Post Quantum Cryptography (PQC) Signatures Without Trapdoors
William J Buchanan
TL;DR
RSA and similar public-key methods rely on trapdoors, enabling signature creation and verification but exposing trapdoor risk. The paper discusses non-trapdoor post-quantum signatures, focusing on hash-based approaches (Lamport, WOTS+, SPHINCS+) and Fiat-Shamir-based non-interactive signatures via Zero-Knowledge proofs in lattice settings. It outlines concrete constructions, including SPHINCS+ with Merkle-tree key management and signatures around 17 KB for 128-bit security, and Schnorr-like NI-ZKP with Fiat-Shamir for lattice-based schemes like Dilithium. The work highlights practical pathways for trapdoor-free PQC with provable security under quantum threats, informing standardisation and deployment decisions.
Abstract
Some of our current public key methods use a trap door to implement digital signature methods. This includes the RSA method, which uses Fermat's little theorem to support the creation and verification of a digital signature. The problem with a back-door is that the actual trap-door method could, in the end, be discovered. With the rise of PQC (Post Quantum Cryptography), we will see a range of methods that will not use trap doors and provide stronger proof of security. In this case, we use hash-based signatures (as used with SPHINCS+) and Fiat Shamir signatures using Zero Knowledge Proofs (as used with Dilithium).