The U.S. National Institute of Standards and Technology (NIST) recently standardized the first set of post-quantum cryptography algorithms. Two of the three NIST-selected signature algorithms are lattice based, offering good performance but posing challenges due to complex implementation and intricate security assumptions. A more conservative choice for quantum-safe authentication are hash-based signature systems, such as the also-standardized SLH-DSA, which is based on the SPHINCS+ construction. However, due to large signature sizes and low signing speeds, hash-based systems have only found use in niche applications. In this work we combine different approaches to show that the SPHINCS+ signature system can be optimized in its parameters and implementation to be high performing, even when signing in an embedded setting. We demonstrate this in the context of user authentication using hardware security keys within FIDO and show that our SPHINCS+-based implementation can outperform lattice-based solutions from the literature while remaining highly portable. Due to conservative security assumptions, it does not require a hybrid construction and can be used as a drop-in replacement to perform authentication on current security keys. For reproducibility and to encourage further research, we publish our implementation and a framework for benchmarking tailored SPHINCS+ instantiations on Cortex-M4 MCUs.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Stateless Hash-Based Signatures for Post-Quantum Security Keys

  • Ruben Gonzalez

摘要

The U.S. National Institute of Standards and Technology (NIST) recently standardized the first set of post-quantum cryptography algorithms. Two of the three NIST-selected signature algorithms are lattice based, offering good performance but posing challenges due to complex implementation and intricate security assumptions. A more conservative choice for quantum-safe authentication are hash-based signature systems, such as the also-standardized SLH-DSA, which is based on the SPHINCS+ construction. However, due to large signature sizes and low signing speeds, hash-based systems have only found use in niche applications. In this work we combine different approaches to show that the SPHINCS+ signature system can be optimized in its parameters and implementation to be high performing, even when signing in an embedded setting. We demonstrate this in the context of user authentication using hardware security keys within FIDO and show that our SPHINCS+-based implementation can outperform lattice-based solutions from the literature while remaining highly portable. Due to conservative security assumptions, it does not require a hybrid construction and can be used as a drop-in replacement to perform authentication on current security keys. For reproducibility and to encourage further research, we publish our implementation and a framework for benchmarking tailored SPHINCS+ instantiations on Cortex-M4 MCUs.