fosstodon.org is one of the many independent Mastodon servers you can use to participate in the fediverse.
Fosstodon is an invite only Mastodon instance that is open to those who are interested in technology; particularly free & open source software. If you wish to join, contact us for an invite.

Administered by:

Server stats:

11K
active users

#SPHINCS

0 posts0 participants0 posts today
Simon Josefsson<p>OpenSSH and Git on a Post-Quantum SPHINCS+ <a href="https://fosstodon.org/tags/pq" class="mention hashtag" rel="tag">#<span>pq</span></a> <a href="https://fosstodon.org/tags/ssh" class="mention hashtag" rel="tag">#<span>ssh</span></a> <a href="https://fosstodon.org/tags/sphincs" class="mention hashtag" rel="tag">#<span>sphincs</span></a>+ <a href="https://blog.josefsson.org/2024/12/23/openssh-and-git-on-a-post-quantum-sphincs/" target="_blank" rel="nofollow noopener noreferrer" translate="no"><span class="invisible">https://</span><span class="ellipsis">blog.josefsson.org/2024/12/23/</span><span class="invisible">openssh-and-git-on-a-post-quantum-sphincs/</span></a></p>
Markus Kilås 🔏 🇸🇪 🚼 🚼<p>Earlier this week me and the team released <a href="https://chaos.social/tags/SignServer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SignServer</span></a> Community 6.0 with additional Post Quantum support, new REST interface and tons of maintenance under the hood. <a href="https://chaos.social/tags/OpenSource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSource</span></a> <a href="https://chaos.social/tags/DigitalSignatures" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DigitalSignatures</span></a> <a href="https://chaos.social/tags/CodeSigning" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CodeSigning</span></a> <a href="https://chaos.social/tags/PKI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PKI</span></a> <a href="https://chaos.social/tags/PQC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PQC</span></a> <a href="https://chaos.social/tags/Dilithium" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Dilithium</span></a> <a href="https://chaos.social/tags/SPHINCS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SPHINCS</span></a> <a href="https://www.signserver.org/resources/signserver-community-6-is-released/" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">signserver.org/resources/signs</span><span class="invisible">erver-community-6-is-released/</span></a></p>
cynicalsecurity :cm_2:<p>A. Genêt, "On Protecting SPHINCS+ Against Fault Attacks"¹ </p><p>SPHINCS+ is a hash-based digital signature scheme that was selected by NIST in their post-quantum cryptography standardization process. The establishment of a universal forgery on the seminal scheme SPHINCS was shown to be feasible in practice by injecting a fault when the signing device constructs any non-top subtree. Ever since the attack has been made public, little effort was spent to protect the SPHINCS family against attacks by faults. This paper works in this direction in the context of SPHINCS+ and analyzes the current algorithms that aim to prevent fault-based forgeries.</p><p>First, the paper adapts the original attack to SPHINCS+ reinforced with randomized signing and extends the applicability of the attack to any combination of faulty and valid signatures. Considering the adaptation, the paper then presents a thorough analysis of the attack. In particular, the analysis shows that, with high probability, the security guarantees of SPHINCS+ significantly drop when a single random bit flip occurs anywhere in the signing procedure and that the resulting faulty signature cannot be detected with the verification procedure. The paper shows both in theory and experimentally that the countermeasures based on caching the intermediate W-OTS+s offer a marginally greater protection against unintentional faults, and that such countermeasures are circumvented with a tolerable number of queries in an active attack. Based on these results, the paper recommends real-world deployments of SPHINCS+ to implement redundancy checks.</p><p><a href="https://bsd.network/tags/IACR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IACR</span></a> <a href="https://bsd.network/tags/ResearchPapers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ResearchPapers</span></a> <a href="https://bsd.network/tags/SPHINCS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SPHINCS</span></a>+ <a href="https://bsd.network/tags/FaultAttacks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FaultAttacks</span></a> <a href="https://bsd.network/tags/PQSignatures" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PQSignatures</span></a></p><p>__<br>¹ <a href="https://eprint.iacr.org/2023/042" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="">eprint.iacr.org/2023/042</span><span class="invisible"></span></a></p>
heise online (inoffiziell)heise+ | Von der NIST standardisiert: Vier Post-Quanten-Kryptoalgorithmen erklärt<br><br>Die US-Behörde NIST hat vier Post-Quanten-Kryptoalgorithmen zur Standardisierung ausgewählt. Die IT-Welt muss sich nun mit diesen Methoden vertraut machen. <br><a href="https://www.heise.de/hintergrund/Von-der-NIST-standardisiert-Vier-Post-Quanten-Kryptoalgorithmen-erklaert-7240725.html" rel="nofollow noopener noreferrer" target="_blank">Von der NIST standardisiert: Vier Post-Quanten-Kryptoalgorithmen erklärt</a><br>
Diego Cordoba 🇦🇷<p>Van apareciendo los primeros estándares de criptografía post-cuántica del <a href="https://mstdn.io/tags/NIST" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NIST</span></a>!</p><p><a href="https://mstdn.io/tags/kyber" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>kyber</span></a> para cifrado, <a href="https://mstdn.io/tags/Dilithium" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Dilithium</span></a>, <a href="https://mstdn.io/tags/Falcon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Falcon</span></a> y <a href="https://mstdn.io/tags/SPHINCS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SPHINCS</span></a>+ para auth y firma digital.</p><p>La computación cuántica cada vez más lejos de ser una amenaza a la criptografía moderna :-)</p><p><a href="https://www.helpnetsecurity.com/2022/07/06/quantum-resistant-encryption/" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">helpnetsecurity.com/2022/07/06</span><span class="invisible">/quantum-resistant-encryption/</span></a></p>