International Association
for Cryptologic Research

Kemal Bicakci , Informatics Institute, Istanbul Technical University, Securify Information Tech. and Security Training Consulting Ltd.

Kemal Ulker , TOBB University of Economics and Technology, Securify Information Tech. and Security Training Consulting Ltd.

Yusuf Uzunay , Securify Information Tech. and Security Training Consulting Ltd.

Halis Taha Şahin , Informatics Institute, Istanbul Technical University, TÜBİTAK

Muhammed Said Gündoğan , TÜBİTAK

DOI: 10.62056/an59qgxq

URL: https://cic.iacr.org//p/1/2/5

Search ePrint

Search Google

The adversary model of white-box cryptography includes an extreme case where the adversary, sitting at the endpoint, has full access to a cryptographic scheme. Motivating by the fact that most existing white-box implementations focus on symmetric encryption, we present implementations for hash-based signatures so that the security against white-box attackers (who have read-only access to data with a size bounded by a space-hardness parameter M) depends on the availability of a white-box secure cipher (in addition to a general one-way function). We also introduce parameters and key-generation complexity results for white-box secure instantiation of stateless hash-based signature scheme SPHINCS+, one of the NIST selections for quantum-resistant digital signature algorithms, and its older version SPHINCS. We also present a hash tree-based solution for one-time passwords secure in a white-box attacker context. We implement the proposed solutions and share our performance results.