SPHINCS$^{+}$ is a state-of-the-art hash based signature scheme, the security of which is either based on SHA-256, SHAKE-256 or on the Haraka hash function. In this work, we perform an in-depth analysis of how the hash functions are embedded into SPHINCS$^+$ and how the quantum pre-image resistance impacts the security of the signature scheme. Subsequently, we evaluate the cost of implementing Grover’s quantum search algorithm to find a pre-image that admits a universal forgery. In particular, we provide quantum implementations of the Haraka and SHAKE-256 hash functions in Q# and consider the efficiency of attacks in the context of fault-tolerant quantum computers. We restrict our findings to SPHINCS$^+$-128 due to the limited securit...
Cryptographers and security experts around the world have been awakened to the reality that one day ...
International audienceWe present the first complete descriptions of quantum circuits for the offline...
Because they require no assumption besides the preimage or collision resistance of hash functions, h...
The majority of currently deployed cryptographic public-key schemes are at risk of becoming insecure...
We introduce SPHINCS-Simpira, which is a variant of the SPHINCS signature scheme with Simpira as a b...
Quantum computing threatens conventional public-key cryptography. In response, standards bodies such...
Post-quantum cryptography is the field of study and development of cryptographic primitives providin...
SPHINCS is a recently proposed stateless hash-based signature scheme and promising candidate for a p...
SPHINCS+ is a signature scheme included in the first NIST post-quantum standard, that bases its secu...
The potential development of large-scale quantum computers is raising concerns among IT and security...
We investigate the cost of Grover's quantum search algorithm when used in the context of pre-image a...
Quantum computing is considered among the next big leaps in computer science. While a fully function...
Cryptography is essential for the security of Internet communication, cars, and implanted medical de...
The potential advent of quantum computers in coming years has motivated security researchers to star...
Symmetric-key cryptography can resist the potential post-quantum attacks expected with the not-so-fa...
Cryptographers and security experts around the world have been awakened to the reality that one day ...
International audienceWe present the first complete descriptions of quantum circuits for the offline...
Because they require no assumption besides the preimage or collision resistance of hash functions, h...
The majority of currently deployed cryptographic public-key schemes are at risk of becoming insecure...
We introduce SPHINCS-Simpira, which is a variant of the SPHINCS signature scheme with Simpira as a b...
Quantum computing threatens conventional public-key cryptography. In response, standards bodies such...
Post-quantum cryptography is the field of study and development of cryptographic primitives providin...
SPHINCS is a recently proposed stateless hash-based signature scheme and promising candidate for a p...
SPHINCS+ is a signature scheme included in the first NIST post-quantum standard, that bases its secu...
The potential development of large-scale quantum computers is raising concerns among IT and security...
We investigate the cost of Grover's quantum search algorithm when used in the context of pre-image a...
Quantum computing is considered among the next big leaps in computer science. While a fully function...
Cryptography is essential for the security of Internet communication, cars, and implanted medical de...
The potential advent of quantum computers in coming years has motivated security researchers to star...
Symmetric-key cryptography can resist the potential post-quantum attacks expected with the not-so-fa...
Cryptographers and security experts around the world have been awakened to the reality that one day ...
International audienceWe present the first complete descriptions of quantum circuits for the offline...
Because they require no assumption besides the preimage or collision resistance of hash functions, h...