Digital signatures are the most popular cryptographic primitives in practice. They guarantee the authenticity of data and documents and allow to determine the origin of data. In practice, three digital signature schemes are used: RSA, DSA, and EC_DSA. If all those methods become insecure, the resulting damage will be immense. This situation will occur if it is possible to construct quantum computers with sufficient capacity. It is therefore important to provide alternative digital signature schemes.In the DFG project "Provably secure, efficient and long-term secure variations of the Merkle signature scheme" (GZ: BU 630/19-1), which is the basis of the present application, the hash-based signature scheme XMSS [BDH11] and its extension XMSSMT were developed. Their security was proven, and their efficiency was demonstrated theoretically and practically.The aim of this project is to make XMSS and XMSSMT usable in practice. This will be done in cooperation with the company genua mbH (IT security products) by achieving the following goals:1. Open-source implementation, including handling the statefulness, parameter selection, and side channel analysis,2. Standardization preparation,3. Integration in communications protocols.In the context of achieving the first objective several open problems are to be solved, which enable the integration in the open source libraries OpenSSL (C/C++) and Bouncy Castle (JAVA), and the integration has to be done. The first problem is how to deal with the statefulness of both schemes, which requires that at any time a consistent state exists, without limiting the performance too much. This is not required by the schemes used today. The second problem is the optimization of parameter sets for different platforms. Namely, the schemes have a plurality of parameters, in contrast to traditional schemes. The third problem is the side-channel analysis, which is required for the implementation to be secure.The preparation of standardization includes a RFC draft and a draft for an ISO standardization. It also includes the presentation and discussion of the drafts in the relevant standardization bodies.As part of the work on the third goal, quantum-computer resistant variants of TLS, SSH and S/MIME are developed. This is achieved by integrating XMSS and XMSSMT. It requires the development of appropriate formats and interfaces as well as an implementation.When the three goals are achieved, XMSS and XMSSMT will be usable for common applications.

DFG Programme Research Grants (Transfer Project)

Participating Institution genua
Gesellschaft für Netzwerk- und Unix-Administration mbH