@unpublished{63403, abstract = {{Stateful signatures like the NIST standardized signature schemes LMS and XMSS provide an efficient and mature realization of post-quantum secure signature schemes. They are recommended for long-term use cases like e.g. firmware signing. However, stateful signature schemes require to properly manage a so-called state. In stateful signature schemes like LMS and XMSS, signing keys consist of a set of keys of a one-time signature scheme and it has to be guaranteed that each one-time key is used only once. This is done by updating a state in each signature computation, basically recording which one-time keys have already been used. While this is straightforward in centralized systems, in distributed systems like secure enclaves consisting of e.g. multiple hardware security modules (HSMs) with limited communication keeping a distributed state that at any point in time is consistent among all parties involved presents a challenge. This challenge is not addressed by the current standardization processes. In this paper we present a security model for the distributed key management of post-quantum secure stateful signatures like XMSS and LMS. We also present a simple, efficient, and easy to implement protocol proven secure in this security model, i.e. the protocol guarantees at any point in time a consistent state among the parties in a distributed system, like a distributed security enclave. The security model is defined in the universal composabilty (UC) framework by Ran Canetti by providing an ideal functionality for the distributed key management for stateful signatures. Hence our protocol remains secure even if arbitrarily composed with other instances of the same or other protocols, a necessity for the security of distributed key management protocols. Our main application are security enclaves consisting of HSMs, but the model and the protocol can easily be adapted to other scenarios of distributed key management of stateful signature schemes.}}, author = {{Blömer, Johannes and Bröcher, Henrik and Krummel, Volker and Porzenheim, Laurens Alexander}}, keywords = {{distributed state, hash-based signature, stateful hash-based signature, universal composability, secure enclave}}, pages = {{22}}, title = {{{Secure Distributed State Management for Stateful Signatures with a Practical and Universally Composable Protocol}}}, year = {{2025}}, } @inproceedings{35014, author = {{Blömer, Johannes and Bobolz, Jan and Bröcher, Henrik}}, location = {{Taipeh, Taiwan}}, title = {{{On the impossibility of surviving (iterated) deletion of weakly dominated strategies in rational MPC}}}, year = {{2023}}, } @misc{13128, author = {{Bröcher, Henrik}}, publisher = {{Universität Paderborn}}, title = {{{Rational Secure Multiparty Computation}}}, year = {{2019}}, } @inproceedings{3265, abstract = {{We present CLARC (Cryptographic Library for Anonymous Reputation and Credentials), an anonymous credentials system (ACS) combined with an anonymous reputation system. Using CLARC, users can receive attribute-based credentials from issuers. They can efficiently prove that their credentials satisfy complex (access) policies in a privacy-preserving way. This implements anonymous access control with complex policies. Furthermore, CLARC is the first ACS that is combined with an anonymous reputation system where users can anonymously rate services. A user who gets access to a service via a credential, also anonymously receives a review token to rate the service. If a user creates more than a single rating, this can be detected by anyone, preventing users from spamming ratings to sway public opinion. To evaluate feasibility of our construction, we present an open-source prototype implementation.}}, author = {{Bemmann, Kai and Blömer, Johannes and Bobolz, Jan and Bröcher, Henrik and Diemert, Denis Pascal and Eidens, Fabian and Eilers, Lukas and Haltermann, Jan Frederik and Juhnke, Jakob and Otour, Burhan and Porzenheim, Laurens Alexander and Pukrop, Simon and Schilling, Erik and Schlichtig, Michael and Stienemeier, Marcel}}, booktitle = {{Proceedings of the 13th International Conference on Availability, Reliability and Security - ARES '18}}, isbn = {{978-1-4503-6448-5}}, location = {{Hamburg, Germany}}, publisher = {{ACM}}, title = {{{Fully-Featured Anonymous Credentials with Reputation System}}}, doi = {{10.1145/3230833.3234517}}, year = {{2018}}, }