Real-World Post-Quantum Digital Signatures



Similar documents
Real-World Post-Quantum Digital Signatures

The Future of Digital Signatures. Johannes Buchmann

CMSS An Improved Merkle Signature Scheme

National Security Agency Perspective on Key Management

Quantum Safe Security Workgroup Presentation. Battelle / ID Quantique / QuantumCTek CSA EMEA Congress, Rome 19 November 2014

A Novel Approach for Signing Multiple Messages: Hash- Based Signature

Quantum Computers vs. Computers

Post-Quantum signatures. Johannes Buchmann

2014 IBM Corporation

OpenADR 2.0 Security. Jim Zuber, CTO QualityLogic, Inc.

Hash-based Digital Signature Schemes

Lecture 9: Application of Cryptography

Network Security Essentials Chapter 5

Chapter 7 Transport-Level Security

CRYPTOGRAPHY AS A SERVICE

Chapter 17. Transport-Level Security

Security Policy Revision Date: 23 April 2009

Using BroadSAFE TM Technology 07/18/05

An Introduction to Cryptography as Applied to the Smart Grid

Lukasz Pater CMMS Administrator and Developer

Accellion Secure File Transfer Cryptographic Module Security Policy Document Version 1.0. Accellion, Inc.

SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

The Security Framework 4.1 Programming and Design

Table of Contents. Bibliografische Informationen digitalisiert durch

CHAPTER 1 INTRODUCTION

Strengths and Weaknesses of Cybersecurity Standards

Secure Socket Layer (SSL) and Transport Layer Security (TLS)

Clearswift Information Governance

EXAM questions for the course TTM Information Security May Part 1

UNDERSTANDING PKI: CONCEPTS, STANDARDS, AND DEPLOYMENT CONSIDERATIONS, 2ND EDITION

Randomized Hashing for Digital Signatures

Is Your SSL Website and Mobile App Really Secure?

Public Key Cryptography in Practice. c Eli Biham - May 3, Public Key Cryptography in Practice (13)

FIPS Non- Proprietary Security Policy. McAfee SIEM Cryptographic Module, Version 1.0

CPA SECURITY CHARACTERISTIC DATA SANITISATION - FLASH BASED STORAGE

Safeguarding Data Using Encryption. Matthew Scholl & Andrew Regenscheid Computer Security Division, ITL, NIST

Transport Level Security

White Paper. Enhancing Website Security with Algorithm Agility

Grid Computing - X.509

Certificate Management. PAN-OS Administrator s Guide. Version 7.0

Binding Security Tokens to TLS Channels. A. Langley, Google Inc. D. Balfanz, Google Inc. A. Popov, Microsoft Corp.

4.1: Securing Applications Remote Login: Secure Shell (SSH) PEM/PGP. Chapter 5: Security Concepts for Networks

Contents at a Glance. 1 Introduction Basic Principles of IT Security Authentication and Authorization in

Certicom Security for Government Suppliers developing client-side products to meet the US Government FIPS security requirement

Chapter 8. Network Security

XMSS A Practical Forward Secure Signature Scheme based on Minimal Security Assumptions

Specific recommendations

Mobile OTPK Technology for Online Digital Signatures. Dec 15, 2015

AD CS.

McAfee Firewall Enterprise 8.2.1

The Factoring Dead Preparing for the Cryptopocalypse

Stefan Santesson Consultant, 3xA Security AB ( Born November 2, 1962 in Malmö, Sweden

2. Cryptography 2.4 Digital Signatures

CS 356 Lecture 28 Internet Authentication. Spring 2013

Authenticity of Public Keys

CS 393 Network Security. Nasir Memon Polytechnic University Module 11 Secure

CTS2134 Introduction to Networking. Module Network Security

Practical Invalid Curve Attacks on TLS-ECDH

HIGHSEC eid App Administration User Manual

Forward Secrecy: How to Secure SSL from Attacks by Government Agencies

SAP Single Sign-On 2.0 Overview Presentation

Quantum Safe Cryptography V1.0.0 ( )

Lecture 31 SSL. SSL: Secure Socket Layer. History SSL SSL. Security April 13, 2005

How To Understand And Understand The Security Of A Key Infrastructure

The New Approach of Quantum Cryptography in Network Security

FORWARD: Standards-and-Guidelines-Process.pdf. 1

Meeting Today s Data Security Requirements with Cisco Next-Generation Encryption

McAfee Firewall Enterprise 8.3.1

Authentication requirement Authentication function MAC Hash function Security of

Implementing Cisco IOS Network Security v2.0 (IINS)

Factory Application Certificates and Keys Products: SB700EX, SB70LC

PowerChute TM Network Shutdown Security Features & Deployment

Acano solution. Security Considerations. August E

Computer Networks. Secure Systems

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

Fast Hash-Based Signatures on Constrained Devices

Oracle Solaris Security: Mitigate Risk by Isolating Users, Applications, and Data

Information & Communication Security (SS 15)

Internet Programming. Security

Digital Signature. Raj Jain. Washington University in St. Louis

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Public Key Cryptography. Performance Comparison and Benchmarking

C O M P U T E R S E C U R I T Y

Overview of Public-Key Cryptography

Pulse Secure, LLC. January 9, 2015

Introduction to post-quantum cryptography

CRYPTOGRAPHY AND NETWORK SECURITY

DRAFT Standard Statement Encryption

Apache Security with SSL Using Ubuntu

Distributed Public Key Infrastructure via the Blockchain. Sean Pearl April 28, 2015

Transcription:

Real-World Post-Quantum Digital Signatures Denis Butin 1, Stefan-Lukas Gazdag 2, and Johannes Buchmann 1 1 TU Darmstadt 2 genua mbh CSP Forum 2015, Brussels 1 / 14

Post-Quantum Digital Signatures 2 / 14

Post-Quantum Digital Signatures 1/2 Digital signatures ubiquitous: software update authentication, secure web browsing with HTTPS... Most commonly used digital signature schemes: RSA, DSA, ECDSA All rely on hardness of number-theoretic problems: integer factoring & discrete logarithm computation 3 / 14

Post-Quantum Digital Signatures 2/2 Development of quantum computing accelerating. NSA $80M Penetrating Hard Targets project (Snowden) Quantum computers would break RSA, DSA & ECDSA (Shor s algorithm, 1994) Different categories of post-quantum (quantum-safe) digital signature schemes have already been described theoretically Many kinds of post-quantum digital signatures: hash-based, code-based (McEliece), lattice-based (NTRU), multivariate (Rainbow) 4 / 14

1/2 Initial idea introduced by Merkle (1979), many improvements since (CMSS, GMSS, XMSS, XMSS MT... ). Very well understood security proofs. Minimal security requirement: secure hash function. 5 / 14

2/2 Use one-time signature (OTS) schemes such as Winternitz can only be used to sign once! Must keep track of key index. Use binary tree and secure hash function to combine many OTS key pairs into single structure MT version: multiple layers of binary hash trees Global public key is value at root of binary tree Advanced schemes like XMSS (2011) and XMSS MT reduce signature key size and allow up to 2 80 OTS key pairs 6 / 14

1/2 Lack of standardisation necessary for interoperability, canonical parameter sets, formats, increased expert scrutiny. Current commonly used digital signatures are all standardised. Unavailability in major cryptographic libraries ad hoc implementations are error-prone, impractical and costly 7 / 14

2/2 Lack of parameter selection recommendations. Obstacle made greater by large number of parameters in schemes like XMSS MT No notable real-world use lack of concrete examples and deployment experience 8 / 14

Cryptographic Library Integration (1/2) Stand-alone implementations of XMSS and XMSS MT already exist but are not integrated with libraries Libraries considered: OpenSSL (possibly variants) and Bouncy Castle Protocols being tackled: TLS (e.g. HTTPS), SSH (e.g. remote login), S/MIME (email authentication) 9 / 14

Cryptographic Library Integration (2/2) TLS and SSH in OpenSSL first core implementation, then protocol-level integration S/MIME in Bouncy Castle also two-step process. Simplified core implementation exists (GMSS). OpenSSL module will be used in real-world application by project partner genua 10 / 14

Standardisation 2014 IETF Internet-Draft by McGrew and Curcio supports plain Merkle signatures We recently proposed an Internet-Draft with Hülsing (TU Eindhoven) and Mohaisen (Verisign) supporting advanced hash-based signature schemes Provides starting point for future standardisation of stateless hash-based schemes like SPHINCS (no state handling issues, but performance impact) http://datatracker.ietf.org/doc/ draft-huelsing-cfrg-hash-sig-xmss 11 / 14

Parameter Recommendations Digital signatures appear in use cases with very different requirements, e.g. signing frequency must be very fast for TLS/HTTPS, not so critical for software update authentication No one size fits all different variants (XMSS, XMSS MT ) optimal for different use cases Large number of parameter sets suggested in Internet-Draft. Too many? All scenarios covered? Feedback appreciated. 12 / 14

Post-quantum digital signature deployment necessary to counter quantum computing threat Hash-based signatures well understood by research community, practical use must be fostered Standardisation in progress currently IETF, more planned Use cases and parameter recommendations to be refined Crypto library integration and proof-of-concept deployment underway 13 / 14

Thank you Questions & feedback welcome! www.pqsignatures.org 14 / 14

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information