Research Article
Winternitz Signature Scheme Using Nonadjacent Forms
Algorithm 4
WSS-N security reduction algorithm.
Input: security parameter , function key , one-way challenge and second preimage resistance challenge | Output: a value that is either a preimage of or the second preimage for under or fail. | 1. run Kg to generate a WSS-N key pair (sk, pk). | 2. choose an index . | 3. if then choose an index . | 4. else choose an index . | 5. if then | a. if then set . | b. else | (1) choose an index . | (2) obtain from , replacing by . | c. obtain by setting | ; | ; | ; | | 6. else | a. if then set . | b. else | (1) choose an index . | (2) obtain from , replacing by . | c. obtain by setting | ; | ; | ; | | 7. run . | 8. if queries Sign with a message then | a. compute as in Algorithm 2. | b. if then return fail. | c. generate a signature of of : | (1) run . | (2) set . | d. reply to the query using . | 9. if returns a valid then | a. compute as in Algorithm 2. | b. if then return fail. | c. if and then return a preimage . | d. else if and | then return a preimage . | e. else if then return a preimage . | f. else if and | then return the second preimage . | 10. in any other cases, return fail. |
|