Paper 2024/591

Hash your Keys before Signing: BUFF Security of the Additional NIST PQC Signatures

Thomas Aulbach, University of Regensburg
Samed Düzlü, University of Regensburg
Michael Meyer, University of Regensburg
Patrick Struck, University of Konstanz
Maximiliane Weishäupl, University of Regensburg

In this work, we analyze the so-called Beyond UnForgeability Features (BUFF) security of the submissions to the current standardization process of additional signatures by NIST. The BUFF notions formalize security against maliciously generated keys and have various real-world use cases, where security can be guaranteed despite misuse potential on a protocol level. Consequently, NIST declared the security against the BUFF notions as desirable features. Despite NIST's interest, only $6$ out of $40$ schemes consider BUFF security at all, but none give a detailed analysis. We close this gap by analyzing the schemes based on codes, isogenies, lattices, and multivariate equations. The results vary from schemes that achieve neither notion (e.g., Wave) to schemes that achieve all notions (e.g., PROV). In particular, we dispute certain claims by SQUIRRELS and VOX regarding their BUFF security. Resulting from our analysis, we observe that three schemes (CROSS, HAWK and PROV) achieve BUFF security without having the hash of public key and message as part of the signature, as BUFF transformed schemes would have. HAWK and PROV essentially use the lighter PS-3 transform by Pornin and Stern (ACNS'05). We further point out whether this transform suffices for the other schemes to achieve the BUFF notions, with both positive and negative results.

Available format(s)
Public-key cryptography
Publication info
Published elsewhere. Minor revision. PQCrypto 2024
Signature SchemesBUFFAdditional Security Properties
Contact author(s)
thomas aulbach @ ur de
samed duzlu @ ur de
michael @ random-oracles org
patrick struck @ uni-konstanz de
maximiliane weishaeupl @ ur de
2024-04-16: approved
2024-04-16: received
See all versions
Short URL
Creative Commons Attribution-NonCommercial


      author = {Thomas Aulbach and Samed Düzlü and Michael Meyer and Patrick Struck and Maximiliane Weishäupl},
      title = {Hash your Keys before Signing: {BUFF} Security of the Additional {NIST} {PQC} Signatures},
      howpublished = {Cryptology ePrint Archive, Paper 2024/591},
      year = {2024},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.