221 research outputs found
Optimizing Hash-Based Signatures in Java
Hash-based signature schemes are an extensively studied and well-understood choice for quantum-safe digital signatures. However, certain operations, most notably the key generation, can be comparably expensive. It is, therefore, essential to use well-optimized implementations.
This thesis aims to explore, implement, and evaluate optimization strategies for hashbased signature implementations in Java. These include the use of special hardware features like vector instructions and hardware acceleration for hash functions as well as the parallelization of the key generation. Overall, we are able to reduce the time required for an XMSS key generation with SHA-2 by up to 96.4% (on four CPU cores) compared to the unmodified BouncyCastle implementation. For SPHINCS+ with the Haraka hash function family, we achieve a reduction of up to 95.7% on only one CPU core. Furthermore, we investigate the use of two scheme variants WOTS-BR and WOTS+C proposed in the literature for verification-optimized signatures. We improve the existing theoretical analysis of both, provide a comparison and experimentally validate our improved theoretical analysis
PERFORMANCE OF HYBRID SIGNATURES FOR PUBLIC KEY INFRASTRUCTURE CERTIFICATES
The modern public key infrastructure (PKI) model relies on digital signature algorithms to provide
message authentication, data integrity, and non-repudiation. To provide this, digital signature algorithms,
like most cryptographic schemes, rely on a mathematical hardness assumption for provable security. As we
transition into a post-quantum era, the hardness assumptions used by traditional digital signature algorithms
are increasingly at risk of being solvable in polynomial time. This renders the entirety of public key
cryptography, including digital signatures, vulnerable to being broken. Hybrid digital signature schemes
represent a potential solution to this problem. In this thesis, we provide the first test implementation of true
hybrid signature algorithms. We evaluate the viability and performance of several hybrid signature schemes
against traditional hybridization techniques via standalone cryptographic operations. Finally, we explore
how hybrid signatures can be integrated into existing X.509 digital certificates and examine their
performance by integrating both into the Transport Layer Security 1.3 protocol.Outstanding ThesisGunnery Sergeant, United States Marine CorpsApproved for public release; distribution is unlimited
ANCHOR: logically-centralized security for Software-Defined Networks
While the centralization of SDN brought advantages such as a faster pace of
innovation, it also disrupted some of the natural defenses of traditional
architectures against different threats. The literature on SDN has mostly been
concerned with the functional side, despite some specific works concerning
non-functional properties like 'security' or 'dependability'. Though addressing
the latter in an ad-hoc, piecemeal way, may work, it will most likely lead to
efficiency and effectiveness problems. We claim that the enforcement of
non-functional properties as a pillar of SDN robustness calls for a systemic
approach. As a general concept, we propose ANCHOR, a subsystem architecture
that promotes the logical centralization of non-functional properties. To show
the effectiveness of the concept, we focus on 'security' in this paper: we
identify the current security gaps in SDNs and we populate the architecture
middleware with the appropriate security mechanisms, in a global and consistent
manner. Essential security mechanisms provided by anchor include reliable
entropy and resilient pseudo-random generators, and protocols for secure
registration and association of SDN devices. We claim and justify in the paper
that centralizing such mechanisms is key for their effectiveness, by allowing
us to: define and enforce global policies for those properties; reduce the
complexity of controllers and forwarding devices; ensure higher levels of
robustness for critical services; foster interoperability of the non-functional
property enforcement mechanisms; and promote the security and resilience of the
architecture itself. We discuss design and implementation aspects, and we prove
and evaluate our algorithms and mechanisms, including the formalisation of the
main protocols and the verification of their core security properties using the
Tamarin prover.Comment: 42 pages, 4 figures, 3 tables, 5 algorithms, 139 reference
Prototyping post-quantum and hybrid key exchange and authentication in TLS and SSH
Once algorithms for quantum-resistant key exchange and digital signature schemes are selected by standards bodies, adoption of post-quantum cryptography will depend on progress in integrating those algorithms into standards for communication protocols and other parts of the IT infrastructure. In this paper, we explore how two major Internet security protocols, the Transport Layer Security (TLS) and Secure Shell (SSH) protocols, can be adapted to use post-quantum cryptography.
First, we examine various design considerations for integrating post-quantum and hybrid key exchange and authentication into communications protocols generally, and in TLS and SSH specifically. These include issues such as how to negotiate the use of multiple algorithms for hybrid cryptography, how to combine multiple keys, and more. Subsequently, we report on several implementations of post-quantum and hybrid key exchange in TLS 1.2, TLS 1.3, and SSHv2. We also report on work to add hybrid authentication in TLS 1.3 and SSHv2. These integrations are in Amazon s2n and forks of OpenSSL and OpenSSH; the latter two rely on the liboqs library from the Open Quantum Safe project
Integration of post-quantum cryptography in the TLS protocol (LWE Option)
Dissertação de mestrado em Computer ScienceWith the possibility of quantum computers making an appearance, possibly capable of
breaking several well established and widespread crytposystems (especially those that
implement public key cryptography), necessity has arisen to create new cryptographic
algorithms which remain safe even against adversaries using quantum computers.
Several algorithms based on different mathematical problems have been proposed which
are considered to be hard to solve with quantum computers. In recent years, a new
lattice-based mathematical problem called Learning With Errors (and its variant Ring -
Learning With Errors) was introduced, and several cryptosystems based on this problem
were introduced, some of which are becoming practical enough to compete with traditional
schemes that have been used for decades.
The primary focus in this work is the implementation of two Ring - Learning With Errors
based schemes (one key exchange mechanism and one digital signature scheme) on the TLS
protocol via the OpenSSL library as a way of checking their overall viability in real-world
scenarios, by comparing them to classical schemes implementing the same functionalities.Com a possibilidade do surgimento dos primeiros computadores quânticos, possivelmente
capazes de quebrar muitos dos cripto-sistemas bem difundidos e considerados seguros,
tornou-se necessário tomar precauções com a criação de novas técnicas criptográficas que
visam manter as suas propriedades de segurança mesmo contra adversários que usem
computadores quânticos.
Existem já muitas propostas de algoritmos baseados em problemas matemáticos
distintos que sĂŁo considerados difĂceis de resolver recorrendo a computadores quânticos.
Recentemente, foi introduzido um novo problema baseado em reticulados denominado de
Learning With Errors (e a sua variante Ring - Learning With Errors), e consequentemente
foram propostos vários cripto-sistemas baseados nesse problema, alguns dos quais começam
já a ser utilizáveis ao ponto de poderem ser comparados com os esquemas clássicos usados
há décadas.
O foco principal neste trabalho é a implementação de dois esquemas baseados no problema
Ring - Learning With Errors (mais precisamente, um esquema de troca de chaves e uma
assinatura digital) no protocolo TLS através da sua integração no OpenSSL como forma de
verificar a sua viabilidade em contextos reais, comparando-os com esquemas clássicos que
implementem as mesmas funcionalidades
SoK: Post-Quantum TLS Handshake
Transport Layer Security (TLS) is the backbone security protocol of the Internet. As this fundamental protocol is at risk from future quantum attackers, many proposals have been made to protect TLS against this threat by implementing post-quantum cryptography (PQC). The widespread interest in post-quantum TLS has given rise to a large number of solutions over the last decade. These proposals differ in many aspects, including the security properties they seek to protect, the efficiency and trustworthiness of their post-quantum building blocks, and the application scenarios they consider, to name a few.
Based on an extensive literature review, we classify existing solutions according to their general approaches, analyze their individual contributions, and present the results of our extensive performance experiments. Based on these insights, we identify the most reasonable candidates for post-quantum TLS, which research problems in this area have already been solved, and which are still open. Overall, our work provides a well-founded reference point for researching post-quantum TLS and preparing TLS in practice for the quantum age
Post-Quantum Authentication in TLS 1.3: A Performance Study
The potential development of large-scale quantum computers is raising concerns among IT and security research professionals due to their ability to solve (elliptic curve) discrete logarithm and integer factorization problems in polynomial time. All currently used public key algorithms would be deemed insecure in a post-quantum (PQ) setting. In response, the National Institute of Standards and Technology (NIST) has initiated a process to standardize quantum-resistant crypto algorithms, focusing primarily on their security guarantees. Since PQ algorithms present significant differences over classical ones, their overall evaluation should not be performed out-of-context. This work presents a detailed performance evaluation of the NIST signature algorithm candidates and investigates the imposed latency on TLS 1.3 connection establishment under realistic network conditions. In addition, we investigate their impact on TLS session throughput and analyze the trade-off between lengthy PQ signatures and computationally heavy PQ cryptographic operations.
Our results demonstrate that the adoption of at least two PQ signature algorithms would be viable with little additional overhead over current signature algorithms. Also, we argue that many NIST PQ candidates can effectively be used for less time-sensitive applications, and provide an in-depth discussion on the integration of PQ authentication in encrypted tunneling protocols, along with the related challenges, improvements, and alternatives. Finally, we propose and evaluate the combination of different PQ signature algorithms across the same certificate chain in TLS. Results show a reduction of the TLS handshake time and a significant increase of a server\u27s TLS tunnel connection rate over using a single PQ signature scheme
Towards Quantum-Safe VPNs and Internet
Estimating that in 10 years time quantum computers capable of breaking public-key cryptography currently considered safe could exist, this threat is already eminent for information that require secrecy for more than 10 years. Considering the time required to standardize, implement and update existing networks signifies the urgency of adopting quantum-safe cryptography.
In this work, we investigate the trade-off between network and CPU overhead and the security levels defined by NIST. To do so, we integrate adapted OpenSSL libraries into OpenVPN, and perform experiments on a large variety of quantum-safe algorithms for respectively TLS versions 1.2 and 1.3 using OpenVPN and HTTPS independently. We describe the difficulties we encounter with the integration and we report the experimental performance results, comparing setting up the quantum-safe connection with setting up the connection without additional post-quantum cryptography
- …