Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.


Threshold Hash-Based Signatures

November 3, 2021


John Kelsey - NIST


Abstract: We show how to construct a threshold version of stateful hash-based signature schemes like those defined in XMSS and LMS. Our techniques assume a trusted dealer and secure point-to-point communications, and are efficient in terms of communications and computation, but do require at least one party to have a large (but practical) amount of storage, and support n-of-n and k-of-n signatures, and also coalition signatures–we can directly define arbitrary coalitions of trustees who are permitted to sign messages. We propose the addition of an untrusted Helper to manage the large storage required without being given access to any secret information. We prove the security of our schemes in a straightforward way, reducing their strength to that of the underlying hash-based signature scheme. Our schemes are quite practical, and substantially decrease the risk of accidental key reuse.

Presented at

Crypto Reading Club talk on 2021-Nov-03

Parent Project

See: Crypto Reading Club

Related Topics

Security and Privacy: cryptography

Created June 29, 2022