Hash-Based Signatures in Practice - ETSI Gazdag ETSI / IQC Quantum-Safe Cryptography Workshop 15th...

Preview:

Click to see full reader

Citation preview

Stefan-Lukas GazdagETSI / IQC Quantum-Safe Cryptography Workshop

15th of September 2017

Hash-Based Signaturesin Practice

2

Requirements

Adequate performance

Practical sizes

Proper state management

https://eprint.iacr.org/2016/357

Suitable life time of the key

Trustability and security NOW

3

Drawbacks

Stateful vs. stateless private key

(LMS / XMSS vs. SPHINCS)

State management may add to runtime

Access restricted

=> critical resource

=> parallelisation somewhat complex

Writing key to disk may be problematic

Copies of the private key may reveal old state

4

How about hash-based

signatures for TLS?

5

TLS

Con:

Typically parallel processes in use

High signing frequency possible

Non-trivial key distribution and revocation

Virtual machines

Pro:

HBS do fit common certificate standardsDoes work in test environments, but not that well for real-world use.

6

SSH

SSH setting different to TLS

Different key distribution

Lower signing frequency

Remember: Key has to be stored in a save environment, e.g. on a smart card

7

E-mail - S/MIME

Key distribution similarly possible to status quo

Current protocols / data structures may be extended

User experience stays the same

Again: laptop / computer using smart card

8

Real-world example:

update signatures

9

squareUP

www.square-up.org

10

Update Signatures

Build server asks for signature(s)

Key server handles the request

Build server releases package

Products can install new firmware / software after verifying signature

Goal:Products in the field can install newsoftware in post-quantum setting!

11

Update Signatures

Dedicated key server

=> smart card or hardware security module

Restricted environment

Manageable number of signatures per day

Acceptable timing restrictions (more or less)

Acceptable size restrictions (more or less)

Introducing new key fairly easy

„Hybrid“ signature release

12

Update Signatures

Current situation:

XMSS

OpenSSH

First products (firewall systems) with post-quantum updates by the end of this year.

13

Other use cases

Other use cases?

14

Other use cases

Verified Boot

Attribute-based authentication

15

Questions?stefan-lukas_gazdag@genua.eu

Recommended

Hash-based Signatures and SPHINCS · Hash-based Signature Schemes [Mer89] 20-1-2015 PAGE 2 Post quantum Only secure hash function Security well understood Fast Stateful
Documents
Mitigating Multi-Target-Attacks in Hash-based Signatures · Mitigating Multi-Target-Attacks in Hash-based Signatures Andreas Hülsing joint work with Joost Rijneveld, Fang Song
Documents
CSCI 172/283 Fall 2010 Hash Functions, HMACs, and Digital Signatures
Documents
Draft ETSI EN 319 122-1 V1.0319100_319199\31912201\01.00...ETSI 7 Draft ETSI EN 319 122-1 V1.0.0 (2015-06) 1 Scope The present document specifies CAdES digital signatures. CAdES signatures
Documents
digsig uk 13 · Digital Signatures Nicolas T. Courtois, 2006-2009 40 [Cryptographic] Hash Function: A hash function (or hash algorithm) is a reproducible method of turning data (usually
Documents
TS 119 312 - V1.3.1 - Electronic Signatures and ...2001/01/03  · Electronic Signatures and Infrastructures (ESI); Cryptographic Suites TECHNICAL SPECIFICATION ETSI 2 ETSI TS 119
Documents
XMSS: Extended Hash-Based Signatures
Documents
Cryptographic Hash Functions Message Authentication Digital Signatures
Documents
SPHINCS: practical stateless hash-based signatures
Documents
W-OTS { Shorter Signatures for Hash-Based Signature · PDF fileW-OTS+{ Shorter Signatures for Hash-Based Signature Schemes ... The rst property allows us to compute the security of
Documents
Cryptographic Hash Functions Message Authentication ...lai.1/651/6.hash-MAC.pdfCryptographic Hash Functions Message Authentication Digital Signatures Abstract We will discuss • Cryptographic
Documents
W-OTS + – Shorter Signatures for Hash-Based Signature Schemes
Documents
Parallel SHA-256 in NEON for use in hash-based signatures
Documents
Recommendation for applications using approved … WORDS: digital signatures, hash algorithm, hash function, hash-based key derivation algorithms, hash value, HMAC, message digest,
Documents
SPHINCS: practical stateless hash-based signaturessphincs.cr.yp.to/slides-sphincs-20150428.pdfSPHINCS: practical stateless hash-based signatures DanielJ.Bernstein DairaHopwood AndreasHülsing
Documents
Programmable Hash Functions Go Private: Constructions and ... · Programmable Hash Functions Go Private: Constructions and Applications to (Homomorphic) Signatures with Shorter Public
Documents
Adobe and Cloud-based Signatures - ETSI
Documents
Hash-Based Signatures
Documents
1 MACs, Digital Signatures, Hash Functions and Digital Certificates Digital Signatures are used to “Sign” messages to validate the source and integrity
Documents
SPHINCS: practical stateless hash-based signatures practical stateless hash-based signatures Daniel J. Bernstein 1;3, Daira Hopwood 2, Andreas Hülsing 3, anjaT Lange 3, Ruben Niederhagen
Documents