Search Publications

Displaying 51 - 75 of 136

Recommendation for Stateful Hash-Based Signature Schemes

October 29, 2020

Author(s)

David Cooper, Daniel Apon, Quynh H. Dang, Michael S. Davidson, Morris Dworkin, Carl Miller

This recommendation specifies two algorithms that can be used to generate a digital signature, both of which are stateful hash-based signature schemes: the Leighton-Micali Signature (LMS) system and the eXtended Merkle Signature Scheme (XMSS), along with

Cryptanalysis of LEDAcrypt

September 16, 2020

Author(s)

Daniel C. Apon, Ray A. Perlner, Angela Y. Robinson, Paulo Santini

We report on the concrete cryptanalysis of LEDAcrypt, a 2nd Round candidate in NIST's Post- Quantum Cryptography standardization process and one of 17 encryption schemes that remain as candidates for near-term standardization. LEDAcrypt consists of a

Recommendation for Key-Derivation Methods in Key-Establishment Schemes

August 18, 2020

Author(s)

Elaine B. Barker, Lidong Chen, Richard Davis

This Recommendation specifies techniques for the derivation of keying material from a shared secret established during a key-establishment scheme defined in NIST Special Publications 800-56A or 800-56B.

Boolean Functions with Multiplicative Complexity 3 and 4

July 18, 2020

Author(s)

Cagdas Calik, Meltem Sonmez Turan, Rene C. Peralta

Multiplicative complexity (MC) is defined as the minimum number of AND gates required to implement a function with a circuit over the basis (AND, XOR, NOT). Boolean functions with MC 1 and 2 have been characterized in Fischer and Peralta, and Find et al

NIST Roadmap Toward Criteria for Threshold Schemes for Cryptographic Primitives

July 7, 2020

Author(s)

Luis Brandao, Michael S. Davidson, Apostol T. Vassilev

This document constitutes a preparation toward devising criteria for the standardization of threshold schemes for cryptographic primitives by the National Institute of Standards and Technology (NIST). The large diversity of possible threshold schemes, as

Guide to IPsec VPNs

June 30, 2020

Author(s)

Elaine B. Barker, Quynh H. Dang, Sheila E. Frankel, Karen Scarfone, Paul Wouters

Internet Protocol Security (IPsec) is a widely used network layer security control for protecting communications. IPsec is a framework of open standards for ensuring private communications over Internet Protocol (IP) networks. IPsec configuration is

The Impossibility of Efficient Quantum Weak Coin-Flipping

June 22, 2020

Author(s)

Carl A. Miller

How can two parties with competing interests carry out a fair coin flip, using only a noiseless quantum channel? This problem (quantum weak coin-flipping) was formalized more than 15 years ago, and, despite some phenomenal theoretical progress, practical

Securing Web Transactions TLS Server Certificate Management

June 16, 2020

Author(s)

Murugiah P. Souppaya, William A. Haag Jr., Mehwish Akram, William C. Barker, Rob Clatterbuck, Brandon Everhart, Brian Johnson, Alexandros Kapasouris, Dung Lam, Brett Pleasant, Mary Raguso, Susan Symington, Paul Turner, Clint Wilson, Donna F. Dodson

Transport Layer Security (TLS) server certificates are critical to the security of both internet- facing and private web services. Despite the critical importance of these certificates, many organizations lack a formal TLS certificate management program

Rainbow Band Separation is Better than we Thought

June 10, 2020

Author(s)

Daniel Smith-Tone, Ray Perlner

Currently the National Institute of Standards and Technology (NIST) is engaged in a post- quantum standardization effort, analyzing numerous candidate schemes to provide security against the advancing threat of quantum computers. Among the candidates in

Recommendation for Cryptographic Key Generation

June 4, 2020

Author(s)

Elaine B. Barker, Allen L. Roginsky, Richard Davis

Cryptography is often used in an information technology security environment to protect data that is sensitive, has a high value, or is vulnerable to unauthorized disclosure or undetected modification during transmission or while in storage. Cryptography

Notes on Interrogating Random Quantum Circuits

May 29, 2020

Author(s)

Luis Brandao, Rene C. Peralta

Consider a quantum circuit that, when fed a constant input, produces a fixed-length random bit- string in each execution. Executing it many times yields a sample of many bit-strings that contain fresh randomness inherent to the quantum evaluation. When the

Recommendation for Key Management: Part 1 - General

May 4, 2020

Author(s)

Elaine B. Barker

This Recommendation provides cryptographic key-management guidance. It consists of three parts. Part 1 (this document) provides general guidance and best practices for the management of cryptographic keying material, including definitions of the security

Combinatorial Rank Attacks Against the Rectangular Simple Matrix Encryption Scheme

April 10, 2020

Author(s)

Dustin Moody, Ray A. Perlner, Daniel C. Smith-Tone, Daniel C. Apon, Javier Verbel

In 2013, Tao et al. introduced the ABC Simple Matrix Scheme for Encryption, a multivariate public key encryption scheme. The scheme boasts great efficiency in encryption and decryption, though it suffers from very large public keys. It was quickly noted

Parallel Device-Independent Quantum Key Distribution

April 9, 2020

Author(s)

Rahul Jain, Carl Miller, Yaoyun Shi

A prominent application of quantum cryptography is the distribution of cryptographic keys that are provably secure. Such security proofs were extended by Vazirani and Vidick (Physical Review Letters, 113, 140501, 2014) to the device-independent (DI)

Guideline for Using Cryptographic Standards in the Federal Government: Cryptographic Mechanisms

March 31, 2020

Author(s)

Elaine B. Barker

This document is intended to provide guidance to the Federal Government for using cryptography and NIST's cryptographic standards to protect sensitive, but unclassified digitized information during transmission and while in storage. The cryptographic

CMVP Approved Authentication Mechanisms: CMVP Validation Authority Requirements for ISO/IEC 19790:2012 Annex E and ISO/IEC 24759:2017

March 20, 2020

Author(s)

Kim B. Schaffer

NIST Special Publication (SP) 800-140E replaces the approved authentication mechanism requirements of ISO/IEC 19790 Annex E. As a validation authority, the Cryptographic Module Validation Program (CMVP) may supersede this Annex in its entirety with its own

CMVP Approved Non-Invasive Attack Mitigation Test Metrics: CMVP Validation Authority Updates to ISO/IEC 24759:2017

March 20, 2020

Author(s)

Kim B. Schaffer

NIST Special Publication (SP) 800-140F replaces the approved non-invasive attack mitigation test metric requirements of ISO/IEC 19790 Annex F. As a validation authority, the Cryptographic Module Validation Program (CMVP) may supersede this Annex in its

CMVP Approved Security Functions: CMVP Validation Authority Updates to ISO/IEC 24759

March 20, 2020

Author(s)

Kim B. Schaffer

NIST Special Publication (SP) 800-140C replaces the approved security functions of ISO/IEC 19790 Annex C. As a validation authority, the Cryptographic Module Validation Program (CMVP) may supersede this Annex in its entirety. This document supersedes ISO

CMVP Approved Sensitive Security Parameter Generation and Establishment Methods: CMVP Validation Authority Updates to ISO/IEC 24759:2017(E)

March 20, 2020

Author(s)

Kim B. Schaffer

NIST Special Publication (SP) 800-140D replaces the approved sensitive security parameter generation and establishment methods requirements of ISO/IEC 19790 Annex D. As a validation authority, the Cryptographic Module Validation Program (CMVP) may

Extending NIST's CAVP Testing of Cryptographic Hash Function Implementations

February 14, 2020

Author(s)

Nicky W. Mouha, Christopher T. Celi

This paper describes a vulnerability in Apple's CoreCrypto library, which affects 11 out of the 12 implemented hash functions: every implemented hash function except MD2 (Message Digest 2), as well as several higher-level operations such as the Hash-based

TMPS: Ticket-Mediated Password Strengthening

February 14, 2020

Author(s)

John M. Kelsey, Dana Dachman-Soled, Meltem Sonmez Turan, Sweta Mishra

We introduce the notion of Ticket-Mediated Password Strengthening (TMPS), a technique for allowing users to derive keys from passwords while imposing a strict limit on the number of guesses of their password any attacker can make, and strongly protecting

New Mission and Opportunity for Mathematics Researchers: Cryptography in Quantum Era

February 1, 2020

Author(s)

Lidong Chen, Dustin Moody

This article introduces the NIST Post-Quantum Cryptography standardization process. We highlight the challenges, discuss the mathematical problems in the proposed post-quantum cryptographic algorithms and the opportunities for mathematics researchers to

On the Profitability of Selfish Mining Against Multiple Difficulty Adjustment Algorithms

January 29, 2020

Author(s)

Michael S. Davidson, Tyler J. Diamond

The selfish mining attack allows cryptocurrency miners to mine more than their "fair share" of blocks, stealing revenue from other miners while reducing the overall security of payments. This malicious strategy has been extensively studied in Bitcoin, but

A Nonlinear Multivariate Cryptosystem Based on a Random Linear Code

November 24, 2019

Author(s)

Daniel C. Smith-Tone, Cristina Tone

We introduce a new technique for building multivariate encryption schemes based on random linear codes. The construction is versatile, naturally admitting multiple modifications. Among these modifications is an interesting embedding modifier -- any

Status Report on the First Round of the NIST Lightweight Cryptography Standardization Process

October 7, 2019

Author(s)

Meltem Sonmez Turan, Kerry A. McKay, Cagdas Calik, Dong Hoon Chang, Lawrence E. Bassham

The National Institute of Standards and Technology (NIST) is in the process of selecting one or more authenticated encryption and hashing schemes suitable for constrained environments through a public, competition-like process. In February 2019, 57