Questions tagged [hash-signature]
Signature schemes built out of and based on properties of hash functions. **DO NOT USE THIS TAG** if the signature is based on other hard problems and just happen to employ a hash function.
187 questions
1 vote
0 answers
60 views
How to locate and audit the Layer-3 scrambling (masking/hash/PRNG) function and seed in Pret-a-voter or similar secure voting system source code? [closed]
I am performing a cryptographic audit and reconstruction for a secure voting system inspired by Pret-a-voter. I currently have access to deterministic PRF mapping (Layer-1) and modulo/checksum filter (...
- 11
0 votes
1 answer
57 views
Security impact of partial key knowledge for stateful hash-based signatures
Let us consider a stateful hash-based signature scheme (e.g. LMS or XMSS) with an $n$-bit hash function where each signature is composed of $x$ hash chains. Assuming an attacker has knowledge of $y &...
- 3,007
2 votes
0 answers
41 views
Real world example of stateful hash-based signature failure
Stateful hash-based signatures are known to be complicated to deploy in practice due to the need of synchronizing the state, which is critical to the system security. However, I don't remember having ...
- 3,007
1 vote
1 answer
35 views
Making XMSS^MT stateless
I know this will just sound like reinventing SPHINCS+, but can XMSSMT be made stateless? If the selection of index of the WOTS private key were deterministic, how would that impact the security and ...
- 4,328
0 votes
0 answers
28 views
CNSA 2.0, code signing, and stateful hash-based signatures [duplicate]
Per this blog post and this press release, stateless hash-based digital signature schemes seem to not be approved by CNSA 2.0 for software signing. What's the rationale for this? This strikes me as ...
- 4,328
0 votes
1 answer
154 views
Given five different addresses with a common r, How do I eliminate k and solve for d1 precisely?
I'm kind of confused about this issue of nonce reuse, don't mind me cuz I'm a newbie, ok first let me explain in details my case, I have a peculiar scenario of a nonce reuse different from the normal ...
- 43
0 votes
0 answers
49 views
How can I call a recursively defined operator from another operator in EasyCrypt?
I'm implementing parts of SHA-256 in EasyCrypt and need to define a power function (pow) that I can call from within other operator definitions (such as for logical shift operations). However, when I ...
- 1
0 votes
1 answer
81 views
What are the weaknesses with using a hash with some secret data for basic authentication?
I'm working on a very simple and small embedded device. I don't have access to any signing hardware. I would like to have some basic authentication in place to be able to identify a user when a BLE ...
- 101
3 votes
1 answer
91 views
Would ring signatures help enforce Australia’s social media ban for under-16s?
On the one hand, you want the ban to be effective. On the other, you don't want to share any kind of ID with social media companies, nor expose one's internet traffic in case a government database is ...
- 131
1 vote
1 answer
112 views
How is a Lamport signature implemented in real world scenarios?
I understand the Lamport signature scheme (and its variations) in general, but how is it used? If I want to sign some documents, where do I publish my Lamport public keys? How does someone know where ...
- 239
3 votes
1 answer
344 views
How are signature operations like hashing or concatenating with a message done when the input is an elliptic curve point?
For a Message M, Schnorr Signature steps are Use a scalar $p$ as private key Public key $P = pG$ where G is the generator of an Elliptic Curve Generate random number $q$ & compute $Q = qG$ $c = ...
- 2,428
2 votes
0 answers
535 views
I need a good Hash function for folding 64bits into 32bits. I need to map 64bit variables into a 32bit representation
I am using a murmurhash implementation to fold 64bit (uint64_t) values into 32 bits (uint32_t). To my surprise, I discovered that there were some collisions on 64bit values that only differ by a ...
2 votes
1 answer
297 views
Correct my understanding of Digital Signature Algorithm for TLS certificates?
I just read the Wikipedia page on the Digital Signature Algorithm here: https://en.wikipedia.org/wiki/Digital_Signature_Algorithm Is the signing algorithm explained on the page the one that is used by ...
- 137
0 votes
1 answer
169 views
Is shared secret and SKEYID are same in the IPSec?
I want to know that, is shared secret and SKEYID are same in the IPSec? I knew that from SKEYID, three further keys are generated (derivative, authentication and encryption). But from where this ...
0 votes
1 answer
138 views
Digest Signing for GPG Packages
We're currently using file type-specific signing tools (textsign, helmsign, rpmsign) for GPG packages, creating network strain by transmitting entire packages to a signing server. To optimize this, we'...
- 103