[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: HSS strength attribute for public key
Something I’m hoping to discuss this afternoon:
I’m trying to decide on the best way to describe the strength of the HSS scheme in the public key. Possibilities are:
Then I need to come up with names for these two attributes:
Case 1) could be something like CKA_HSS_WEAKEST_LEVEL_OTS and CKA_HSS_WEAKEST_LEVEL_LMOTS
Case 2) could be something like CKA_HSS_LOWEST_OTS and CKA_HSS_LOWEST_LMOTS
Case 3) could be something like the log of the probability of a forgery given some predefined conditions, CKA_HSS_STRENGTH could suffice. The problem is calculating it!
Case 4) would just be the CKA_HSS_PARAMS as originally given.
Note: I’m thinking it would be best to avoid saying anything like “LOWEST_LEVEL” anywhere since that could be taken to imply “lowest level in the HSS hierarchy”.
I’m not sure that 1) or 2) fully specify the strength of the scheme. I.e. how can we compare (without a case 3) style calculation) two schemes with the same number of HSS levels, where one has the highest possible LMS and lowest possible LMOTS and the other has the lowest possible LMS and highest possible LMOTS? This is partly why I think 4) might be necessary to give a complete picture of the security level of the scheme. I’m hoping someone with a better understanding of security analysis than me can weigh in on this!
Description: S/MIME cryptographic signature