The Merkle signature scheme (MSS) is an interesting alternative for well established signature schemes such as RSA, DSA, and ECDSA. The security of MSS only relies on the existence of cryptographically secure hash functions. MSS has a good chance of being quantum computer resistant. In this paper, we propose CMSS, a variant of MSS, with reduced private key size, key pair generation time, and signature generation time. We demonstrate that CMSS is competitive in practice by presenting a highly e#cient implementation within the Java Cryptographic Service Provider FlexiProvider. We present extensive experimental results and show that our implementation can for example be used to sign messages in Microsoft Outlook.

pages 156–175, 2013. [2] Johannes Buchmann, Denise Demirel, and Jeroen van de Graaf. Towards a publicly-verifiable mix-net providing everlasting privacy. In Financial Cryptog-raphy, pages 197–204, 2013. [3] Denise Demirel, Jeroen van de Graaf, and Roberto Araùjo. Improving helios

I would like to thank my parents for always believing in me. I would also like to thank my supervisors Richard Lindner and Johannes Buchmann for their useful comments and suggestions on how to improve the queality of the thesis. Not on last place I would like to thank Vadim Lyubashevsky and Luis

I would like to thank Prof. Johannes Buchmann for his interesting and also entertaining introduction to cryptography and the opportunity to carry on research on fault attacks. I enjoyed the relaxed and friendly atmosphere in his research group. I would also like to thank Daniel Schepers for helpful

Foremost, I would like to thank Prof. Dr. Johannes Buchmann for giving me the opportunity to write this thesis. I am deeply grateful to my direct supervisor, Richard Lindner, for his detailed and constructive remarks, and for all his help and support throughout my work. Warranty I hereby warrant

-shop in 2008, Johannes Buchmann listed several key research questions to all post-quantum cryptographers present. One problem in MQ-based cryptography, he noted, is “if the difference between the operating degrees of XL(-with-Sparse-Solver) and F4/F5 approaches can be accurately bounded for random systems.” We

I would like to thank my direct supervisor Richard Lindner for all his tips and his help throughout this bachelor thesis. I would also like to thank Prof. Buchmann for accepting me to write this thesis and showing me some of the interesting aspects of number theory and cryptography. Not to forget

Can Schönhage multiplication speed up the RSA decryption or encryption? (extended abstract)

Abstract. MutantXL is an algorithm for solving systems of polynomial equations that was proposed at SCC 2008. This paper proposes two substantial improvements to this algorithm over GF(2) that result in significantly reduced memory usage. We present experimental results comparing MXL2 to the XL algorithm, the MutantXL algorithm and Magma’s implementation of F4. For this comparison we have chosen small, randomly generated instances of the MQ problem and quadratic systems derived from HFE instances. In both cases, the largest matrices produced by MXL2 are substantially smaller than the ones produced by MutantXL and XL. Moreover, for a significant number of cases we even see a reduction of the size of the largest matrix when we compare MXL2 against Magma’s F4 implementation. 1

I would like to thank some people who were involved in the creation of this thesis: • Berry Schoenmakers of TU Eindhoven for introducing me to the topic of cryptographic voting protocols. • Evangelos Karatsiolis for his work in guiding me through the process of writing this thesis and his constant motivation. • Roberto Samarone Araujo for hours of discussing various protocols with Evengelos and me. • Warren D. Smith for providing with a preliminary version of his upcoming book »How Mathematics can Improve Democracy«. • Ute Günther and Christian Burgmann for their proof-reading. Nonetheless, any remaing errors shall be blamed on me. • Andrea Peter for her love and for cheering me up when I was down. • Last but not least my parents, Jacqueline Herrnkind and Hans Peter Klink – without their love and continuous support, this thesis would never have been written.