Advanced search
Publication Cover
International Journal of Computer Mathematics: Computer Systems Theory Volume 6, 2021 - Issue 4: Mathematics of Cryptography and Coding in the Quantum Era; Guest Editors: Delaram Kahrobaei, Jean-Francois Biasse, Claude Carlet, Giovanni Di Crescenzo, Maria Isabel González Vasco and Sihem Mesnager
Submit an article Journal homepage
266
Views
1
CrossRef citations to date
0
Altmetric
Mathematics of Cryptography and Coding in the Quantum Era

WalnutDSA™: a group theoretic digital signature algorithm

Iris AnshelVeridify Security, Shelton, CT, USA
,
Derek AtkinsVeridify Security, Shelton, CT, USACorrespondence[email protected]
ORCID Iconhttps://orcid.org/0000-0002-6866-0895
ORCID Icon,
Dorian GoldfeldVeridify Security, Shelton, CT, USA
&
Paul E. GunnellsVeridify Security, Shelton, CT, USA
Pages 260-284 | Received 26 Jun 2020, Accepted 13 Sep 2020, Published online: 02 Nov 2020
 
Sample our Computer Science journals, sign in here to start your access, latest two full volumes FREE to you for 14 days

ABSTRACT

This paper presents an in depth discussion of WalnutDSA, a quantum resistant public-key digital signature method based on the one-way function E-multiplication. A key feature of WalnutDSA is that it provides very efficient means of validating digital signatures which is essential for low-powered and constrained devices. This paper presents an in-depth discussion of the construction of the digital signature algorithm, and delves deeply into the underlying mathematics that facilitates analysing the security of the scheme. When implemented using parameters that defeat all known attacks, WalnutDSA is among the fastest quantum resistant signature verification methods; it performs orders of magnitude faster than ECC, even on low-end embedded hardware. WalnutDSA delivers a 12–25× speed improvement over ECDSA on most platforms, and a 31× speed improvement on a 16-bit microcontroller, making it an ideal solution for low-resource processors found in the Internet of Things (IoT).

Disclosure statement

No potential conflict of interest was reported by the author(s).

Notes

1 For a weak hash H1 and a strong hash H2, which has twice the output size of H1, an attacker would need to find two messages m and m that are preimages to the halves of H2 of the desired forgery and then get the signer to use H1 and sign both m and m. For example, the attacker would need to take his or her desired forged message, hash it using SHA2-256, find two preimages with MD5, get the signer to sign those MD5 preimages, and only then can he or she compose a message that would verify with SHA2-256.

2 In practice 128-bit signatures average around 211 generators, but different rewriting techniques could extend that. Because the braid group is infinite there are many ways to represent the same signature, however all those ways are well beyond the 214 limit.

3 We also think this explains why the Kotov–Menshov–Ushakov attack was as successful as it was.

Reprints and Corporate Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

To request a reprint or corporate permissions for this article, please click on the relevant link below:

Order Reprints Request Corporate Permissions

Academic Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

Obtain permissions instantly via Rightslink by clicking on the button below:

Request Academic Permissions

If you are unable to obtain permissions via Rightslink, please complete and submit this Permissions form. For more information, please visit our Permissions help page.

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.