Paper 2022/888

Tweakable Sleeve: A Novel Sleeve Construction based on Tweakable Hash Functions

David Chaum, xx labs
Mario Larangeira, Tokyo Institute of Technology, IOHK
Mario Yaksetig, University of Porto, xx labs

Recently, Chaum et al. (ACNS'21) introduced $\mathcal{S}_{leeve}$, which describes an extra security layer for signature schemes, i.e., ECDSA. This distinctive feature is a new key generation mechanism, allowing users to generate a ''back up key'' securely nested inside the secret key of a signature scheme. Using this novel construction, the ''back up key'', which is secret, can be used to generate a ''proof of ownership'', i.e., only the rightful owner of this secret key can generate such a proof. This design offers a quantum secure fallback, i.e., a brand new quantum resistant signature, ready to be used, nested in the ECDSA secret key. In this work, we rely on the original $\mathcal{S}_{leeve}$ definition to generalize the construction to a modular design based on Tweakable Hash Functions, thus yielding a cleaner design of the primitive. Furthermore, we provide a thorough security analysis taking into account the security of the ECDSA signature scheme, which is lacking in the original work. Finally, we provide an analysis based on formal methods using Verifpal assuring the security guarantees our construction provides.

Available format(s)
Public-key cryptography
Publication info
Published elsewhere. MARBLE 2022
provable security digital wallet hash-based signatures
Contact author(s)
david @ chaum com
mario larangeira @ iohk io
mario yaksetig @ fe up pt
2022-07-07: approved
2022-07-07: received
See all versions
Short URL
No rights reserved


      author = {David Chaum and Mario Larangeira and Mario Yaksetig},
      title = {Tweakable Sleeve: A Novel Sleeve Construction based on Tweakable Hash Functions},
      howpublished = {Cryptology ePrint Archive, Paper 2022/888},
      year = {2022},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.