Why don t we use hash-based digital signatures everywhere

0 votes

I've been researching hash-based digital signatures like Lamport and SPHINCS, which are resistant to quantum attacks.

If these are so secure, why aren't they widely adopted instead of RSA and ECDSA?

  • Are they too slow or inefficient?
  • Do they have limitations in real-world applications?
  • Are there compatibility or storage issues that make them impractical?

I’d love to understand the trade-offs that prevent hash-based signatures from becoming the standard.

Feb 6 in Cyber Security & Ethical Hacking by Nidhi
 • 8,120 points 36 views

1 answer to this question.

0 votes

Hash-based digital signature schemes (like Lamport signatures, Merkle trees, and even more advanced ones like SPHINCS+) offer strong security guarantees, even against quantum attacks.

But several practical trade-offs have prevented their widespread adoption in place of RSA or ECDSA. Let’s break down the key issues:

1. Signature and Key Sizes

  • Large Signatures and Keys:
    Many hash-based signature schemes produce signatures and/or public keys that are significantly larger than those produced by RSA or ECDSA.

    • Example: A Lamport signature can be on the order of several kilobytes per signature, which is much larger than a typical 256-bit ECDSA signature.
    • Impact: Larger sizes mean more bandwidth, more storage, and sometimes higher costs when transmitting or storing these signatures—especially problematic for resource-constrained environments (like IoT devices).

  • Merkle Tree Overhead:
    While Merkle trees allow many one-time signatures to be combined under a single public key, they still require storing tree authentication paths that add extra overhead.

2. One-Time or Limited-Use Nature

  • Statefulness:
    Many hash-based schemes (e.g., Lamport or XMSS) are inherently stateful. They are designed to be one-time or few-time use:

    • Risk of Key Reuse: If a private key is used more than once, the security guarantees can break down. This means the signer must track which keys have been used, which introduces complexity and potential for errors.
    • Real-World Implications: In systems where maintaining such state is error-prone or where stateless operations are preferred (like many web applications), these schemes are less attractive.

  • SPHINCS+ Approach:
    Some newer schemes like SPHINCS+ attempt to be stateless. However, this comes at the cost of even larger signatures and slower performance compared to stateful counterparts.

3. Performance Considerations

  • Signing Speed:

    • Computation Intensive: Hash-based schemes can require a large number of hash computations, which can slow down the signing process.
    • Verification Efficiency: While verification might be relatively efficient (often just a series of hash computations), the overall performance—especially in signing—is not yet on par with optimized elliptic curve operations.

  • Practical Impact:
    In high-throughput systems (e.g., servers handling millions of transactions), even modest increases in computation per operation can add up, impacting latency and resource utilization.

4. Compatibility and Infrastructure

  • Existing Standards and Ecosystem:
    • Widespread Adoption of RSA/ECDSA: Much of the current cryptographic infrastructure, libraries, and protocols are built around RSA and ECDSA.
    • Integration Costs: Transitioning to hash-based schemes would require significant updates to standards, software libraries, hardware accelerators, and protocols (like TLS/SSL).
  • Legacy Systems:
    • Backward Compatibility: Many systems require compatibility with legacy protocols and hardware, making it difficult to introduce signatures with radically different properties (e.g., very large sizes or state management requirements).

5. Use Case Trade-Offs

  • When Hash-Based Signatures Make Sense:

    • Quantum Resistance: In a post-quantum world, their resistance to quantum attacks is a clear advantage.
    • High-Security Applications: Applications that can tolerate the larger sizes and potential performance hits (e.g., certain governmental or military applications) might benefit from hash-based schemes.

  • General-Purpose Use Cases:

    • Efficiency vs. Security Trade-off: For most consumer applications and many enterprise environments, the efficiency of RSA/ECDSA (or even newer curve-based schemes) and the existing ecosystem make them a more practical choice—even if they are theoretically vulnerable to quantum attacks (which are not an immediate threat).
answered Feb 11 by CaLLmeDaDDY
 • 16,200 points

Related Questions In Cyber Security & Ethical Hacking

0 votes
1 answer

Why do digital signatures need different algorithms?

Digital signatures are essential in modern cryptography ...READ MORE

answered Feb 11 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
 • 16,200 points 47 views
+3 votes
3 answers

How can we hack gmail id with the use of fishing attack with out use of gmail password

Any  app and any website any gmail ...READ MORE

answered Oct 8, 2020 in Cyber Security & Ethical Hacking by Tazzu
 17,889 views
0 votes
0 answers

why do we need cyber security

I'm now enrolled in a course on ...READ MORE

Sep 7, 2023 in Cyber Security & Ethical Hacking by Edureka
 • 320 points 339 views
0 votes
0 answers

Is there any decent way to use Aircrack or other wifi based pen testing tools without having a wifi card?

Is there any decent way to use ...READ MORE

Oct 14, 2024 in Cyber Security & Ethical Hacking by Anupam
• 10,090 points 170 views
+1 vote
1 answer

How do you decrypt a ROT13 encryption on the terminal itself?

Yes, it's possible to decrypt a ROT13 ...READ MORE

answered Oct 17, 2024 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
 • 16,200 points 335 views
+1 vote
1 answer

How does the LIMIT clause in SQL queries lead to injection attacks?

The LIMIT clause in SQL can indeed ...READ MORE

answered Oct 17, 2024 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
 • 16,200 points 388 views
+1 vote
1 answer

Is it safe to use string concatenation for dynamic SQL queries in Python with psycopg2?

The use of string concatenation while building ...READ MORE

answered Oct 17, 2024 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
 • 16,200 points 240 views
+1 vote
1 answer

How can I use Python for web scraping to gather information during reconnaissance?

Python is considered to be an excellent ...READ MORE

answered Oct 17, 2024 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
 • 16,200 points 221 views
0 votes
1 answer

Why don't we use hash-based digital signatures everywhere?

Hash-based digital signature schemes, such as Lamport ...READ MORE

answered Feb 11 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
 • 16,200 points 46 views
0 votes
1 answer

Why don't digital signatures reveal the sender’s private key?

Digital signatures are a cornerstone of modern ...READ MORE

answered Feb 11 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
 • 16,200 points 30 views
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP
"PMP®","PMI®", "PMI-ACP®" and "PMBOK®" are registered marks of the Project Management Institute, Inc. MongoDB®, Mongo and the leaf logo are the registered trademarks of MongoDB, Inc.