Author Archives: Andreas

Internet-Draft on Hash-Based Signatures

We got an Internet-Draft on XMSS out! The first version was published in Spring and presented at the IETF 92 meeting in Dallas. We also had an accompanying report at the NIST workshop on post-quantum cryptography. Our draft was now accepted as a CFRG working group draft. Currently we are working on an update that […]

SPHINCS paper accepted for Eurocrypt 2015

Our paper SPHINCS: practical stateless hash-based signatures got accepted for this year’s Eurocrypt. That’s how every year should begin….

Introducing SPHINCS: Practical stateless hash-based signatures

We did it! We finally came up with a construction that allows us to build a stateless 128-bit quantum-secure hash-based signature scheme with practical speed and sizes. The project was independently started by different groups that found together at some point. In my case Peter Schwabe and myself took a trip to Gizeh after Africacrypt […]

Literature on hash-based signatures

I started to collect all the literature related to hash-based signature schemes here. The list is based on the list by Dan Bernstein from I re-read all the articles and added small summaries of the content that in my eyes is important for hash-based signatures. I also added several articles that I think belong […]

How to manipulate curve standards: a white paper for the black hat

We know how hard it is for agencies to do their work these days. The Snowden revelations and all the related mistrust… Then researchers finally killed Dual EC. So how should they break encrypted Internet traffic to protect the people from all the various dangers out there? We present a solution to make life easier for […]

XMSS code online

Finally! I managed to clean up the XMSS implementation we used for our benchmarks and put it online. I have to admit it took quite a while but the code also includes an implementation of XMSS^MT, i.e. XMSS with tree chaining and an improved algorithm for distributed signature generation. You find the implementation on the code […]


So I decided to start blogging now about new projects, results, papers, and other news; or simply about stuff that I decided not to be important enough to write a whole paper.