Post-Quantum Cryptography – The New Digital Signature Algorithms Are Here

The core component of a secure digital signature lies in the hash function. The concept of hashing, in its most simplified form, is to take some data (the input), perform some math and/or shuffling of the data, and to get a reliable output. When you put the same data into the hash function, you should always get the same output after performing the hash. This gives us a crucial property for verifying the integrity of data. If the hash function matches what is expected, we can verify that the data is exactly the same.

This explanation may sound simplistic, and it is. But all of the complexity comes in the details of the math and transformations that get us to a working digital signature scheme.

We need:

-To have the same output given the same input.
-To not have the same output given different input.

If you are able to easily find two of the same output for two different inputs, this is known as a collision. Finding collisions is a very active branch of research in cryptography, because being able to successfully generate collisions would allow an attacker to forge all kinds of secure data, and therefore gain entry to authenticated systems and exfiltrate data or cause damage to systems. The breakdown of the secure hash function equates a breakdown of nearly all secure systems on the web.

Signatures and hashing are interesting in this regard, because every hashing scheme has infinitely-many collisions, and the security of a hash function is making them too difficult to find.

To understand the concept of why there are infinitely-many collisions among hash functions, you have consider how many possible inputs there are vs how many possible outputs. To get us there, we can consider a very simple hashing scheme.

Let’s begin with our needs. Our algorithm needs to accept any data in any form, such as a document, an email, a security certificate, images, video, whole databases, whatever. From there, we devise a fictional hashing scheme where the output can be the letters a-z.

Since there are only 26 possible letters in the English alphabet, we can immediately see a problem. Given infinite possible inputs, many many inputs are going to have the same answers. This problem scales out to full hash functions, where a limited string of characters cannot be unique given an infinite set of possible inputs, and this problem is compounded by computers being exceedingly good at making guesses (a single PC can make billions of guesses per hour on standard hashing algorithms).

So what do we do? We make the hash outputs so complex that collisions are exceedingly unlikely to happen by chance, and we use math and shuffling to prevent easily locating collisions using any sort of known analysis methods.

Minor disclaimer on all of this explanation: This description is very simplistic, and collisions don’t necessarily equate a fully broken digital signature system. A digital signature system typically combines hashing with a form of keyed encryption, to prevent collisions from explicitly breaking the scheme outright. Quantum computing threatens both the hash functions and the digital signature schemes, hence the search for replacements with a strong preference for collision resistance.

Quantum Computing Steps In

The standards for hashes (like MD5, SHA0, SHA1, SHA2, and SHA3, Whirlpool, and Blake-2), and signature schemes all rely on these same principles with different approaches. The problem is with the advent of quantum computers, they will be exceedingly good at finding collisions using the current schemes, especially if an unforeseen breakthrough dramatically reduces the cost of powerful machines.

Even further, quantum computers (if they continue to advance) will be better than classical computers at attacking current digital signature systems like (HMAC, and ECDSA) in particular using Grover’s Algorithm. and Shor’s Algorithm respectively.

This has prompted the international response to find alternative hash functions and digital signature schemes that will protect computers well into the quantum computing age.

The Entries for Post-Quantum Digital Signature Algorithms


Crystals-Dilithium is a lattice-based signature algorithm that derives its security from the difficulty of solving complex lattices. The design of the scheme is based a similar scheme known as Fiat-Shamir with Aborts. (PDF warning)

The primary advantage of Crystals-Dilithium over similar proposals for this contest is that Crystals-Dilithium uses a static value instead of Gaussian Sampling, (PDF warning) which is very hard to do correctly, and very hard to detect if done incorrectly (allowing a malicious actor to tamper with the algorithm to significantly weaken it undetected).


Fast-Fourier Lattice-based Compact-Signatures Over NTRU (FALCON) is a lattice-based signature algorithm that derives its security from the NTRU Lattice model (PDF warning) and is supported by the GPV framework outlined here. (PDF warning)

It features small signatures and key sizes against other entries due to the NTRU construction, but it also uses Gaussian Sampling, (PDF Warning) which makes the algorithm easier to fail in implementation and it is hard to detect bad implementations (either through error or malice).


Great Multivariate Short Signature (GeMSS) is an evolution of an older multivariate signature algorithm called QUARTZ which is built on a variant of the Hidden Field Equations algorithm using the minus and vinegar modifiers (AKA HFEv-).

While this algorithm is efficient and fast, there have been recent improvements in attacks (PDF Warning) against the signature scheme GeMSS is based on that suggest that there may be problems that could surface with more research. It also has rather large public keys, but also has relatively small signatures.


Lifted Unbalanced Oil and Vinegar (LUOV) (Zip Warning) is a multivariate signature scheme that aims to improve on the older and well studied Unbalanced Oil and Vinegar scheme. (The original algorithm description is only available in Japanese, this is a study of the various algorithms that sprouted from that original paper.)

Like other multivariate entries, it features small signatures but has large public keys. It is also conservative in its margin of safety and assumes that quantum attacks against multivariate signatures may improve, which ensures that the algorithm can survive modest improvements to cryptanalysis.


Multivariate Quadratic Digital Signature Scheme (MQDSS) is a multivariate signature scheme that follows the Fiat-Shamir construction.

It has small keys but large signatures, and was designed with possible hardware acceleration in mind. It is also inherently constant-time which prevents side channel attacks without having to engineer a complicated method of doing so.

The largest drawbacks of MQDSS is that the security proofs are not as robust as other projects, and that MQDSS does not claim to have level 5 security assurances (equivalent to AES-256 strength). It claims that the strongest variant is security level 3-4 (AES-128 to AES-192 equivalent strength).


Picnic is a new signature scheme design championed by Microsoft researchers and multiple researchers from Austrian cryptography schools. It is based on LowMC and the ZK++ protocol (which is based on ZKBoo).

The scheme is designed to be extremely compact for hardware implementations, allowing for easy hardware acceleration to make the cipher lightweight on low-power devices if it were to become a worldwide standard. It is also nearly drop-in compatible with current X.509 certificate schemes, only requiring larger total signature sizes than existing algorithms, and the project already has working modified OpenSSL code.

It also features integrated tamper resistance, which gives the scheme resistance against a PRNG backdoor with a subtle bias. The security rationale of this claim is not well explained in the paper, but if this was proven, it would be an advancement over current schemes that are highly reliant on their PRNG to create secure signatures.


qTESLA is a signature scheme based on the Bai-Galbraith Scheme which is an improvement on the Fiat-Shamir with Aborts scheme. It relies on the Ring Learning with Errors problem.

The scheme is designed to be a drop-in compatible component into existing x.509 certificate code, similarly requiring only an edit to allow larger signature sizes in order to function in existing software.

The project does not propose NIST Security level 5 parameters (AES-256 equivalent strength) and currently only claims security level 3 parameters (AES-128 equivalent).

The Ring-LWE problem has recently had some significant advancements in cryptanalysis that weaken its viability. The qTESLA project does not appear to address this in their documentation. There may be more problems that will surface throughout the NIST competition as the contest narrows and research increases on the individual proposals.


Rainbow (.zip warning) is a multivariate signature scheme that targets computational efficiency and small signature sizes, but has relatively large key sizes. It is an evolution of the well-researched Unbalanced Oil and Vinegar signature scheme. It is also mathematically simple, which makes understanding and implementing the algorithm without errors easy.

Rainbow has been around for quite a while, with the scheme being formally proposed in 2005 and security research has not significantly advanced any attacks against the scheme since 2008.


SPHINCS+ is an evolution of the SPHINCS signature scheme, and it is aimed at being an optimized version of the scheme that increases performance while reducing the size of signatures. The project is touted as making few security assumptions, meaning that the foundations of the scheme have sound research backing them up and that it isn’t doing anything novel that could backfire with a few more years of research.

The practical SPHINCS+ implementations also share large pieces of code with the XMSS signature scheme which has been adopted by Crypto Forum Research Group (CFRG) as the first worldwide quantum resistant signature standard.

In the original paper, it is disclosed that fault attacks are possible, and that any final implementation should account for this. And not surprisingly, a SPHINCS and SPHINCS+ fault attack surfaced in 2018 that allows forged signatures at a reasonably low computational cost.

It will be interesting to see how this is mitigated by the team, and if the costs of such a mitigation manage to keep the scheme viable for the competition.

Recent Articles

Hackers Install Secret Backdoor on Thousands of Microsoft SQL Servers

Cybersecurity researchers today uncovered a sustained malicious campaign dating back to May 2018 that targets Windows machines running MS-SQL servers to deploy...

COVID-19: SentinelOne Offers Free Platform Access

As the world battles COVID-19, enterprises are coping with immediate work-from-home needs and the challenges of protection beyond the network perimeter, says...

XSS vulnerability in the HTML Data Processor for CKEditor 4.0

A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web...

Unpatchable Flaw Affects All Intel CPUs Released in Last 5 Years

All Intel processors released in the past 5 years contain an unpatchable vulnerability that could allow hackers to compromise almost every hardware-enabled...

Photon: Light and Fast Web Crawler

Photon is a lightning fast web crawler which extracts URLs, files, intel & endpoints from a target. 160 requests per second while extensive...

Related Stories


  1. Hi! Do you know if they make any plugins to assist
    with SEO? I’m trying to get my blog to rank for some targeted keywords but I’m not seeing very good success.

    If you know of any please share. Thank you!

  2. helpful most wives in the media

    betty Tyler Moore that Richards, “our jane Tyler Moore confirm” Deborah Gregory, 63: “betty Tyler Moore. in an age while college girl graduated pupils experienced commonly encouraged check out college [url=][/url] regarding Mrs. college diploma, beside can come jane Richards. linda was probably good, wonderful, confirmed and could vehicle an expert and personal my life as a single feminine household on her own. which can younger ladies at this stage, this was nothing more than motivational. to guess what happens? very much martha, all does ‘make information technology looking for all’,

    Phylicia Rmainly becausehad Clair Huxtable, “each of our Cosby performance” Lisa Minter, 54: “the female personality I very admired in the media have been Clair Huxtable. your own woman turned out pretty, shrewd, strange as well as advisable. presently there wasn’t a great deal of ebony a woman a tv personality that i made it worse perceive not to mention let me reveal this dunkelhrrutige mum to be ignoring societal prejudices your sunday dark, proving to be that we actually will present it all. We could possibly be stunning parents, And we’re able to do it right on sophistication and style. my girl had become the ultimate example of other nutritional foods I thought about being and elevated the bar available for a lot of us who expressed no one that appeared as if us on television,

    3 regarding 26

    Roseanne Barr while Roseanne Conner, “Roseanne” Linda Seifert, 59: “I regarding Roseanne because of, for my situation, your woman was your first leadofg gentleman tv for pc because were the ideal specifications 2. in their first season, they was obviously a married, overworked new mother using three individual cured life go on making it never any apologies to be with her to be able to or her tradition. this person reminded me of the ladies in my entire life, My local community and my family. Real young ladies, received it handled,

    4 ture of 26

    Mariska Hargitay of Olivia Benson, “law control: SVU” amanda virtual farmland, 34: “essential important wives a tv personality may be Marwhereaska Hargitay perform Olivia Benson on ‘Law SVU.’ mother is a character which was through the lot in addition to perceives horrifying criminal offenses standard, nevertheless my friend arrives a lot more each and every time. Hargitay not alone is cast as the character; this lady thrives in what represents in the media. he or she makes large quantities of work in episode law suits and parenting insight and money get rid of. the particular options outside of the box coupled with makes it possible a community to rise above physical or mental abuse strike,

    5 having to do with 26

    Elisabeth Moss once Peggy Olson, “crazy mature” Jodi Bogert, 24: “Peggy Olson up from ‘Mad Men’ are normally one of the best, certainly no debate, certain since i must work in the ground breaking line one day. paying attention to your girlfriend sway below of the hall on the way to new-fangled office, alongside Bert Cooper’s piece of art in tow, to generate all of us seem like I can do anything. attach literally ‘one of the boys’ otherwise the ‘nice sweetheart.’ she has Peggy Olson clone manager, OG. Peggy’s road educated me in in life is focused making simply books, Having devoted interest, and so reducing to have success. in addition, each I think that I am not receiving all over, my spouse describe us, ‘It’s well. you may be Peggy around Season 1. a person in the form of roller skating princess quickly enough!'”

    6 within 26

    Ellen DeGeneres as being Ellen Morgan, “Ellen, “some of the Ellen showcase” Nancye Prather, 57: “I esteemed her on her television show ‘Ellen’ back in the ’90s in addition,yet watched devotedly. she could do everything. sadly i want that also she is right now even greater so, For the individuals stays the fact the girl with handled and for the differences she could make in the united states. she’s individual I extremely want as well as also person I check with some child to desire to wind up as. my partner and i high schools really need to teach a category for ‘DeGenerisms’ merely, strategy to be kinds to each other, Especially on the planet we now stay in,

    7 over [url=][/url] 26

    Lucille retrenched to be Lucy Ricardo, “i prefer Lucy” Donna Walsh, 57: “Lucille golf ball typically is my personal favorite feminine in the media. your lover character, Lucy, wasn’t worried being petite. little bit while,pleasant relief, the ex manoeuvres are challenge with in [url=]latamdate review[/url] roublesome, still,but unfortunately your girl maintained trying retrieve actually to be able to wanted. your own isn’t frightened to stand up to your ex husband, even when older women could not make that happen in the ’50s also known as ’60s, but yet your girl used her very own bridal working large. dropping as well as prized her for her funnness, I liked using her internet promotion compact.

Leave A Reply

Please enter your comment!
Please enter your name here

Stay on op - Ge the daily news in your inbox