XMSS-based Chain of Trust

EPiC series in computing Pub Date : 2021-01-01 DOI:10.29007/2fv1

Soundes Marzougui, Jean-Pierre Seifert

{"title":"XMSS-based Chain of Trust","authors":"Soundes Marzougui, Jean-Pierre Seifert","doi":"10.29007/2fv1","DOIUrl":null,"url":null,"abstract":"Given that large-scale quantum computers can eventually compute discrete logarithm and integer factorization in polynomial time [44], all asymmetric cryptographic schemes will break down. Hence, replacing them becomes mandatory. For this purpose, the Na- tional Institute of Standards and Technology (NIST) initiated a standardization process for post-quantum schemes. These schemes are supposed to substitute classical cryptography in different use-cases, such as client-server authentication during the TLS handshake. How- ever, their signatures, public key sizes, and signature verification time impose difficulty, especially for resource-constrained devices. In this paper, we improve the TLS hand- shake performance relying on post-quantum signatures by combining the XMSS and the Dilithium signature schemes along the chain of certificates. We provide proof-of-concept implementation of our solution by integrating the two signature schemes in the WolfSSL library. Moreover, we evaluate the performance of our solution and establish that it re- duces the signature verification time considerably and minimizes the size of the chain of trust. We provide a security proof of the proposed chain of trust which is relies on the security of the XMSS scheme.","PeriodicalId":93549,"journal":{"name":"EPiC series in computing","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2021-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"EPiC series in computing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.29007/2fv1","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Given that large-scale quantum computers can eventually compute discrete logarithm and integer factorization in polynomial time [44], all asymmetric cryptographic schemes will break down. Hence, replacing them becomes mandatory. For this purpose, the Na- tional Institute of Standards and Technology (NIST) initiated a standardization process for post-quantum schemes. These schemes are supposed to substitute classical cryptography in different use-cases, such as client-server authentication during the TLS handshake. How- ever, their signatures, public key sizes, and signature verification time impose difficulty, especially for resource-constrained devices. In this paper, we improve the TLS hand- shake performance relying on post-quantum signatures by combining the XMSS and the Dilithium signature schemes along the chain of certificates. We provide proof-of-concept implementation of our solution by integrating the two signature schemes in the WolfSSL library. Moreover, we evaluate the performance of our solution and establish that it re- duces the signature verification time considerably and minimizes the size of the chain of trust. We provide a security proof of the proposed chain of trust which is relies on the security of the XMSS scheme.

查看原文本刊更多论文

基于xmlss的信任链

考虑到大规模量子计算机最终可以在多项式时间[44]内计算离散对数和整数分解，所有非对称密码方案都将崩溃。因此，必须更换它们。为此，国家标准与技术研究所(NIST)启动了后量子方案的标准化过程。这些方案应该在不同的用例中替代经典加密，例如在TLS握手期间的客户机-服务器身份验证。然而，它们的签名、公钥大小和签名验证时间带来了困难，特别是对于资源受限的设备。本文通过在证书链上结合XMSS和Dilithium签名方案，改进了依赖后量子签名的TLS握手性能。我们通过在WolfSSL库中集成两个签名方案来提供我们解决方案的概念验证实现。此外，我们评估了我们的解决方案的性能，并确定它大大减少了签名验证时间，并最小化了信任链的大小。我们提供了基于XMSS方案安全性的信任链的安全性证明。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

EPiC series in computing

CiteScore

1.60

自引率

0.00%

发文量