The evolution of digital signatures: From classical to post-quantum⋆ Maksim Iavich1,∗,† 1 Caucasus University, 1 Paata Saakadze str., 0102 Tbilisi, Georgia Abstract The paper investigates the vulnerability of classical digital signatures, particularly RSA, in the face of advancing quantum computing. Shor’s algorithm, which is capable of efficiently factoring large numbers on a quantum computer, poses a significant threat to traditional public-key cryptography. Therefore, the paper explores post-quantum digital signature schemes based on hashing, which are known for their resilience to quantum attacks. A key focus is the introduction and application of the Verkle Tree, a novel data structure, in the design of digital signatures. Our methodology, which uses Verkle Tree enhances security and efficiency in the post-quantum era, offering a practical methodology to counter quantum threats. The paper also offers post-quantum design concepts leveraging the Verkle Tree, offering the possibility of its integration into broader cryptographic protocols. In conclusion, the paper contributes to the discussion on the future of digital signatures by addressing classical vulnerabilities, introducing post- quantum alternatives, and proposing innovative design concepts with the Verkle Tree. This work illustrates the importance of quantum-resistant cryptographic solutions and provides practical and theoretical approaches for secure digital signatures in the post-quantum landscape. Keywords Verkle tree, quantum attacks, digital signature, RSA 1 1. Introduction Someday, quantum computers will be able to break the existing cryptographic codes used for communication and Recently, the leading engineers and scientists of the world financial transactions, so the digital signature systems used are working on the creation of quantum computers. today are immune to quantum computer attacks, so the Recognized leaders in the development of quantum world must adopt quantum-resistant cryptography at the computers, the Google Corporation, the Association of D- core level. Digital signature system security today is based WAVE and Space Research Universities, and the federal on the problem of calculating discrete logarithms and agency NASA are already ready to make a breakthrough in factoring large numbers [6–9]. Cryptosystems in use today, the field of quantum technologies. In October 2019, Google such as RSA with four thousand bits of keys, are useful announced the achievement of quantum supremacy, which against classical computer attacks but are completely caused serious dispute, but given that the technological useless against quantum computer attacks. giants are in a hurry to create the first quantum computers The Daytime RSA cryptosystem is used almost and have made significant progress in this direction, the everywhere, it is used by many large organizations such as world may be approaching the beginning of a new era. government agencies, corporations, banks, government, Google claims that the new design of the chip can increase and not only laboratories and universities. In addition, RSA memory productivity ten times, from 100 to 1000 qubits. is used in commercial products, hardware, operating IBM is next as it declares that by the end of 2023, it will systems, Ethernet, network smart and cards, and also in create a quantum processor with a capacity of more than cryptographic equipment. With a total of about 500 million 1000 qubits with about 50 logical qubits. It has already users, the RSA is one of the most widely used public key introduced a processor with 127 cubits in 2021 and a 433- cryptosystems. So hacking RSA can lead to complete chaos. cube processor in 2022. Chinese scientists also claim that Today’s challenge is to create alternatives to RSA that can “Zuchongzhi 2”—a 66-qubit quantum processor, completed withstand the attacks of quantum computers. As an the task 1 million times faster than the Google processor. alternative to RSA, digital signature hashing schemes based This processor was developed by the research group of the on a cryptographic hash function can be considered. The Center for Achievements in Quantum Information and security of this signature is based on the collision resistance Quantum Physics of the Chinese Academy of Sciences of the hash function. together with the Shanghai Institute of Technical Physics and the Shanghai Institute of Microsystems and Information Technologies [1–5]. CQPC-2024: Classic, Quantum, and Post-Quantum Cryptography, August 0000-0002-3109-7971 (M. Iavich) 6, 2024, Kyiv, Ukraine © 2024 Copyright for this paper by its authors. Use permitted under ∗ Corresponding author. Creative Commons License Attribution 4.0 International (CC BY 4.0). † These authors contributed equally. miavich@cu.edu.ge (M. Iavich) CEUR Workshop ceur-ws.org ISSN 1613-0073 32 Proceedings 2. Digital signatures Use Cases: Digital signatures find applications in various fields, such as: Digital signatures rely on asymmetric cryptography, which involves a pair of keys: a private key for signing and a public  Document Authentication: Ensuring the integrity key for verification. The mathematical foundation often and authenticity of digital documents. involves algorithms like RSA, DSA, or ECDSA. The private  Financial Transactions: Verifying the origin and key creates the signature, and the public key verifies it [10– integrity of financial transactions. 12].  Software Distribution: Ensuring that software has not been tampered with during distribution. Signing process:  Legal Contracts: Providing a digital equivalent to handwritten signatures in legal documents. 1. Hashing: Challenges: Despite their effectiveness, digital  Before signing, the document or message is signatures face challenges like evolving cryptographic usually hashed. A hash function condenses the standards, quantum computing threats, and the need for data into a fixed-size string of characters. widespread adoption to achieve their full potential.  The hash ensures that even a slight change in the document will result in a vastly different hash value. 3. RSA-based digital signatures RSA, named after its inventors Ron Rivest, Adi Shamir, and 2. Private Key Encryption: Leonard Adleman, serves as a foundational public-key cryptosystem widely employed for digital signatures. At its  The hash is then encrypted with the sender’s core, RSA involves a pair of keys—a public key and a private private key to create the digital signature. key. The public key, comprising a modulus (n) and an  The private key ensures that only the sender could exponent (e), is openly shared, while the private key, have created this specific signature. including(n) and another exponent (d), remains confidential. The system’s security hinges on the intricate Verification process: challenge of factoring large prime numbers, forming the 1. Hashing: basis of its strength [13–16]. In the generation of digital signatures using RSA, a  The recipient hashes the received document using meticulous process unfolds. Before signing, the document the same hash function used by the sender. undergoes hashing, typically utilizing a secure hash function like SHA-256. This hashed value is then padded, an 2. Public Key Decryption: important step in ensuring a consistent size and mitigating specific vulnerabilities, often employing schemes such as  The recipient decrypts the digital signature using PKCS#1 v1.5 or PSS. Subsequently, the padded hash is the sender’s public key, revealing the original hash encrypted using the sender’s private key, resulting in the value. creation of the digital signature [17, 18]. On the recipient’s end, the process of verifying the 3. Comparison: digital signature unfolds. The received document is hashed, mirroring the same hash function employed by the sender.  The decrypted hash is compared with the hash of Simultaneously, the recipient decrypts the digital signature the received document. using the sender’s public key. Successful matching between  If the two hashes match, it confirms that the the decrypted signature and the hash value validates the document has not been altered, and the signature signature, assuring the document’s integrity and is valid. authenticity. The strength of RSA-based digital signatures is based on Non-Repudiation: Digital signatures provide non- their security features. The complexity of factoring large repudiation, meaning the sender cannot deny their numbers contributes to robust security. The choice of key involvement or the authenticity of the signed document. length plays a pivotal role, with longer keys offering This is because only the sender possesses the private key heightened security albeit potentially demanding more needed to generate that specific signature. computational resources. Despite RSA’s general slowness Key Management: The security of digital signatures compared to symmetric-key algorithms, its computational relies heavily on proper key management. Safeguarding cost for digital signatures is typically deemed acceptable. private keys is crucial to prevent unauthorized access and Careful consideration of padding schemes, such as PKCS#1 potential forgery. Key generation, storage, and distribution v1.5 and PSS, is essential to fortify security against potential should follow secure practices. vulnerabilities. Time Stamping: To address the issue of the validity In practical applications, RSA-based digital signatures period of digital signatures, timestamping services are often find extensive use. They authenticate the source of used. They provide proof that the signature existed at a messages in secure communication protocols like SSL/TLS, particular time, adding another layer of security and trust. ensure the authenticity and integrity of digitally signed 33 documents, and play a crucial role in the generation of the creation of a key pair comprising a private key and its digital certificates. corresponding public key. The private key, selected at However, challenges persist. The need for longer key random, serves as the cornerstone for deriving the public lengths to thwart evolving threats and the looming potential key through elliptic curve computations [19–21]. of quantum computers pose considerations. Additionally, the To generate an ECC digital signature, the message computational overhead of RSA, especially in resource- undergoes hashing using a cryptographic hash function, constrained environments, remains an ongoing concern. resulting in a fixed-size hash value. A critical aspect RSA-based digital signatures continue to be usable in involves the generation of a random nonce to thwart classical cryptography, offering a reliable means to ensure signature predictability. the authenticity and integrity of digital information. Subsequently, the ECDSA algorithm computes a pair of Ongoing research is essential to address emerging values, typically represented as (r, s), constituting the digital challenges and enhance the security of RSA-based systems signature associated with the hashed message. Verification as technology evolves. of an ECC digital signature necessitates hashing the RSA, as a widely used public-key cryptosystem, is received message and reconstructing a point on the elliptic vulnerable to attacks by quantum computers due to its curve using the public key and elliptic curve operations. The reliance on the difficulty of factoring large numbers. computed point, combined with the received signature, Quantum computers, with their potential to perform certain undergoes mathematical scrutiny to validate its calculations exponentially faster than classical computers, authenticity. pose a significant threat to traditional cryptographic Successful verification establishes the genuineness and algorithms. integrity of the message. ECC’s robust security is achieved The most notable algorithm for factoring large numbers through shorter key lengths in comparison to conventional efficiently on a quantum computer is Shor’s algorithm. algorithms, rendering it computationally efficient. As a Shor’s algorithm can factorize large numbers in polynomial versatile cryptographic tool, ECC digital signatures find time, rendering the security assumptions of RSA obsolete. utility in various domains such as secure communication As a result, the security of RSA and other widely used protocols, authentication mechanisms, and digital public-key cryptography systems, such as ECC (Elliptic certificates. Curve Cryptography), is compromised in the era of With its resilience against quantum attacks, ECC serves quantum computing. as a cornerstone in the continual advancement of To address the threat posed by quantum computers, the cryptographic solutions. Quantum computers pose a cryptographic community is actively exploring and potential threat to certain public-key cryptography developing quantum-resistant or post-quantum algorithms, including Elliptic Curve Cryptography (ECC), cryptographic algorithms. These algorithms aim to maintain which underpins ECC digital signatures. security even in the face of quantum attacks. Some proposed The primary quantum algorithm posing a threat to ECC post-quantum alternatives include lattice-based is Shor’s algorithm. Shor’s algorithm proficiently factors cryptography, hash-based cryptography, code-based large numbers and computes discrete logarithms, which are cryptography, and multivariate polynomial cryptography. foundational challenges for breaking RSA and ECC, Transitioning from RSA to quantum-resistant respectively. algorithms is crucial for maintaining the security of digital signatures and other cryptographic applications in the post- 5. Hash-based digital signature quantum era. Organizations and researchers are working collaboratively to standardize new cryptographic schemes algorithms that can withstand quantum attacks. Hash-based digital signature schemes are a class of In the context of digital signatures, the move to cryptographic algorithms that rely on the properties of hash quantum-resistant algorithms ensures that the integrity and functions to achieve secure and efficient digital signatures. authenticity of signed documents remain secure even as These schemes are particularly interesting in the context of quantum computing capabilities advance. While RSA has post-quantum cryptography due to their resilience against been a workhorse for secure communication and digital quantum attacks, especially when other traditional public- signatures, the ongoing development and adoption of key cryptosystems like RSA or ECC may become quantum-resistant algorithms are essential for preparing for vulnerable. the future landscape of quantum computing threats. Lamport-Diffie’s hash-based one-time signature scheme is regarded as a promising and resilient alternative for the 4. Elliptic curve cryptography digital post-quantum era, presenting a paradigm shift in cryptographic methodologies to address the vulnerabilities signatures posed by quantum computing advancements. This scheme Elliptic Curve Cryptography (ECC) digital signatures are at stands out as a beacon of security in an environment where the forefront of modern public-key cryptography, striking a traditional cryptographic systems, especially those reliant delicate balance between stringent security requirements on integer factorization, face the imminent threat of and computational efficiency. compromise through quantum algorithms such as Shor’s ECC leverages the intricate properties of elliptic curves algorithm. With its foundation in hash functions, Lamport- over finite fields to facilitate cryptographic operations Diffie introduces a robust and quantum-resistant approach effectively. During the key generation phase, ECC entails to digital signatures, offering cryptographic practitioners 34 and researchers an avenue to fortify information security in concatenation of all branches related to “authi” concerning a landscape where quantum threats loom large. This 𝑌 . alternative not only aligns with the imperative of future- Signature proofing cryptographic systems but also signals a proactive (2) = (sig||arb|| 𝑌 ||auth , … , auth ) response to the evolving challenges ushered in by the Signature verification: When verifying a Merkle relentless progress of quantum technologies. As the cryptosystem signature, if verification of a one-time cryptographic community navigates the complex terrain of signature sig by 𝑌 is valid, all a[i, j] nodes are computed post-quantum security, Lamport-Diffie’s hash-based one- using “authi”, index arb and 𝑌 . The signature is valid, if time signature scheme emerges as a beacon of resilience and the public key and the root of the tree are equal. innovation, charting a course towards cryptographic The detailed process of receiving the public key within solutions capable of withstanding the transformative impact the Merkle tree structure is visually explained in Fig. 1. This of quantum computing on traditional cryptographic step-by-step procedure outlines how the public key is foundations. The only disadvantage is that the signature obtained from the Merkle tree, providing a comprehensive size is 𝑛 , where the hashed grid size is n, which is quite understanding of the cryptographic mechanism. large. The Winternitz One-Time Signature (OTS) scheme is a cryptographic construction designed to provide secure digital signatures with a focus on minimizing the impact of quantum attacks. Proposed by Ralph Winternitz in 1986, this scheme operates on the principles of hash-based cryptography, similar to the Lamport-Diffie scheme, but with distinctive features that make it particularly suitable for post-quantum cryptographic scenarios. In the Winternitz OTS scheme, the private key consists of a sequence of values derived from a hash function applied iteratively. The corresponding public key is generated from the hash function and is typically shorter than the private key. A digital signature is created by revealing a subset of the private key values, which are then used to sign a specific message. Importantly, each private key value is used only Figure 1: Merkle tree once, making it a one-time signature scheme. The Winternitz one-time signature scheme greatly 6. Verkle and Merkle reduces the size of the signature, since here one string key signs several bits of a hashed message [22], but in this case, We can tell, that Verkle trees are an improved version of a problem occurs when we need to exchange a large number upgraded Merkle trees, their construction is very similar to of keys because it uses an individual key pair for each that of Patricia’s Merkle tree [30, 31]. Werkle trees are more message. To avoid using a large number of verification keys, efficient and we can use smaller proof sizes with them. we can use the Merkle digital signature scheme where a Fig. 1 shows a Verkle tree of 9 files with a branching rate binary tree is used. Where we get the public key from the of 3. First, the files are split into subsets of size k = 3, at the root of this tree [23–29]. next step, a commitment vector and corresponding Key generation: The length of the tree is chosen as membership proofs are calculated for each subset. After H>=2. 2 documents can be signed by one public key. 2 dividing the files into subsets of size k = 3, by calculating vector commitments and membership proofs for each key pairs are created, where 𝑋 denotes the signing key and Yi denotes the verification key, the verification keys form subset, we obtain commitments 𝑉𝐶 , 𝑉𝐶 and 𝑉𝐶 . As for the leaves of the tree. Each branch is a hash value of the the 𝑉𝐶 commitment vector, which is computed with these concatenation of the children of the tree. last three commitments together with the 𝑝 , 𝑝 and 𝑝 𝑎[1,0] = ℎ(𝑎[0,0] || 𝑎[0,1]) (1) membership proofs for the 𝑉𝐶 , 𝑉𝐶 and 𝑉𝐶 commitments, The public key is the root of the binary tree, and it accordingly, concerning the 𝑉𝐶 commitment. The final requires the calculation of 2 pairs of unique keys to resolution of the Verkle tree is the root commit, in this case generate it. 𝑉𝐶 . Signature generation: The m size random is converted The proof in a Merkle tree must contain every flattened into a message of size n using a hash function. h(m) is hash, node in the tree that shares a common ancestor with any the one-time signature is created using a random 𝑋 the node on the path leading to the proof node. one-time key, the document signature is a one-time For this reason, the size of the signature is very large. signature, 𝑌 verification one-time key, index arb, and the Flattern nodes must be provided at each level since the entire set of child nodes is needed to calculate the value of a node, and this continues until the root of the tree is reached. 35 Figure 2: Verkle tree But there is no need to provide any flattened nodes in a Verkle Table 1 tree. Because here we are only pointing the way. For this Comparison of efficiency reason, Verkle trees are wider than Merkle Patricia trees: a Scheme Construction Update Proof Size larger tree has a shorter path in both Merkle and Verkle’s cases, Merkle Tree 𝑂(𝑛) 𝑂(log 𝑛) 𝑂(log 𝑛) but in a Merkle Patricia tree this effect runs down by the high Merkle Tree 𝑂(𝑛) 𝑂(𝑤log 𝑛) 𝑂(𝑤log 𝑛) cost of having to provide full-width 1 flatter node per proof (w-ary) branch. Vector 𝑂(𝑛 ) 𝑂(𝑛) 𝑂(1) Therefore, the Verkle tree is more effective. Table 1 Commitment reflects the comparison of the efficiency of Merkle and Verkle Tree 𝑂(w𝑛) 𝑂(𝑤log 𝑛) 𝑂(log 𝑛) Verkle trees. 7. Novel design Verkle’s core commitment is a public key (Fig. 2). Figure 3: Verkle Signature Scheme Key generation: H>=2 is chosen as Verkle tree length. Signature verification: Digital signature verification in Where, 2 number of documents can be signed by one Verkle is done as follows, one-time signature sig must be public key. A 2 of key pairs is generated, assigned to the verified with 𝑌 , if found correct, all 𝑉𝐶 checks are signature key Xi and the verification key 𝑌 , after calculated using “authi,” index arb and 𝑌 . The signature computing h(𝑌 ) we use it as the leaves of the tree. Each is verified If the tree root matches the commitment one. node is the hash value of the connection of its branches. The vector commitment must be chosen specifically, it 𝑎[1,0] = ℎ(𝑎[0,0] || 𝑎[0,1]) (3) must be resistant to the attacks of quantum computers. In To generate a public key, it is necessary to calculate 2H the case of vector commitment is quantum resistant the pairs of one-time keys. final digital signature is also quantum resistant. Signature generation: A message of random size is converted to size n using a hash function. Assign to 8. Conclusions message m. h(m) = hash and the one-time signature is The Verkle scheme indeed represents a significant created with a random 𝑋 one-time key, To sign the advancement over the traditional Merkle scheme, document we need to concatenate: one-time signature, introducing key enhancements that contribute to both 𝑌 verification one-time key, proof of index arb, and root efficiency and scalability in cryptographic applications. By commitment. allowing the use of smaller keys and optimizing the Signature verification process, the Verkle scheme showcases its (4) = (sig||arb|| 𝑌 ||proof, root commit) potential as a powerful upgrade. 36 One notable feature is the reduction in the amount of References verification required, approximately by a factor of 6-8, compared to the Merkle scheme. This optimization is [1] T. Ladd, et al., Quantum Computers, Nature 464 achieved by streamlining the verification process through (2010) 45–53. doi: 10.1038/nature08812. a single proof that validates all parent-child connections, [2] D. Divincenzo, Topics in Quantum Computers, from leaf nodes to the root. This innovation not only Mesoscopic Electron Transport, NATO ASI Series enhances efficiency but also paves the way for increased 345 (1997). doi: 10.1007/978-94-015-8839-3_18. scalability, addressing crucial concerns in contemporary [3] B. Gardas, et al., Defects in Quantum Computers, cryptographic systems. Sci. Rep. 8 (2018) 4539. doi: 10.1038/s41598-018- While the Verkle scheme introduces a more complex 22763-2. cryptographic framework, the benefits it brings in terms [4] A. Lele, Quantum Computers. In: Quantum of reduced verification overhead and improved scalability Technologies and Military Strategy, Advanced make it a compelling choice for applications where these Sciences and Technologies for Security Applications factors are paramount. The utilization of SNARKs (2021). doi: 10.1007/978-3-030-72721-5_3. (Succinct Non-Interactive Arguments of Knowledge) for [5] J. Bardin, Beyond-Classical Computing Using Verkle proof verification further aligns with the trend of Superconducting Quantum Processors, IEEE leveraging advanced cryptographic tools for enhanced International Solid- State Circuits Conference efficiency. (ISSCC) (2022) 422–424. doi: 10.1109/ISSCC42614. Looking ahead, the inevitability of quantum 2022.9731635. computing advancements necessitates a strategic shift [6] A. Ilyenko, et al., Practical Aspects of Using Fully towards STARKs (Scalable Transparent Arguments of Homomorphic Encryption Systems to Protect Cloud Knowledge) proofs with hashes. This shift is driven by the Computing, in: Cybersecurity Providing in recognition that the linear homomorphisms on which Information and Telecommunication Systems II, vol. Verkle trees depend may no longer be secure in the face of 3550 (2023) 226-233. quantum computing capabilities. While this transition [7] R. Chernenko, et al., Encryption Method for Systems introduces challenges, it also opens avenues for exploring with Limited Computing Resources, in: alternative cryptographic primitives that align with post- Cybersecurity Providing in Information and quantum assumptions. Telecommunication Systems, vol. 3288 (2022) 142- Moreover, the mention of SNARK-based Verkle proof 148. verification and the potential for reverting to SNARK [8] V. Sokolov, P. Skladannyi, H. Hulak, Stability Merkle proofs when improved underscore the adaptability Verification of Self-Organized Wireless Networks of cryptographic schemes in response to evolving with Block Encryption, in: 5th International technologies. This adaptability becomes crucial in Workshop on Computer Modeling and Intelligent ensuring the long-term security and efficiency of Systems, vol. 3137 (2022) 227–237. cryptographic systems. [9] A. Bessalov, et al., Modeling CSIKE Algorithm on In summary, the Verkle scheme represents a Non-Cyclic Edwards Curves, in: Cybersecurity significant leap forward in cryptographic design, offering Providing in Information and Telecommunication tangible benefits in terms of reduced verification Systems, vol. 3288 (2022) 1–10. complexity and enhanced scalability. As quantum [10] J. Katz, Digital Signatures, Volume 1, Springer computing looms on the horizon, the transition to (2010). STARKed proofs reflects a proactive stance in preparing [11] Aki, Digital Signatures: A Tutorial Survey, cryptographic systems for the challenges posed by Computer 16(2) (1983) 15–24. evolving technologies. This adaptability, coupled with [12] D. Pointcheval, J. Stern, Security Arguments for ongoing advancements in cryptographic tools, positions Digital Signatures and Blind Signatures, J. Cryptol. the field for continued innovation and the development of 13 (2000) 361–396. schemes grounded in post-quantum assumptions, [13] R. Haraty, A. N. El-Kassar, B. Shibaro, A ensuring the robustness of cryptographic protocols in the Comparative Study of RSA Based Digital Signature face of emerging threats. Algorithms, J. Math. Statistics 2(1) (2006) 354–359. [14] S. Jaju, S. Chowhan, A Modified RSA Algorithm to Acknowledgment Enhance Security for Digital Signature, International Conference and Workshop on This work was supported by Shota Rustaveli National Computing and Communication (IEMCON), IEEE Science Foundation of Georgia (SRNSF) [STEM–22-1076]. (2015). [15] C. Fu, Z. Zhi-liang, An Efficient Implementation of RSA Digital Signature Algorithm, 4th International 37 Conference on Wireless Communications, [28] A. Gagnidze, M. Iavich, G. Iashvili, Some Aspects of Networking and Mobile Computing, IEEE (2008). Post-Quantum Cryptosystems, Eurasian J. Business [16] U. Somani, K. Lakhani, M. Mundra, Implementing Manag. Eurasian Publications 5(1) (2017) 16–20. Digital Signature with RSA Encryption Algorithm to [29] H. Chen, D. Liang, Adaptive Spatio-Temporal Query Enhance the Data Security of Cloud in Cloud Strategies in Blockchain, ISPRS Int. J. Geo-Inf. 11 Computing, First International Conference On (2022). doi: 10.3390/ijgi11070409. Parallel, Distributed and Grid Computing (PDGC [30] W. Wang, A. Ulichney, C. Papamanthou, 2010), IEEE (2010). BalanceProofs: Maintainable Vector Commitments [17] T. Jager, S. A. Kakvi, A. May, On the Security of the with Fast Aggregation, Cryptology ePrint Archive PKCS# 1 v1. 5 Signature Scheme, ACM SIGSAC (2022). Conference on Computer and Communications [31] L. de Castro, C. Peikert, Functional Commitments Security (2018). for All Functions, with Transparent Setup and from [18] T. Jager, J. Schwenk, J. Somorovsky, On the Security SIS, Annual International Conference on the Theory of TLS 1.3 and QUIC Against Weaknesses in PKCS# and Applications of Cryptographic Techniques 1 v1. 5 Encryption, 22nd ACM SIGSAC Conference (2023). on Computer and Communications Security (2015). [19] M. Amara, A. Siad, Elliptic Curve Cryptography and its Applications, in: International Workshop on Systems, Signal Processing and Their Applications, WOSSPA, IEEE (2011). [20] S. Ullah, et al., Elliptic Curve Cryptography; Applications, Challenges, Recent Advances, and Future Trends: A Comprehensive Survey, Comput. Sci. Rev. 47 (2023). [21] G. Shankar, et al., Improved Multisignature Scheme for Authenticity of Digital Document in Digital Forensics Using Edward-Curve Digital Signature Algorithm, Secur. Commun. Netw. (2023). [22] C. Dods, N. Smart, M. Stam, Hash Based Digital Signature Schemes, Cryptography and Coding. Cryptography and Coding 2005, LNCS 3796 (2005). doi: 10.1007/11586821_8. [23] J. Buchmann, E. Dahmen, M. Szydlo, Hash-based Digital Signature Schemes, Post-Quantum Cryptography (2009). doi: 10.1007/978-3-540-88702- 7_3. [24] S. Rohde, et al., Fast Hash-Based Signatures on Constrained Devices, Smart Card Research and Advanced Applications, CARDIS 2008, LNCS 5189 (2008) doi: 10.1007/978-3-540-85893-5_8. [25] M. Schneider, S.-F. Chang, A Robust Content Based Digital Signature for Image Authentication, 3rd IEEE International Conference on Image Processing 3 (1996) 227–230. doi: 10.1109/ICIP.1996.560425. [26] M. Iavich, et al., Post-quantum Digital Signature Scheme for Personal Data Security in Communication Network Systems, International Conference of Artificial Intelligence Medical Engineering Education (2020) 303–314. [27] M. Iavich, A. Gagnidze, G. Iashvili, Hash Based Digital Signature Scheme with Integrated TRNG, in: International Conference on Information Technologies, vol. 2145 (2018) 79–82. 38