Benefits of Using a CMS

Towards Post-Quantum Cryptography

Fugiat dolores ipsum labore aut ullam aut. Quaerat maiores ullam voluptate asperiores sit reiciendis numquam consequatur, consequuntur repellat blanditiis excepturi esse ipsum sapiente reiciendis necessitatibus magnam hic omnis nostrum deserunt, aliquid id deserunt, at rerum at, excepturi est in excepturi excepturq.

And, so, NIST has standardised ML-KEM (FIPS 203), ML-DSA (FIPS 204) and SLH-DSA (FIPS 205). With FIPS 205, we have an alternative for digital signing to ML-DSA, and one which uses a stateless hashing method known as SPHINCS+. But, there’s another NIST standard that also uses hash-based signatures (XMSS).

Recommendation for Stateful Hash-Based Signature Schemes

A digital signature allows for the creation of a signature of a message using a private key to sign it, and a public key to verify it. With a One-Time Signature (OTS) scheme, we can only sign exactly one message securely with a given key pair, while a Many-Time Signature (MTS) system allows for many messages to be signed.

Overall, XMSS is a stateful hash-based method which results in relatively small private and public keys, with fast signature generation and verification, but has relatively slow key generation. Buchmann, Dahmen, and Huelsing outlined XMSS in [1], and it has been standardised in [RFC 8391]. Overall, it uses WOTS+ as its main building block

In this case, we will implement it with wolfCrypt. Overall, hash-based signature methods have relatively slow key generation times, but are fairly fast for signing and verification. For XMSS, the three main implementations are XMSS-SHA2_10_256, XMSS-SHA2_16_256 and XMSS-SHA2_20_256. In terms of key sizes, the public key size is small with 68 bytes, the private key size is 1,343 bytes and the signature size is 2,500 bytes.

Within a public key digital signature method, we will create a key pair with a public key and a private key, and then sign the hash of a message with our private key. This can be then verified with our public key.

Lamport

In 1979, it was Leslie Lamport who defined a method for one-time signatures:

• We create two data sets with 256 random 256-bit numbers (Set A and Set B). These are the private keys (512 values).
• We take the hash of each of the random numbers. This will give 512 hashes and will be the public key.
• We then hash the message and test each bit of the hash (0 … 255). If it is a 0, we use the ith number in Set A, else we use the ith number from
Set B.
• The signature is then 256 random numbers (taken from either Set A or Set B) and the public key is the 512 hashes (of Set A and Set B).

Problem: The major problem with the method needs a new key pair for every message. The solution, defined in 1979, is the usage of Merkle trees.