Paper 2017/966

Optimal Parameters for XMSS^MT

Andreas Hülsing, Lea Rausch, and Johannes Buchmann

Abstract

We introduce Multi Tree XMSS (XMSS^MT), a hash-based signature scheme that can be used to sign a virtually unlimited number of messages. It is provably forward and hence EU-CMA secure in the standard model and improves key and signature generation times compared to previous schemes. XMSS^MT has --- like all practical hash-based signature schemes --- a lot of parameters that control different trade-offs between security, runtimes and sizes. Using linear optimization, we show how to select provably optimal parameter sets for different use cases.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Published elsewhere. Minor revision. MoCrySEn 2013
DOI
10.1007/978-3-642-40588-4
Keywords
hash-based signaturesparameter selectionlinear optimizationforward secure signaturesimplementation
Contact author(s)
andreas @ huelsing net
History
2017-10-03: received
Short URL
https://ia.cr/2017/966
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2017/966,
      author = {Andreas Hülsing and Lea Rausch and Johannes Buchmann},
      title = {Optimal Parameters for XMSS^MT},
      howpublished = {Cryptology ePrint Archive, Paper 2017/966},
      year = {2017},
      doi = {10.1007/978-3-642-40588-4},
      note = {\url{https://eprint.iacr.org/2017/966}},
      url = {https://eprint.iacr.org/2017/966}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.