Transitioning to a Hyperledger Fabric Quantum-Resistant Classical Hybrid Public Key Infrastructure

Abstract

This research has two parts; the first is to identify enterprise Hyperledger Fabric (HLF) blockchain cybersecurity vulnerabilities, threats, and legal obligations in a Post-Quantum Cryptography (PQC) world. HLF is a permissioned blockchain designed by IBM and uses Public Key Infrastructure (PKI), for digital signatures, and digital identities (X.509 certificates), which are critical to the operational security of its network. On 24 January 2019, Aetna, Anthem, Health Care Service Corporation, PNC Bank, and IBM announced collaboration to establish a blockchain-based ecosystem for the healthcare industry [1]. Quantum computing poses a devasting impact on PKI and estimates of its large-scale commercial arrival should not be underestimated and cannot be predicted. The HIPAA (Health Insurance Portability and Accountability Act) and General Data Protection Regulation (GDPR), requires “reasonable” measures to be taken to protect Protected Health Information (PHI), and Personally Identifiable Information (PII). However, HLF’s ecosystem is not post-quantum resistant, and all data that is transmitted over its network is vulnerable to immediate or later decryption by large scale quantum computers. The second part of this research is the independent evaluation and testing of National Institute of Standards and Technology (NIST), based Second Round Candidate PQC, lattice-based digital signature scheme, qTESLA. It’s, second-round submission is much improved, however; its algorithm characteristics and parameters are such that it is unlikely to be a quantum-resistant “as is,” simple “plug-and-play” function and replacement for HLF’s PKI. This work also proposes qTESLA’s public keys be used to create a quantum-resistant\classical hybrid PKI near-term replacement.