K-XMSS and K-SPHINCS+: Enhancing Security in Next-Generation Mobile Communication and Internet Systems with Hash Based Signatures Using Korean Cryptography Algorithms
Abstract
:1. Introduction
1.1. Contributions
1.1.1. First Implementation Korean Version of XMSS and SPHINCS
1.1.2. Hash Function Based on Korean Block Cipher
1.2. Extended Version of MobiSec’22
2. Related Works
2.1. eXtended Merkle Signature Scheme (XMSS)
2.1.1. Winternitz One Time Signature (WOTS)
2.1.2. Winternitz One Time Signature Plus (WOTS)
2.2. SPHINCS
- h, d: parameters of Hyper-Tree
- b, k: parameters of FORS
- w: parameter of Winternitz
2.2.1. FORS: Forest of Random Subsets
2.2.2. XMSS
2.3. Hash Function
2.3.1. LSH Hash Function
2.3.2. Hash Function Based on Block Cipher
- LEA Block Cipher LEA is a lightweight block cipher developed in Korea in 2013 to provide confidentiality not only in high-speed environments (e.g., big data and cloud), but also in lightweight environments, (e.g., IoT devices and mobile devices) [25]. The algorithm structure of LEA uses the ARX structure, and encryption proceeds by dividing the input block into four 32-bit. The ARX structure uses Addition, Rotation, and XOR operations.
- CHAM Block Cipher CHAM is a lightweight block cipher announced in ICISC’17 [26]. Subsequently, the revised version of the CHAM Block cipher was announced in ICISC’19 [27]. The revised CHAM differs from the original CHAM only in the number of rounds, and the other specifications are identical. The CHAM has different operations of odd rounds and even rounds. The CHAM of the generalized 4-branch Feistel structure is based on ARX operations.
3. Proposed Method
3.1. Hash Function Based on Block Cipher
Algorithm 1 Tandem DM scheme of hash function based on block cipher |
Input: M (Message), (Message Length) Output: Hash value
|
3.2. K-XMSS
- F: Key encryption hash function; F accepts and returns byte strings of length n using keys of length n.
- H: Encryption hash function; H accepts n-byte keys and byte strings with a length of and returns an n-byte string.
- H: Encryption hash function; H accepts -byte keys and byte strings of arbitrary length and returns n-byte strings.
- PRF: Pseudo-random function; PRF has an n-byte key and a 32-byte index as input and generates pseudo-random value (length n).
- toByte(x, n): n-byte string contains a binary representation of x (in the order of big-endian bytes);
- KEY: Keys with length in bytes.
- M: Strings with length in bytes.
3.2.1. K-XMSS_LSH256
3.2.2. K-XMSS_CHAM
3.2.3. K-XMSS_LEA
3.2.4. K-XMSS_LSH512
3.3. K-SPHINCS
- H: Additional key hash function that can handle messages of arbitrary length.
- PRF: Pseudo-random function for generating pseudo-random keys.
- PRF: Using PRF to generate randomness for message compression.
- F: Second-preimage resistant, undetectable one-way function;
- H: Second-preimage resistant hash function;
- T: Weakable hash functions of the form mapping an -byte message M to an n-byte hash value md;
- R: Random values generated based on messages and SK.prf
- PK.seed: Public seed which is part of the SPHINCS public key.
- PK.root: Top root node which is part of the SPHINCS public key.
- ADRS: 32-byte value representing an address in five defined structures.
- SK.prf: As one of the private key elements, the value used to deterministically generate a randomized value for a randomized message hash.
- Optrand: Value added when making the value of R optionally non-deterministic.
3.3.1. K-SPHINCSLSH256
3.3.2. K-SPHINCSCHAM256
3.3.3. K-SPHINCSLEA256
4. Evaluation
4.1. K-XMSS vs. XMSS
4.2. K-SPHINCS vs. SPHINCS
5. Conclusions
Author Contributions
Funding
Data Availability Statement
Conflicts of Interest
References
- Wang, C.X.; You, X.; Gao, X.; Zhu, X.; Li, Z.; Zhang, C.; Wang, H.; Huang, Y.; Chen, Y.; Haas, H.; et al. On the road to 6G: Visions, requirements, key technologies and testbeds. IEEE Commun. Surv. Tutor. 2023, 25, 905–974. [Google Scholar] [CrossRef]
- Liao, B.; Ali, Y.; Nazir, S.; He, L.; Khan, H.U. Security analysis of IoT devices by using mobile computing: A systematic literature review. IEEE Access 2020, 8, 120331–120350. [Google Scholar] [CrossRef]
- Fu, Z.; Liu, M.; Qin, Y.; Zhang, J.; Zou, Y.; Yin, Q.; Li, Q.; Duan, H. Encrypted Malware Traffic Detection via Graph-based Network Analysis. In Proceedings of the 25th International Symposium on Research in Attacks, Intrusions and Defenses, Limassol, Cyprus, 26–28 October 2022; pp. 495–509. [Google Scholar]
- Kadhim, A.N.; Sadkhan, S.B. Security Threats in Wireless Network Communication-Status, Challenges, and Future Trends. In Proceedings of the 2021 International Conference on Advanced Computer Applications (ACA), Maysan, Iraq, 25–26 July 2021; pp. 176–181. [Google Scholar]
- Rao, S.P.; Chen, H.Y.; Aura, T. Threat modeling framework for mobile communication systems. Comput. Secur. 2023, 125, 103047. [Google Scholar] [CrossRef]
- Yang, P.; Xiao, Y.; Xiao, M.; Li, S. 6G wireless communications: Vision and potential techniques. IEEE Netw. 2019, 33, 70–75. [Google Scholar] [CrossRef]
- Lizama-Pérez, L.A.; Montiel-Arrieta, L.J.; Hernández-Mendoza, F.S.; Lizama-Servín, L.A.; Simancas-Acevedo, E. Public hash signature for mobile network devices. Ing. Investig. Y Tecnol. 2019, 20. [Google Scholar] [CrossRef]
- Buchmann, J.; Dahmen, E.; Szydlo, M. Hash-based digital signature schemes. In Post-Quantum Cryptography; Bernstein, D.J., Buchmann, J., Dahmen, E., Eds.; Springer: Berlin/Heidelberg, Germany, 2009; pp. 35–93. [Google Scholar] [CrossRef]
- Lamport, L. Constructing Digital Signatures from a One-Way Function. Technical Report, Citeseer. 1979. Available online: https://www.microsoft.com/en-us/research/uploads/prod/2016/12/Constructing-Digital-Signatures-from-a-One-Way-Function.pdf (accessed on 21 August 2023).
- Merkle, R.C. A certified digital signature. In Proceedings of the Conference on the Theory and Application of Cryptology; Springer: New York, NY, USA, 1989; pp. 218–238. [Google Scholar]
- Feynman, R.P. Simulating physics with computers. In Feynman and Computation; CRC Press: Boca Raton, FL, USA, 2018; pp. 133–153. [Google Scholar]
- Shor, P.W. Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM Rev. 1999, 41, 303–332. [Google Scholar] [CrossRef]
- Grover, L.K. A fast quantum mechanical algorithm for database search. In Proceedings of the Twenty-Eighth Annual ACM Symposium on Theory of Computing, Philadelphia, PA, USA, 22–24 May 1996; pp. 212–219. [Google Scholar]
- Bernstein, D.J.; Hopwood, D.; Hülsing, A.; Lange, T.; Niederhagen, R.; Papachristodoulou, L.; Schneider, M.; Schwabe, P.; Wilcox-O’Hearn, Z. SPHINCS: Practical stateless hash-based signatures. In Proceedings of the Annual International Conference on the Theory and Applications of Cryptographic Techniques; Springer: Berlin/Heidelberg, Germany, 2015; pp. 368–397. [Google Scholar]
- NIST PQC Project. Available online: https://csrc.nist.gov/Projects/post-quantum-cryptography (accessed on 21 August 2023).
- MobiSec’22. Available online: https://www.manuscriptlink.com/society/kiisc/conference/mobisec2022 (accessed on 21 August 2023).
- Buchmann, J.; Dahmen, E.; Hülsing, A. XMSS-a practical forward secure signature scheme based on minimal security assumptions. In Proceedings of the International Workshop on Post-Quantum Cryptography, Taipei, Taiwan, 29 November–2 December 2011; Springer: Berlin/Heidelberg, Germany, 2011; pp. 117–129. [Google Scholar]
- Merkle, R.C. A digital signature based on a conventional encryption function. In Proceedings of the Conference on the Theory and Application of Cryptographic Techniques; Springer: Berlin/Heidelberg, Germany, 1987; pp. 369–378. [Google Scholar]
- Hülsing, A. W-OTS+–shorter signatures for hash-based signature schemes. In Proceedings of the International Conference on Cryptology in Africa, Cairo, Egypt, 22–24 June 2013; Springer: Berlin/Heidelberg, Germany, 2013; pp. 173–188. [Google Scholar]
- Even, S.; Goldreich, O.; Micali, S. On-line/off-line digital signatures. J. Cryptol. 1996, 9, 35–67. [Google Scholar] [CrossRef]
- Bernstein, D.J.; Hülsing, A.; Kölbl, S.; Niederhagen, R.; Rijneveld, J.; Schwabe, P. The SPHINCS+ signature framework. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, London, UK, 11–15 November 2019; pp. 2129–2146. [Google Scholar]
- Hülsing, A.; Rausch, L.; Buchmann, J. Optimal parameters for XMSS MT. In Proceedings of the International Conference on Availability, Reliability, and Security, Regensburg, Germany, 2–6 September 2013; Springer: Berlin/Heidelberg, Germany, 2013; pp. 194–208. [Google Scholar]
- Kim, D.C.; Hong, D.; Lee, J.K.; Kim, W.H.; Kwon, D. LSH: A new fast secure hash function family. In Proceedings of the International Conference on Information Security and Cryptology, Seoul, Republic of Korea, 3–5 December 2014; Springer: Cham, Switzerland, 2014; pp. 286–313. [Google Scholar]
- Preneel, B.; Govaerts, R.; Vandewalle, J. Hash functions based on block ciphers: A synthetic approach. In Proceedings of the Annual International Cryptology Conference, Santa Barbara, CA, USA, 22–26 August 1993; Springer: Berlin/Heidelberg, Germany, 1993; pp. 368–378. [Google Scholar]
- Hong, D.; Lee, J.K.; Kim, D.C.; Kwon, D.; Ryu, K.H.; Lee, D.G. LEA: A 128-bit block cipher for fast encryption on common processors. In Proceedings of the International Workshop on Information Security Applications, Jeju Island, Republic of Korea, 19–21 August 2013; Springer: Cham, Switzerland, 2013; pp. 3–27. [Google Scholar]
- Koo, B.; Roh, D.; Kim, H.; Jung, Y.; Lee, D.G.; Kwon, D. CHAM: A family of lightweight block ciphers for resource-constrained devices. In Proceedings of the International Conference on Information Security and Cryptology, Seoul, Republic of Korea, 29 November–1 December 2017; Springer: Cham, Switzerland, 2017; pp. 3–25. [Google Scholar]
- Roh, D.; Koo, B.; Jung, Y.; Jeong, I.W.; Lee, D.G.; Kwon, D.; Kim, W.H. Revised version of block cipher CHAM. In Proceedings of the International Conference on Information Security and Cryptology, Seoul, Republic of Korea, 4–6 December 2019; Springer: Cham, Switzerland, 2019; pp. 1–19. [Google Scholar]
- Hülsing, A.; Butin, D.; Gazdag, S.L.; Rijneveld, J.; Mohaisen, A. XMSS: EXtended Merkle Signature Scheme. RFC 8391, IRTF. 2018. Available online: https://datatracker.ietf.org/doc/html/rfc8391 (accessed on 21 August 2023).
- Ducas, L.; Kiltz, E.; Lepoint, T.; Lyubashevsky, V.; Schwabe, P.; Seiler, G.; Stehlé, D. Crystals-dilithium: A lattice-based digital signature scheme. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2018, 2018, 238–268. [Google Scholar] [CrossRef]
- Crystals-Dilithium. Available online: https://pq-crystals.org/dilithium/index.shtml (accessed on 21 August 2023).
Symbols | Descriptions |
---|---|
w | Winternitz parameter (w); Power of two; 16 in XMSS. |
l | Length in bytes |
c | Hash function chain |
h | Hash function |
C | Checksum |
m | Length of binary message |
r | Randomization elements; r = (, ⋯, ) |
Algorithm | Keygen | Sign | Verify | |||
---|---|---|---|---|---|---|
sec | cc | cc [mid] | cc [avg] | cc [mid] | cc [avg] | |
LSH | 1.49 | 3875.89 | 5.91 | 8.36 | 2.09 | 2.14 |
SHAKE | 1.50 | 3893.99 | 5.62 | 8.20 | 2.16 | 2.23 |
SHA2 | 3.53 | 9168.19 | 13.54 | 19.13 | 4.62 | 4.63 |
CHAM | 5.97 | 15,507.85 | 22.66 | 32.19 | 10.61 | 10.47 |
LEA | 13.22 | 34,369.08 | 49.80 | 69.02 | 16.47 | 16.73 |
Algorithm | Keygen | Sign | Verify | |||
---|---|---|---|---|---|---|
sec | cc | cc [mid] | cc [avg] | cc [mid] | cc [avg] | |
LSH | 2.96 | 7668.84 | 11.57 | 16.21 | 3.83 | 3.95 |
SHAKE | 6.19 | 16,043.76 | 28.40 | 36.00 | 8.07 | 8.15 |
SHA2 | 7.22 | 18,710.56 | 27.47 | 39.19 | 9.58 | 9.79 |
Algorithm | Keygen | Sign | Verify | |||
---|---|---|---|---|---|---|
sec | cc | cc [mid] | cc [avg] | cc [mid] | cc [avg] | |
LSH_256(AVX2) | 0.55 | 1419.14 | 2.14 | 3.01 | 0.90 | 0.95 |
LSH_512(AVX2) | 1.36 | 3548.60 | 5.17 | 7.49 | 1.70 | 1.71 |
Algorithm | Keygen | Sign | Verify | |
---|---|---|---|---|
cc | cc | cc | ||
Dilithium2 | Reference-C | 0.30 | 1.36 | 0.33 |
AVX2 | 0.12 | 0.33 | 0.12 | |
Dilithium3 | Reference-C | 0.54 | 2.35 | 0.52 |
AVX2 | 0.26 | 0.53 | 0.18 | |
Dilithium5 | Reference-C | 0.82 | 2.86 | 0.87 |
AVX2 | 0.30 | 0.64 | 0.28 |
Algorithm | Keygen | Sign | Verify | |||
---|---|---|---|---|---|---|
sec [avg] | cc [mid] | sec [avg] | cc [mid] | sec [avg] | cc [mid] | |
SHA2 | 0.007 | 17.62 | 0.156 | 403.56 | 0.005 | 12.34 |
LSH | 0.007 | 18.45 | 0.174 | 454.15 | 0.004 | 10.48 |
SHAKE | 0.011 | 27.09 | 0.209 | 520.71 | 0.006 | 14.76 |
HARAKA | 0.010 | 27.09 | 0.251 | 636.09 | 0.007 | 18.01 |
CHAM | 0.035 | 90.85 | 0.598 | 1560.11 | 0.017 | 43.68 |
LEA | 0.068 | 171.08 | 1.334 | 3424.09 | 0.037 | 94.09 |
Algorithm | Keygen | Sign | Verify | |||
---|---|---|---|---|---|---|
sec [avg] | cc [mid] | sec [avg] | cc [mid] | sec [avg] | cc [mid] | |
LSH_256(AVX2) | 0.002 | 6.06 | 0.051 | 129.54 | 0.001 | 3.49 |
Scheme | Public Key (Byte) | Private Key (Byte) | Signature Size (Byte) |
---|---|---|---|
XMSS_10_256 | 64 | 1373 | 2500 |
K-XMSS_10_256 | |||
XMSS_10_512 | 128 | 2653 | 9092 |
K-XMSS_10_512 | |||
SPINCS+_10_256 | 64 | 128 | 49,856 |
K-SPINCS+_10_256 |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2023 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Sim, M.; Eum, S.; Song, G.; Yang, Y.; Kim, W.; Seo, H. K-XMSS and K-SPHINCS+: Enhancing Security in Next-Generation Mobile Communication and Internet Systems with Hash Based Signatures Using Korean Cryptography Algorithms. Sensors 2023, 23, 7558. https://doi.org/10.3390/s23177558
Sim M, Eum S, Song G, Yang Y, Kim W, Seo H. K-XMSS and K-SPHINCS+: Enhancing Security in Next-Generation Mobile Communication and Internet Systems with Hash Based Signatures Using Korean Cryptography Algorithms. Sensors. 2023; 23(17):7558. https://doi.org/10.3390/s23177558
Chicago/Turabian StyleSim, Minjoo, Siwoo Eum, Gyeongju Song, Yujin Yang, Wonwoong Kim, and Hwajeong Seo. 2023. "K-XMSS and K-SPHINCS+: Enhancing Security in Next-Generation Mobile Communication and Internet Systems with Hash Based Signatures Using Korean Cryptography Algorithms" Sensors 23, no. 17: 7558. https://doi.org/10.3390/s23177558
APA StyleSim, M., Eum, S., Song, G., Yang, Y., Kim, W., & Seo, H. (2023). K-XMSS and K-SPHINCS+: Enhancing Security in Next-Generation Mobile Communication and Internet Systems with Hash Based Signatures Using Korean Cryptography Algorithms. Sensors, 23(17), 7558. https://doi.org/10.3390/s23177558