Scopus)

Abstract

One-time signatures (OTS) are called one-time, because the accompanying security reductions only guarantee security under single-message attacks. However, this does not imply that efficient attacks are possible under two-message attacks. Especially in the context of hash-based OTS (which are basic building blocks of recent standardization proposals) this leads to the question if accidental reuse of a one-time key pair leads to immediate loss of security or to graceful degradation. In this work we analyze the security of the most prominent hash-based OTS, Lamport’s scheme, its optimized variant, and WOTS, under different kinds of two-message attacks. Interestingly, it turns out that the schemes are still secure under two message attacks, asymptotically. However, this does not imply anything for typical parameters. Our results show that for Lamport’s scheme, security only slowly degrades in the relevant attack scenarios and typical parameters are still somewhat secure, even in case of a two-message attack. As we move on to optimized Lamport and its generalization WOTS, security degrades faster and faster, and typical parameters do not provide any reasonable level of security under two-message attacks.

Original language	English
Title of host publication	Selected Areas in Cryptography – SAC 2017
Subtitle of host publication	24th International Conference, Ottawa, ON, Canada, August 16-18, 2017, Revised Selected Papers
Editors	Carlisle Adams , Jan Camenisch
Place of Publication	Cham
Publisher	Springer
Chapter	15
Pages	299-322
Number of pages	24
ISBN (Electronic)	978-3-319-72565-9
ISBN (Print)	978-3-319-72564-2
DOIs	https://doi.org/10.1007/978-3-319-72565-9_15
Publication status	Published - 2018
Event	24th International Conference on Selected Areas in Cryptography (SAC 2017) - Ottawa, Canada Duration: 16 Aug 2017 → 18 Aug 2017 Conference number: 24

Publication series

Name	Lecture Notes in Computer Science
Publisher	Springer
Volume	10719
ISSN (Print)	0302-9743

Name	Security and Cryptology
Publisher	Springer

Conference

Conference	24th International Conference on Selected Areas in Cryptography (SAC 2017)
Abbreviated title	SAC 2017
Country	Canada
City	Ottawa
Period	16/08/17 → 18/08/17

Keywords

Few-time signatures
Hash-based signatures
One-time signatures
Post-quantum cryptography
Two-message attacks

Access to Document

10.1007/978-3-319-72565-9_15

Link to publication in Scopus

Fingerprint Dive into the research topics of '“Oops, I did it again” – Security of one-time signatures under two-message attacks'. Together they form a unique fingerprint.

Cite this

Groot Bruinderink, L., & Hülsing, A. T. (2018). “Oops, I did it again” – Security of one-time signatures under two-message attacks. In C. Adams , & J. Camenisch (Eds.), Selected Areas in Cryptography – SAC 2017: 24th International Conference, Ottawa, ON, Canada, August 16-18, 2017, Revised Selected Papers (pp. 299-322). (Lecture Notes in Computer Science; Vol. 10719), (Security and Cryptology). Cham: Springer. https://doi.org/10.1007/978-3-319-72565-9_15

Groot Bruinderink, L. ; Hülsing, A.T. / “Oops, I did it again” – Security of one-time signatures under two-message attacks. Selected Areas in Cryptography – SAC 2017: 24th International Conference, Ottawa, ON, Canada, August 16-18, 2017, Revised Selected Papers. editor / Carlisle Adams ; Jan Camenisch. Cham : Springer, 2018. pp. 299-322 (Lecture Notes in Computer Science). (Security and Cryptology).

@inproceedings{37619df38e9f48b0a8220e2afbd300be,

title = "“Oops, I did it again” – Security of one-time signatures under two-message attacks",

abstract = "One-time signatures (OTS) are called one-time, because the accompanying security reductions only guarantee security under single-message attacks. However, this does not imply that efficient attacks are possible under two-message attacks. Especially in the context of hash-based OTS (which are basic building blocks of recent standardization proposals) this leads to the question if accidental reuse of a one-time key pair leads to immediate loss of security or to graceful degradation. In this work we analyze the security of the most prominent hash-based OTS, Lamport’s scheme, its optimized variant, and WOTS, under different kinds of two-message attacks. Interestingly, it turns out that the schemes are still secure under two message attacks, asymptotically. However, this does not imply anything for typical parameters. Our results show that for Lamport’s scheme, security only slowly degrades in the relevant attack scenarios and typical parameters are still somewhat secure, even in case of a two-message attack. As we move on to optimized Lamport and its generalization WOTS, security degrades faster and faster, and typical parameters do not provide any reasonable level of security under two-message attacks.",

keywords = "Few-time signatures, Hash-based signatures, One-time signatures, Post-quantum cryptography, Two-message attacks",

author = "{Groot Bruinderink}, L. and A.T. H{\"u}lsing",

year = "2018",

doi = "10.1007/978-3-319-72565-9_15",

language = "English",

isbn = "978-3-319-72564-2",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "299--322",

editor = "{Adams }, {Carlisle } and Jan Camenisch",

booktitle = "Selected Areas in Cryptography – SAC 2017",

address = "Germany",

}

Groot Bruinderink, L & Hülsing, AT 2018, “Oops, I did it again” – Security of one-time signatures under two-message attacks. in C Adams & J Camenisch (eds), Selected Areas in Cryptography – SAC 2017: 24th International Conference, Ottawa, ON, Canada, August 16-18, 2017, Revised Selected Papers. Lecture Notes in Computer Science, vol. 10719, Security and Cryptology, Springer, Cham, pp. 299-322, 24th International Conference on Selected Areas in Cryptography (SAC 2017), Ottawa, Canada, 16/08/17. https://doi.org/10.1007/978-3-319-72565-9_15

“Oops, I did it again” – Security of one-time signatures under two-message attacks. / Groot Bruinderink, L.; Hülsing, A.T.

Selected Areas in Cryptography – SAC 2017: 24th International Conference, Ottawa, ON, Canada, August 16-18, 2017, Revised Selected Papers. ed. / Carlisle Adams ; Jan Camenisch. Cham : Springer, 2018. p. 299-322 (Lecture Notes in Computer Science; Vol. 10719), (Security and Cryptology).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - “Oops, I did it again” – Security of one-time signatures under two-message attacks

AU - Groot Bruinderink, L.

AU - Hülsing, A.T.

PY - 2018

Y1 - 2018

N2 - One-time signatures (OTS) are called one-time, because the accompanying security reductions only guarantee security under single-message attacks. However, this does not imply that efficient attacks are possible under two-message attacks. Especially in the context of hash-based OTS (which are basic building blocks of recent standardization proposals) this leads to the question if accidental reuse of a one-time key pair leads to immediate loss of security or to graceful degradation. In this work we analyze the security of the most prominent hash-based OTS, Lamport’s scheme, its optimized variant, and WOTS, under different kinds of two-message attacks. Interestingly, it turns out that the schemes are still secure under two message attacks, asymptotically. However, this does not imply anything for typical parameters. Our results show that for Lamport’s scheme, security only slowly degrades in the relevant attack scenarios and typical parameters are still somewhat secure, even in case of a two-message attack. As we move on to optimized Lamport and its generalization WOTS, security degrades faster and faster, and typical parameters do not provide any reasonable level of security under two-message attacks.

AB - One-time signatures (OTS) are called one-time, because the accompanying security reductions only guarantee security under single-message attacks. However, this does not imply that efficient attacks are possible under two-message attacks. Especially in the context of hash-based OTS (which are basic building blocks of recent standardization proposals) this leads to the question if accidental reuse of a one-time key pair leads to immediate loss of security or to graceful degradation. In this work we analyze the security of the most prominent hash-based OTS, Lamport’s scheme, its optimized variant, and WOTS, under different kinds of two-message attacks. Interestingly, it turns out that the schemes are still secure under two message attacks, asymptotically. However, this does not imply anything for typical parameters. Our results show that for Lamport’s scheme, security only slowly degrades in the relevant attack scenarios and typical parameters are still somewhat secure, even in case of a two-message attack. As we move on to optimized Lamport and its generalization WOTS, security degrades faster and faster, and typical parameters do not provide any reasonable level of security under two-message attacks.

KW - Few-time signatures

KW - Hash-based signatures

KW - One-time signatures

KW - Post-quantum cryptography

KW - Two-message attacks

UR - http://www.scopus.com/inward/record.url?scp=85041804020&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-72565-9_15

DO - 10.1007/978-3-319-72565-9_15

M3 - Conference contribution

AN - SCOPUS:85041804020

SN - 978-3-319-72564-2

T3 - Lecture Notes in Computer Science

SP - 299

EP - 322

BT - Selected Areas in Cryptography – SAC 2017

A2 - Adams , Carlisle

A2 - Camenisch, Jan

PB - Springer

CY - Cham

ER -

Groot Bruinderink L , Hülsing AT. “Oops, I did it again” – Security of one-time signatures under two-message attacks. In Adams C, Camenisch J, editors, Selected Areas in Cryptography – SAC 2017: 24th International Conference, Ottawa, ON, Canada, August 16-18, 2017, Revised Selected Papers. Cham: Springer. 2018. p. 299-322. (Lecture Notes in Computer Science). (Security and Cryptology). https://doi.org/10.1007/978-3-319-72565-9_15