This article was accepted into the corpus but its outbound wikilinks were never NER-processed — typical at the deepest BFS hop or when the run's entity cap was reached. No expansion funnel to show.
| Hash-based signatures | |
|---|---|
| Name | Hash-based signatures |
| Classification | Cryptographic signature scheme |
| Introduced | 1979 |
| Designers | Leslie Lamport, Ralph Merkle, Ronald Rivest |
| Key components | Cryptographic hash functions, Merkle trees, one-time signatures |
| Applications | Software signing, firmware updates, post-quantum cryptography |
Hash-based signatures are a class of digital signature schemes that derive authenticity from the preimage resistance and collision resistance of cryptographic hash functions rather than from number-theoretic assumptions such as those underlying RSA (cryptosystem), Elliptic-curve cryptography, or Diffie–Hellman key exchange. These schemes trace intellectual roots to early work by Leslie Lamport and were refined by Ralph Merkle into practical, tree-structured constructions; they have garnered renewed attention because of concerns about the effects of quantum computing on classical public-key systems and because they rely on conservative primitives studied in standards bodies like NIST and implemented by vendors such as Microsoft and Google.
Hash-based signature schemes use one-way cryptographic hash functions and hash-tree authentication mechanisms to produce signatures that can be verified with a public value derived from repeated hashing. The simplest building block is the one-time pad-inspired one-time signature introduced by Leslie Lamport, later adapted into stateful schemes using Merkle tree authentication introduced by Ralph Merkle, and further into stateless and forward-secure variants influenced by research from institutions like MIT, Stanford University, ETH Zurich, University of Waterloo, and corporate research labs at IBM and Bell Labs. Industry uptake has been motivated by post-quantum initiatives from European Commission, NIST, and national research programs in China, Japan, and South Korea.
Early conceptual work began with Lamport’s one-time constructions in the 1970s, contemporaneous with developments such as RSA (cryptosystem) by Ronald Rivest, Adi Shamir, and Leonard Adleman. In the 1980s, Merkle introduced a tree-based aggregation technique that enabled many one-time keys to be authenticated by a single short public key, a technique that connected to research at Bell Labs and influenced standards-thinking at IETF and academic venues like CRYPTO and EUROCRYPT. Subsequent decades saw refinements by researchers including Oded Goldreich, Shafi Goldwasser, Silvio Micali, Dan Bernstein, Tanja Lange, and Daniel J. Bernstein on constructions, security models, and efficiency, while organizations such as NSA and ENISA periodically evaluated hash-based approaches in the context of post-quantum preparedness. The 2010s and 2020s brought renewed momentum via NIST post-quantum cryptography initiatives, cryptanalysis workshops at USENIX, and implementation efforts at companies including Amazon (company), Red Hat, and OpenSSL Project.
Basic schemes start from a one-time signature like the Lamport scheme and aggregate many one-time keys using a Merkle tree to form a many-time signature system; key examples include Winternitz one-time signature variants, Merkle signature scheme families, and later constructions like XMSS and SPHINCS+. Implementations often use hash primitives standardized by NIST, such as variants of SHA-2 and SHA-3, or functions developed at research institutions like DJB (Daniel J. Bernstein)’s SipHash and the BLAKE family from the NIST hash function competition finalists. Tree-based schemes involve parameters like tree height, Winternitz parameter, and hash-chain length, balancing signature size and key-generation cost—design issues investigated at conferences like ASIACRYPT and journals including Journal of Cryptology.
Security proofs for hash-based signatures reduce unforgeability to hardness assumptions about the underlying hash function family, often expressed as resistance to preimage and collision attacks. Formal reductions and models were developed in theoretical papers by researchers from MIT, UC Berkeley, Princeton University, and Cornell University and presented at venues such as TCC and FOCS. Security properties include existential unforgeability under chosen-message attack (EUF-CMA) in the random-oracle model or standard model depending on construction; analyses reference primitives studied by Claude Shannon and earlier foundational work by Alan Turing on information theory. Resistance to quantum adversaries is derived from the classical hardness of hash inversion contrasted with the known quantum speedups from algorithms by Peter Shor and Lov Grover; in particular, parameter selection often accounts for Grover’s algorithm and recommendations from NIST and research groups at IBM Research.
Practical deployment requires engineering trade-offs among signature size, key generation time, signing time, and state management. Stateful schemes like XMSS and HSS require secure state handling recommended by operational guidance from Google and Mozilla Foundation for software signing, while stateless schemes like SPHINCS+ avoid state at the cost of larger signatures and greater verification cost. Implementations leverage optimized hash primitives developed at RSA Laboratories and in open-source projects such as OpenSSL Project, BoringSSL, and libraries maintained by Linux Foundation collaborators. Hardware acceleration using Intel and ARM (company) processor instructions, and dedicated cryptographic accelerators designed by firms like NVIDIA and AMD can improve throughput; performance evaluations are commonly reported in benchmarks from IETF drafts and measurements by research groups at ETH Zurich and University of Illinois Urbana–Champaign.
Standardization milestones include the publication of RFCs and standards by IETF, NIST, and regional bodies like ETSI, while working groups in ISO and industry consortia such as the Cloud Security Alliance and Internet Engineering Task Force shepherd adoption. Vendors including Microsoft, Google, Apple Inc., and cloud providers like Amazon (company) have prototyped or adopted hash-based signatures for firmware and package signing; government agencies including US Department of Defense and European Commission have examined these schemes in post-quantum transition plans. Open-source projects such as OpenSSH, GnuPG, and package managers maintained by Debian and Fedora Project offer reference integrations and experimental modes.
Limitations include relatively large signature sizes and, for stateful schemes, the operational risk of state compromise; concerns also involve long-term key management relevant to institutions such as National Institute of Standards and Technology and European Union Agency for Cybersecurity. Future directions pursue hybrid deployments with RSA (cryptosystem) and Elliptic-curve cryptography for transitional strategies, improvements in stateless constructions from academic groups at University of Oxford and Univ. of Cambridge, and hardware-supported key stores by firms like Yubico and Thales Group. Ongoing research at venues including Crypto ’26 and workshops at IACR explores compression techniques, tighter security reductions, and integration with protocols standardized by IETF and initiatives by NIST to ensure cryptographic agility in the quantum era.