Menu
Home
People
Places
Arts
History
Plants & Animals
Science
Life & Culture
Technology
Reference.org
Hash-based cryptography
open-in-new
<p>Hash-based cryptography is the generic term for constructions of <a href="/facts/Cryptographic_primitive/fy6vq5YM">cryptographic primitives</a> based on the security of <a href="/facts/Hash_function/rk6MlCt3">hash functions</a>. It is of interest as a type of <a href="/facts/Post-quantum_cryptography/1qeqUQve">post-quantum cryptography</a>. </p><p>So far, hash-based cryptography is used to construct <a href="/facts/Digital_signature/tY7e2pnW">digital signatures</a> schemes such as the <a href="/facts/Merkle_signature_scheme/DSJUSAcU">Merkle signature scheme</a>, zero knowledge and computationally integrity proofs, such as the zk-STARK proof system and range proofs over issued credentials via the HashWires protocol. Hash-based signature schemes combine a one-time signature scheme, such as a <a href="/facts/Lamport_signature/TGCfcYhx">Lamport signature</a>, with a <a href="/facts/Merkle_tree/uGFY5mNA">Merkle tree</a> structure. Since a one-time signature scheme key can only sign a single message securely, it is practical to combine many such keys within a single, larger structure. A Merkle tree structure is used to this end. In this hierarchical data structure, a hash function and concatenation are used repeatedly to compute tree nodes. </p><p>One consideration with hash-based signature schemes is that they can only sign a limited number of messages securely, because of their use of one-time signature schemes. The US <a href="/facts/National_Institute_of_Standards_and_Technology/gr9Fnh85">National Institute of Standards and Technology</a> (NIST), specified that algorithms in its <a href="/facts/Post-quantum_cryptography/1qeqUQve">post-quantum cryptography</a> competition support a minimum of 264 signatures safely. </p><p>In 2022, NIST announced SPHINCS+ as one of three algorithms to be standardized for digital signatures. NIST standardized stateful hash-based cryptography based on the eXtended Merkle Signature Scheme (XMSS) and Leighton–Micali Signatures (LMS), which are applicable in different circumstances, in 2020, but noted that the requirement to maintain state when using them makes them more difficult to implement in a way that avoids misuse. </p><p>In 2024 NIST announced the Stateless Hash-Based Digital Signature Standard. </p>