tahoe-lafs/trac-2024-07-25
2
0
Issues 1.1k Wiki Activity

not that XMSS is stateful 

[Imported from Trac: page Bibliography, version 81]
daira 2015-03-25 09:33:16 +00:00
parent 84f9841c16
commit 385d36f69b
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
Bibliography.md

@ -44,7 +44,7 @@ Here are some papers that are potentially of interest.
#### Hash-Based Digital Signatures
* [SPHINCS: practical stateless hash-based signatures](http://sphincs.cr.yp.to/papers.html) by Daniel J. Bernstein, Daira Hopwood, Andreas Hülsing, Tanja Lange, Ruben Niederhagen, Louiza Papachristodoulou, Michael Schneider, Peter Schwabe, and Zooko Wilcox-O'Hearn; "introduces the HORST few-time signature scheme, the SPHINCS many-time signature scheme, and SPHINCS-256". This is the current state-of-the-art in stateless hash-based signatures (but I may be biased --Daira).
* [XMSS - A Practical Forward Secure Signature Scheme based on Minimal Security Assumptions](http://eprint.iacr.org/2011/484) by Buchmann, Dahmen, Hülsing; “the first provably forward secure and practical signature scheme with minimal security requirements: a pseudorandom and a second preimage resistant (hash) function family. Its signature size is reduced to less than 25% compared to the best provably secure hash based signature scheme.”
* [XMSS - A Practical Forward Secure Signature Scheme based on Minimal Security Assumptions](http://eprint.iacr.org/2011/484) by Buchmann, Dahmen, Hülsing; “the first provably forward secure and practical stateful signature scheme with minimal security requirements: a pseudorandom and a second preimage resistant (hash) function family. Its signature size is reduced to less than 25% compared to the best provably secure stateful hash based signature scheme.”
* [Digital Signatures out of Second-Preimage Resistant Hash Functions](http://www.cdc.informatik.tu-darmstadt.de/~dahmen/papers/DOTV08.pdf) by Dahmen, Okeya, Takagi, Vuillame; This scheme is secure as long as the underlying hash function has *second-preimage resistance*, which real hash functions are a lot more likely to have than to have a stronger property like *collision-resistance*.
* [Hash-based Digital Signature Schemes](http://www.cdc.informatik.tu-darmstadt.de/~dahmen/papers/hashbasedcrypto.pdf) by Buchmann, Dahmen, and Szydlo; A survey of why it might be a good idea.
#### Elliptic Curve Cryptography