CMSS – An Improved Merkle Signature Scheme

  • Johannes Buchmann
  • Luis Carlos Coronado García
  • Erik Dahmen
  • Martin Döring
  • Elena Klintsevich
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4329)


The Merkle signature scheme (MSS) is an interesting alternative for well established signature schemes such as RSA, DSA, and ECDSA. The security of MSS only relies on the existence of cryptographically secure hash functions. MSS has a good chance of being quantum computer resistant. In this paper, we propose CMSS, a variant of MSS, with reduced private key size, key pair generation time, and signature generation time. We demonstrate that CMSS is competitive in practice by presenting a highly efficient implementation within the Java Cryptographic Service Provider FlexiProvider. We present extensive experimental results and show that our implementation can for example be used to sign messages in Microsoft Outlook.


Java Cryptography Architecture Merkle Signatures One-Time-Signatures Post-Quantum Signatures Tree Authentication 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [BM99]
    Bellare, M., Miner, S.: A Forward-Secure Digital Signature Scheme. In: Wiener, M.J. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 431–448. Springer, Heidelberg (1999)Google Scholar
  2. [Cor05a]
    Coronado García, L.C.: On the security and the efficiency of the Merkle signature scheme. Technical Report 2005/192, Cryptology ePrint Archive (2005), Available at:
  3. [Cor05b]
    Coronado García, L.C.: Provably Secure and Practical Signature Schemes. PhD thesis, Computer Science Departement, Technical University of Darmstadt (2005), Available at:
  4. [DH76]
    Diffie, W., Hellman, M.: New directions in cryptography. IEEE Transactions on Information Theory IT-22(6), 644–654 (1976)CrossRefMathSciNetGoogle Scholar
  5. [DSS05]
    Dods, C., Smart, N.P., Stam, M.: Hash Based Digital Signature Schemes. In: Smart, N.P. (ed.) Cryptography and Coding 2005. LNCS, vol. 3796, pp. 96–115. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  6. [Elg85]
    Elgamal, T.: A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 10–18. Springer, Heidelberg (1985)CrossRefGoogle Scholar
  7. [Flexi]
    The FlexiProvider group at Technische Universität Darmstadt. FlexiProvider, an open source Java Cryptographic Service Provider (2001-2006), Available at:
  8. [FOP03]
    The FlexiPKI research group at Technische Universität Darmstadt. The FlexiS/MIME Outlook Plugin (2003), Available at:
  9. [Int02]
    International Telecommunication Union. X.680: Information technology — Abstract Syntax Notation One (ASN.1): Specification of basic notation (2002), Available at:
  10. [JCA02]
    Sun Microsystems. The Java Cryptography Architecture API Specification & Reference (2002), Available at:
  11. [JCE02]
    Sun Microsystems. The Java Cryptography Extension (JCE) Reference Guide (2002), Available at:
  12. [JM99]
    Johnson, D., Menezes, A.: The Elliptic Curve Digital Signature Algorithm (ECDSA). Technical Report CORR 99-34, University of Waterloo (1999), Available at:
  13. [Mer89]
    Merkle, R.: A certified digital signature. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 218–238. Springer, Heidelberg (1990)Google Scholar
  14. [MOV96]
    Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of applied cryptography. CRC Press, Boca Raton, Florida (1996), Available at: CrossRefGoogle Scholar
  15. [NSW05]
    Naor, D., Shenhav, A., Wool, A.: One-Time Signatures Revisited: Have They Become Practical? Technical Report 2005/442, Cryptology ePrint Archive (2005), Available at:
  16. [RSA78]
    Rivest, R.L., Shamir, A., Adleman, L.: A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. Communications of the ACM 21(2), 120–126 (1978)zbMATHCrossRefMathSciNetGoogle Scholar
  17. [Sho94]
    Shor, P.W.: Algorithms for Quantum Computation: Discrete Logarithms and Factoring. In: Proceedings of the 35th Annual IEEE Symposium on Foundations of Computer Science (FOCS 1994), pp. 124–134. IEEE Computer Society Press, Los Alamitos (1994)CrossRefGoogle Scholar
  18. [Szy04]
    Szydlo, M.: Merkle Tree Traversal in Log Space and Time. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 541–554. Springer, Heidelberg (2004) (preprint version), Available at: CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Johannes Buchmann
    • 1
  • Luis Carlos Coronado García
    • 2
  • Erik Dahmen
    • 1
  • Martin Döring
    • 1
  • Elena Klintsevich
    • 1
  1. 1.Department of Computer ScienceTechnische Universität DarmstadtDarmstadtGermany
  2. 2.Banco de MéxicoMéxico D.F.

Personalised recommendations