Menu
Home
People
Places
Arts
History
Plants & Animals
Science
Life & Culture
Technology
Reference.org
Merkle signature scheme
open-in-new
<p>In <a href="/facts/Hash-based_cryptography/gRkJfWR2">hash-based cryptography</a>, the Merkle signature scheme is a <a href="/facts/Digital_signature/tY7e2pnW">digital signature scheme</a> based on <a href="/facts/Merkle_tree/uGFY5mNA">Merkle trees</a> (also called hash trees) and one-time signatures such as the <a href="/facts/Lamport_signature/TGCfcYhx">Lamport signature scheme</a>. It was developed by <a href="/facts/Ralph_Merkle/ua5bsN0I">Ralph Merkle</a> in the late 1970s and is an alternative to traditional digital signatures such as the <a href="/facts/Digital_Signature_Algorithm/0o0FK486">Digital Signature Algorithm</a> or <a href="/facts/RSA_(algorithm)/XTzyfHuq">RSA</a>. <a href="/facts/NIST/gr9Fnh85">NIST</a> has approved specific variants of the Merkle signature scheme in 2020. </p><p>An advantage of the Merkle signature scheme is that it is believed to be resistant against attacks by <a href="/facts/Quantum_computer/nbbcgmvq">quantum computers</a>. The traditional <a href="/facts/Public-key_cryptography/gowoFTxS">public key</a> algorithms, such as RSA and <a href="/facts/ElGamal_signature_scheme/cChGpj4K">ElGamal</a> would become insecure if an effective quantum computer could be built (due to <a href="/facts/Shor%27s_algorithm/9JwEtznC">Shor's algorithm</a>). The Merkle signature scheme, however, only depends on the existence of secure <a href="/facts/Hash_function/rk6MlCt3">hash functions</a>. This makes the Merkle signature scheme very adjustable and resistant to quantum computer-based attacks. The Merkle signature is a <i>one time signature</i> with finite signing potential. The work of <a href="/facts/Moni_Naor/I9UuUSTx">Moni Naor</a> and <a href="/facts/Moti_Yung/KrBHvtts">Moti Yung</a> on signature based <a href="/facts/One-way_permutation/rGtcumDW">one-way permutations</a> and functions (and the invention of <a href="/facts/Universal_one-way_hash_function/gpjfnabz">universal one-way hash functions</a>) gives a way to extend a Merkle-like signature to a complete signature scheme. </p>