Paper 2021/968

White-Box Implementations for Hash-Based Signatures and One-Time Passwords

Kemal Bicakci, Kemal Ulker, Yusuf Uzunay, Halis Taha Şahin, and Muhammed Said Gündoğan

Abstract

White-box cryptography challenges the assumption that the end points are trusted and aims at providing protection against an adversary more powerful than the one in the traditional black-box cryptographic model. Most existing white-box implementations focus on symmetric encryption. In particular, we are not aware of any previous work on general-purpose quantum-safe digital signature schemes also secure against white-box attackers. We present white-box implementations for hash-based signatures so that the security against white-box attackers depends on the availability of a white-box secure pseudorandom function (in addition to a general one-way function). We also present a hash tree-based solution for one-time passwords secure in a white-box attacker context. We implement the proposed solutions and share our performance results.

Note: New sections (Section 7: Security Analysis and Space-Hardness of the Schemes and Section 8: Implementation) are added. Other sections are also revised.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Preprint. MINOR revision.
Keywords
white-box cryptographydigital signaturewhite-box signaturequantum-safe signaturehash chainone-time passwordhash tree
Contact author(s)
bicakcikemal @ gmail com
kemalbicakci @ itu edu tr
History
2022-02-28: revised
2021-07-22: received
See all versions
Short URL
https://ia.cr/2021/968
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2021/968,
      author = {Kemal Bicakci and Kemal Ulker and Yusuf Uzunay and Halis Taha Şahin and Muhammed Said Gündoğan},
      title = {White-Box Implementations for Hash-Based Signatures and One-Time Passwords},
      howpublished = {Cryptology ePrint Archive, Paper 2021/968},
      year = {2021},
      note = {\url{https://eprint.iacr.org/2021/968}},
      url = {https://eprint.iacr.org/2021/968}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.