GeMSS - Quantum-Safe Digital Signatures

GeMSS (Great Multivariate Signature Scheme) is a multivariate-based digital signature algorithm designed to be secure against quantum computer attacks.

Key Generation

Generate a GeMSS key pair for signing and verification

Key generation may take several seconds due to the complexity of the algorithm. GeMSS has large public keys (several MB).

Sign File

Upload a file and sign it with your private key

Verify Signature

Verify a file's signature using the signer's public key

Paste the signature or upload a signature file

About GeMSS

GeMSS (Great Multivariate Signature Scheme) is a digital signature algorithm based on multivariate cryptography. It was submitted as a candidate for the NIST Post-Quantum Cryptography standardization process and advanced to the third round as an alternate candidate.

Key Features:
  • Type: Multivariate-based digital signature algorithm
  • Security Basis: Hardness of solving systems of multivariate quadratic equations (MQ problem)
  • Quantum Resistance: Designed to be secure against attacks from quantum computers
  • Signature Size: Very small signatures (typically 33-66 bytes)
  • Public Key Size: Large public keys (several MB)
  • Variants: GeMSS, BlueGeMSS, and RedGeMSS with different parameter tradeoffs
How GeMSS Works:

GeMSS is based on the Hidden Field Equations (HFE) cryptosystem with some modifications:

  1. Key Generation:
    • Generate a secret HFE polynomial F over an extension field
    • Generate two secret invertible affine transformations S and T
    • Compute the public key as P = S ∘ F ∘ T (composition of functions)
    • The private key consists of F, S, and T
  2. Signing:
    • Hash the message to a fixed-length digest
    • Use the private key to find a preimage of this digest under the public key function P
    • This preimage is the signature
  3. Verification:
    • Hash the message to get the same digest
    • Apply the public key function P to the signature
    • Check if the result matches the message digest
Advantages and Disadvantages:
Advantages Disadvantages
  • Very small signatures
  • Fast verification
  • Based on a different mathematical problem than other post-quantum approaches
  • Provides diversity in post-quantum cryptography
  • Very large public keys (several MB)
  • Slower signing operation
  • Less studied than some other post-quantum approaches
Parameter Sets:

GeMSS offers several parameter sets with different security levels and tradeoffs:

  • GeMSS-128/192/256: The main variants targeting NIST security levels 1, 3, and 5
  • BlueGeMSS-128/192/256: Variants with different parameter choices optimizing for certain performance characteristics
  • RedGeMSS-128/192/256: Additional variants with different tradeoffs
Applications:

GeMSS is particularly well-suited for applications where:

  • Signature size is critical (e.g., constrained environments)
  • Fast verification is important
  • Public key size is less constrained (e.g., can be stored on a server)
  • Diversity in cryptographic approaches is desired
Note: While GeMSS was not selected as a primary standard by NIST, it remains an interesting alternative in the post-quantum cryptography landscape, particularly due to its extremely small signatures. For most general applications, NIST-selected algorithms like Dilithium, Falcon, or SPHINCS+ are recommended.