Revision as of 13:38, 5 May 2017 edit Cdcdb (talk \| contribs) 130 edits m →References ← Previous edit		Revision as of 13:42, 5 May 2017 edit undo Cdcdb (talk \| contribs) 130 edits No edit summary Next edit →
Line 1: '''Hash-based cryptography''' is the generic term for constructions of [[cryptographic primitive]]s based on the security of hash functions. So far, hash-based cryptography is limited to [[digital signature]]s schemes such as the [[Merkle signature scheme]]. Hash-based signature schemes combine a one-time signature scheme with a [[Merkle tree]] structure. Since a one-time signature scheme key can only sign a single message securely, it is practical to combine many such keys within a single, larger structure. A Merkle tree structure is used to this end. [[Lamport signature]]s are an example of a one-time signature scheme that can be combined with a Merkle tree structure. Hash-based cryptography is a type of [[post-quantum cryptography]]. Hash-based signature schemes rely on security assumptions about the underlying hash function, but any hash function fulfilling these assumptions can be used. As a consequence, each adequate hash function yields a different corresponding hash-based signature scheme. Line 7: ==Hash-based signature schemes== In addition to Merkle's seminal scheme, more recent hash-based signature schemes include the ~~stateful~~ XMSS scheme and the ~~stateless~~SPHINCS scheme. Most hash-based signature schemes are stateful, meaning that signing requires updating the secret key, unlike conventional digital signature schemes. The XMSS scheme is stateful, while the SPHINCS scheme is stateless. ==References==

Hash-based cryptography: Difference between revisions