U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications by: John M. Kelsey (Fed)

Search Title, Abstract, Conference, Citation, Keyword or Author
Displaying 1 - 25 of 38

Requirements for Cryptographic Accordions

April 11, 2025
Author(s)
Yu Long Chen, Michael Davidson, Morris Dworkin, John Kelsey, Yu Sasaki, Meltem Sonmez Turan, Alyssa Thompson, Nicky Mouha, Donghoon Chang
This report introduces the cryptographic accordion as a tweakable, variable-input-length strong pseudorandom permutation (VIL-SPRP) that is constructed from an underlying block cipher. An accordion facilitates the cryptographic processing of messages of

Status Report on the Fourth Round of the NIST Post-Quantum Cryptography Standardization Process

March 11, 2025
Author(s)
Gorjan Alagic, Maxime Bros, Pierre Ciadoux, David Cooper, Quynh Dang, Thinh Dang, John Kelsey, Jacob Lichtinger, Yi-Kai Liu, Carl Miller, Dustin Moody, Rene Peralta, Ray Perlner, Angela Robinson, Hamilton Silberg, Daniel Smith-Tone, Noah Waller
The National Institute of Standards and Technology is selecting public-key cryptographic algorithms through a public, competition-like process. The new public-key cryptography standards will specify additional digital signatures, public-key encryption, and

Status Report on the First Round of the Additional Digital Signature Schemes for the NIST Post-Quantum Cryptography Standardization Process

October 24, 2024
Author(s)
Gorjan Alagic, Maxime Bros, Pierre Ciadoux, David Cooper, Quynh Dang, Thinh Dang, John M. Kelsey, Jacob Lichtinger, Carl A. Miller, Dustin Moody, Rene Peralta, Ray Perlner, Angela Robinson, Hamilton Silberg, Daniel Smith-Tone, Noah Waller, Yi-Kai Liu
The National Institute of Standards and Technology is in the process of evaluating public-key digital signature algorithms through a public competition-like process for potential standardization. Any signature scheme eventually selected would augment

XDRBG: A Proposed Deterministic Random Bit Generator Based on Any XOF

March 1, 2024
Author(s)
John Kelsey, Stefan Lucks, Stephan Muller
A deterministic random bit generator (DRBG) generates pseudorandom bits from an unpredictable seed, i.e. a seed drawn from any ramdom source with sufficient entropy. The current paper formalizes a security notion for a DRBG, allowing the attacker to

Status Report on the Final Round of the NIST Lightweight Cryptography Standardization Process

June 16, 2023
Author(s)
Meltem Sonmez Turan, Kerry McKay, Donghoon Chang, Jinkeon Kang, Noah Waller, John M. Kelsey, Lawrence E. Bassham, Deukjo Hong
The National Institute of Standards and Technology (NIST) initiated a public standardization process to select one or more Authenticated Encryption with Associated Data (AEAD) and hashing schemes suitable for constrained environments. In February 2019, 57

Status Report on the Third Round of the NIST Post-Quantum Cryptography Standardization Process

September 29, 2022
Author(s)
Gorjan Alagic, Daniel Apon, David Cooper, Quynh Dang, Thinh Dang, John M. Kelsey, Jacob Lichtinger, Yi-Kai Liu, Carl A. Miller, Dustin Moody, Rene Peralta, Ray Perlner, Angela Robinson, Daniel Smith-Tone
The National Institute of Standards and Technology is in the process of selecting public-key cryptographic algorithms through a public, competition-like process. The new public-key cryptography standards will specify additional digital signature, public

Breaking Category Five SPHINCS+ with SHA-256

September 28, 2022
Author(s)
Ray Perlner, David Cooper, John M. Kelsey
SPHINCS+ is a stateless hash-based signature scheme and a finalist in the NIST PQC standardization process. Its security proof relies on the distinct-function multi-target second-preimage resistance (DM-SPR) of the underlying keyed hash function. The

Status Report on the Third Round of the NIST Post-Quantum Cryptography Standardization Process

July 5, 2022
Author(s)
Gorjan Alagic, David Cooper, Quynh Dang, Thinh Dang, John M. Kelsey, Jacob Lichtinger, Yi-Kai Liu, Carl A. Miller, Dustin Moody, Rene Peralta, Ray Perlner, Angela Robinson, Daniel Smith-Tone, Daniel Apon
The National Institute of Standards and Technology is in the process of selecting public-key cryptographic algorithms through a public, competition-like process. The new public-key cryptography standards will specify additional digital signature, public

Coalition and Threshold Hash-Based Signatures

February 25, 2022
Author(s)
John M. Kelsey, Stefan Lucks
We show how to construct a threshold version of stateful hash-based signature schemes like those defined in XMSS (defined in RFC8391) and LMS (defined in RFC8554). Our techniques assume a trusted dealer and secure point-to-point communications; are

Status Report on the Second Round of the NIST Lightweight Cryptography Standardization Process

July 20, 2021
Author(s)
Meltem Sonmez Turan, Kerry McKay, Donghoon Chang, Cagdas Calik, Lawrence E. Bassham, Jinkeon Kang, John M. Kelsey
The National Institute of Standards and Technology (NIST) is in the process of selecting one or more authenticated encryption and hashing schemes suitable for constrained environments through a public, competition-like process. In February 2019, 57

Status Report on the Second Round of the NIST Post-Quantum Cryptography Standardization Process

July 22, 2020
Author(s)
Dustin Moody, Gorjan Alagic, Daniel C. Apon, David A. Cooper, Quynh H. Dang, John M. Kelsey, Yi-Kai Liu, Carl A. Miller, Rene C. Peralta, Ray A. Perlner, Angela Y. Robinson, Daniel C. Smith-Tone, Jacob Alperin-Sheriff
The National Institute of Standards and Technology is in the process of selecting one or more public-key cryptographic algorithms through a public, competition-like process. The new public-key cryptography standards will specify one or more additional

TMPS: Ticket-Mediated Password Strengthening

February 14, 2020
Author(s)
John M. Kelsey, Dana Dachman-Soled, Meltem Sonmez Turan, Sweta Mishra
We introduce the notion of Ticket-Mediated Password Strengthening (TMPS), a technique for allowing users to derive keys from passwords while imposing a strict limit on the number of guesses of their password any attacker can make, and strongly protecting

Recommendation for the Entropy Sources Used for Random Bit Generation

January 10, 2018
Author(s)
Meltem Sonmez Turan, Elaine B. Barker, John M. Kelsey, Kerry A. McKay, Mary L. Baish, Mike Boyle
This Recommendation specifies the design principles and requirements for the entropy sources used by Random Bit Generators, and the tests for the validation of entropy sources. These entropy sources are intended to be combined with Deterministic Random Bit

Cryptocurrency Smart Contracts for Distributed Consensus of Public Randomness

October 7, 2017
Author(s)
Peter M. Mell, John M. Kelsey, James Shook
Most modern electronic devices can produce a random number. However, it is dicult to see how a group of mutually distrusting entities can have con dence in any such hardware-produced stream of random numbers, since the producer could control the output to

SHA-3 Derived Functions: cSHAKE, KMAC, TupleHash and ParallelHash

December 22, 2016
Author(s)
John M. Kelsey, Shu-jen H. Chang, Ray Perlner
This Recommendation specifies four types of SHA-3-derived functions: cSHAKE, KMAC, TupleHash, and ParallelHash, each defined for a 128- and 256-bit security strength. cSHAKE is a customizable variant of the SHAKE function, as defined in FIPS 202. KMAC (for

Measuring the Usability and Security of Permuted Passwords on Mobile Platforms

April 25, 2016
Author(s)
Kristen K. Greene, John M. Kelsey, Joshua M. Franklin
Password entry on mobile devices significantly impacts both usability and security, but there is a lack of usable security research in this area, specifically for complex password entry. To address this research gap, we set out to assign strength metrics

Predictive Models for Min-Entropy Estimation

September 13, 2015
Author(s)
John M. Kelsey, Kerry McKay, Meltem Sonmez Turan
Random numbers are essential for cryptography. In most real-world systems, these values come from a cryptographic pseudorandom number generator (PRNG), which in turn is seeded by an entropy source. The security of the entire cryptographic system then

New Second-Preimage Attacks on Hash Functions

June 23, 2015
Author(s)
Elena Andreeva, Charles Bouillaguet, Orr Dunkelman, Pierre-Alain Fouque, Jonathan J. Hoch, John M. Kelsey, Adi Shamir, Sebastien Zimmer
In this work, we present several new generic second-preimage attacks on hash functions. Our first attack is based on the herding attack and applies to various Merkle-Damgard-based iterative hash functions. Compared to the previously known long-message

Tap On, Tap Off: Onscreen Keyboards and Mobile Password Entry

May 1, 2015
Author(s)
Kristen Greene, Joshua M. Franklin, John M. Kelsey
Password entry on mobile devices significantly impacts both usability and security, but there is a dearth of usable security research in this area, specifically for complex password entry. To address this research gap, we set out to assign strength metrics

How Random is Your RNG?

January 18, 2015
Author(s)
Meltem Sonmez Turan, John M. Kelsey, Kerry A. McKay
Cryptographic primitives need random numbers to protect your data. Random numbers are used for generating secret keys, nonces, random paddings, initialization vectors, salts, etc. Deterministic pseudorandom number generators are useful, but they still need

Third-Round Report of the SHA-3 Cryptographic Hash Algorithm Competition

November 15, 2012
Author(s)
Shu-jen H. Chang, Ray A. Perlner, William E. Burr, Meltem Sonmez Turan, John M. Kelsey, Souradyuti Paul, Lawrence E. Bassham
The National Institute of Standards and Technology (NIST) opened a public competition on November 2, 2007 to develop a new cryptographic hash algorithm - SHA-3, which will augment the hash algorithms specified in the Federal Information Processing Standard

A Keyed Sponge Construction with Pseudorandomness in the Standard Model

March 22, 2012
Author(s)
Donghoon Chang, Morris Dworkin, Seokhie Hong, John M. Kelsey, Mridul Nandi
The sponge construction, designed by Bertoni, Daemen, Peeters, and Asscheis, is the framework for hash functions such as Keccak, PHOTON, Quark, and spongent. The designers give a keyed sponge construction by prepending the message with key and prove a

Status Report on the Second Round of the SHA-3 Cryptographic Hash Algorithm Competition

February 23, 2011
Author(s)
Meltem Sonmez Turan, Ray A. Perlner, Lawrence E. Bassham, William E. Burr, Dong H. Chang, Shu-jen H. Chang, Morris J. Dworkin, John M. Kelsey, Souradyuti Paul, Rene C. Peralta
The National Institute of Standards and Technology (NIST) opened a public competition on November 2, 2007 to develop a new cryptographic hash algorithm - SHA-3, which will augment the hash algorithms currently specified in the Federal Information
Was this page helpful?