On the Role of Hash-Based Signatures in Quantum-Safe Internet of Things:Current Solutions and Future Directions

The Internet of Things (IoT) is gaining ground as a pervasive presence around us by enabling miniaturized things with computation and communication capabilities to collect, process, analyze, and interpret information. Consequently, trustworthy data act as fuel for applications that rely on the data generated by these things, for critical decision-making processes, data debugging, risk assessment, forensic analysis, and performance tuning. Currently, secure and reliable data communication in IoT is based on public-key cryptosystems such as Elliptic Curve Cryptosystem (ECC). Nevertheless, reliance on the security of de-facto cryptographic primitives is at risk of being broken by the impending quantum computers. Therefore, the transition from classical primitives to quantum-safe primitives is indispensable to ensure the overall security of data en route. In this paper, we investigate applications of one of the post-quantum signatures called Hash-Based Signature (HBS) schemes for the security of IoT devices in the quantum era. We give a succinct overview of the evolution of HBS schemes with emphasis on their construction parameters and associated strengths and weaknesses. Then, we outline the striking features of HBS schemes and their significance for the IoT security in the quantum era. We investigate the optimal selection of HBS in the IoT networks with respect to their performance-constrained requirements, resource-constrained nature, and design optimization objectives. In addition to ongoing standardization efforts, we also highlight current and future research and deployment challenges along with possible solutions. Finally, we outline the essential measures and recommendations that must be adopted by the IoT ecosystem while preparing for the quantum world.Comment: 18 pages, 7 tables, 7 figure

Optimizing Hash-Based Signatures in Java

Hash-based signature schemes are an extensively studied and well-understood choice for quantum-safe digital signatures. However, certain operations, most notably the key generation, can be comparably expensive. It is, therefore, essential to use well-optimized implementations. This thesis aims to explore, implement, and evaluate optimization strategies for hashbased signature implementations in Java. These include the use of special hardware features like vector instructions and hardware acceleration for hash functions as well as the parallelization of the key generation. Overall, we are able to reduce the time required for an XMSS key generation with SHA-2 by up to 96.4% (on four CPU cores) compared to the unmodified BouncyCastle implementation. For SPHINCS+ with the Haraka hash function family, we achieve a reduction of up to 95.7% on only one CPU core. Furthermore, we investigate the use of two scheme variants WOTS-BR and WOTS+C proposed in the literature for verification-optimized signatures. We improve the existing theoretical analysis of both, provide a comparison and experimentally validate our improved theoretical analysis

To Be, or Not to Be Stateful: Post-Quantum Secure Boot using Hash-Based Signatures

While research in post-quantum cryptography (PQC) has gained significant momentum, it is only slowly adopted for real-world products. This is largely due to concerns about practicability and maturity. The secure boot process of embedded devices is one s- cenario where such restraints can result in fundamental security problems. In this work, we present a flexible hardware/software co-design for hash-based signature (HBS) schemes which enables the move to a post-quantum secure boot today. These signature schemes stand out due to their straightforward security proofs and are on the fast track to standardisation. In contrast to previous works, we exploit the performance intensive similarities of the s- tateful LMS and XMSS schemes as well as the stateless SPHINCS+ scheme. Thus, we enable designers to use a stateful or stateless scheme depending on the constraints of each individual application. To show the feasibility of our approach, we compare our results with hardware accelerated implementations of classical asymmetric algorithms. Further, we lay out the usage of different HBS schemes during the boot process. We compare different schemes, show the importance of parameter choices, and demonstrate the performance gain with different levels of hardware acceleration

Implementing a library to provide Winternitz signatures with lightweight primitive using the Rust Programming Language

TCC(graduação) - Universidade Federal de Santa Catarina. Centro Tecnológico. Ciências da Computação.Post-quantum cryptography refers to cryptography algorithms that are considered secure even against quantum computer attacks. Most conventional algorithms depend on the hardness of integer factorization and discrete logarithm mathematical problems. \citeonline{shor1999polynomial} presents a method to solve both of these problems using a large enough quantum computer, effectively breaking the security those algorithms depend on. Hash-based signature schemes are shown to be secure against attacks using Shor's algorithms. These signatures relying on the security of the underlying cryptographic hash function, avoiding the delays and cost of a new certification effort \cite{merkle1989certified}. \citeonline{merkle1989certified} introduces \gls{WOTS} as a hash-based signature scheme where the cryptographic function is applied to the message blocks repeatedly as a way to sign messages using minimal security assumptions, the underlying family of hash functions can be exchanged as long as they fulfill some security properties. \citeonline{bernstein2017gimli} introduces Gimli, a lightweight option for building hash functions through a sponge construction, aimed towards embedded devices and portability. In this paper we present EWOTS, a library containing the Winternitz signature scheme and the Gimli hash function through the Rust programming language.Criptografia pós-quântica se refere a algoritmos considerados seguros mesmo quando atacados usando técnicas desenvolvidas para computadores quânticos. A maioria dos algoritmos clássicos baseiam sua segurança na dificuldade de problemas matemáticos, a fatoração de números inteiros grandes e logarítmo discreto. Shor (1999) mostra um método efetivo de ataque a estes problemas usando um computador quântico que, teoricamente, quebraria a segurança de qualquer algoritmo dependente destes problemas. A segurança dos esquemas de assinaturas digital baseadas em resumo criptográfico não são quebradas pelos métodos introduzidos por Shor, dependendo apenas da segurança do algoritmo usado no resumo criptográfico. \citeonline{merkle1989certified} introduz o esquema de assinatura única Winternitz (WOTS, \emph{Winternitz one-time signature scheme}), um esquema de assinatura baseado em funções de resumo criptográfico onde o resumo sucessivo de blocos de mensagem é computado como uma forma de assinar dados. A família de resumo criptográfico usada pode ser trocada sem a perda de segurança desde que elas sigam algumas propriedades de segurança. Bernstein \emph{et al.} (2017) introduz GIMLI em \cite{bernstein2017gimli} como uma alternativa de baixo consumo para a geração de funções de resumo usando construções esponja. GIMLI é desenvolvido com o intuito de prover portabilidade e eficiência para dispositivos embarcados. Neste trabalho, o esquema de assinatura Winternitz com função de resumo criptográfico subjacente GIMLI é implementado na linguagem Rust, uma linguagem portátil com ferramentas de suporte a desenvolvimento de aplicações embarcadas

Hardware Architectures for Post-Quantum Cryptography

The rapid development of quantum computers poses severe threats to many commonly-used cryptographic algorithms that are embedded in different hardware devices to ensure the security and privacy of data and communication. Seeking for new solutions that are potentially resistant against attacks from quantum computers, a new research field called Post-Quantum Cryptography (PQC) has emerged, that is, cryptosystems deployed in classical computers conjectured to be secure against attacks utilizing large-scale quantum computers. In order to secure data during storage or communication, and many other applications in the future, this dissertation focuses on the design, implementation, and evaluation of efficient PQC schemes in hardware. Four PQC algorithms, each from a different family, are studied in this dissertation. The first hardware architecture presented in this dissertation is focused on the code-based scheme Classic McEliece. The research presented in this dissertation is the first that builds the hardware architecture for the Classic McEliece cryptosystem. This research successfully demonstrated that complex code-based PQC algorithm can be run efficiently on hardware. Furthermore, this dissertation shows that implementation of this scheme on hardware can be easily tuned to different configurations by implementing support for flexible choices of security parameters as well as configurable hardware performance parameters. The successful prototype of the Classic McEliece scheme on hardware increased confidence in this scheme, and helped Classic McEliece to get recognized as one of seven finalists in the third round of the NIST PQC standardization process. While Classic McEliece serves as a ready-to-use candidate for many high-end applications, PQC solutions are also needed for low-end embedded devices. Embedded devices play an important role in our daily life. Despite their typically constrained resources, these devices require strong security measures to protect them against cyber attacks. Towards securing this type of devices, the second research presented in this dissertation focuses on the hash-based digital signature scheme XMSS. This research is the first that explores and presents practical hardware based XMSS solution for low-end embedded devices. In the design of XMSS hardware, a heterogenous software-hardware co-design approach was adopted, which combined the flexibility of the soft core with the acceleration from the hard core. The practicability and efficiency of the XMSS software-hardware co-design is further demonstrated by providing a hardware prototype on an open-source RISC-V based System-on-a-Chip (SoC) platform. The third research direction covered in this dissertation focuses on lattice-based cryptography, which represents one of the most promising and popular alternatives to today\u27s widely adopted public key solutions. Prior research has presented hardware designs targeting the computing blocks that are necessary for the implementation of lattice-based systems. However, a recurrent issue in most existing designs is that these hardware designs are not fully scalable or parameterized, hence limited to specific cryptographic primitives and security parameter sets. The research presented in this dissertation is the first that develops hardware accelerators that are designed to be fully parameterized to support different lattice-based schemes and parameters. Further, these accelerators are utilized to realize the first software-harware co-design of provably-secure instances of qTESLA, which is a lattice-based digital signature scheme. This dissertation demonstrates that even demanding, provably-secure schemes can be realized efficiently with proper use of software-hardware co-design. The final research presented in this dissertation is focused on the isogeny-based scheme SIKE, which recently made it to the final round of the PQC standardization process. This research shows that hardware accelerators can be designed to offload compute-intensive elliptic curve and isogeny computations to hardware in a versatile fashion. These hardware accelerators are designed to be fully parameterized to support different security parameter sets of SIKE as well as flexible hardware configurations targeting different user applications. This research is the first that presents versatile hardware accelerators for SIKE that can be mapped efficiently to both FPGA and ASIC platforms. Based on these accelerators, an efficient software-hardwareco-design is constructed for speeding up SIKE. In the end, this dissertation demonstrates that, despite being embedded with expensive arithmetic, the isogeny-based SIKE scheme can be run efficiently by exploiting specialized hardware. These four research directions combined demonstrate the practicability of building efficient hardware architectures for complex PQC algorithms. The exploration of efficient PQC solutions for different hardware platforms will eventually help migrate high-end servers and low-end embedded devices towards the post-quantum era

Proposta de Carimbo do Tempo Descentralizado e Preciso para a ICP-Brasil utilizando Sistemas Embarcados e Criptografia Pós-Quântica

TCC(graduação) - Universidade Federal de Santa Catarina. Campus Araranguá. Engenharia da Computação.O modelo de Carimbo do Tempo aceito juridicamente no Brasil é o baseado em Autoridades de Carimbo do Tempo (ACT), regulamentadas pela Infraestrutura de Chaves Públicas Brasileira. Contudo, o modelo está sujeito a problemas causados pela centralização e pelo método de obtenção do carimbo. Além disso, aplicações como leilões online e mercado de ações necessitam de precisão de tempo superior ao fornecido pelo modelo. Diante disso, este trabalho propõe um dispositivo de carimbo do tempo compacto, de baixo custo e com criptografia pós-quântica com o objetivo de minimizar a centralização e aumentar a precisão de tempo. Por fim é apresentado uma prova de conceito e uma série de experimentos que mostram a factibilidade e eficácia do dispositivo

Lightweight Post-Quantum-Secure Digital Signature Approach for IoT Motes

Internet-of-Things (IoT) applications often require constrained devices to be deployed in the field for several years, even decades. Protection of these tiny motes is crucial for end-to-end IoT security. Secure boot and attestation techniques are critical requirements in such devices which rely on public key Sign/Verify operations. In a not-so-distant future, quantum computers are expected to break traditional public key Sign/Verify functions (e.g. RSA and ECC signatures). Hash Based Signatures (HBS) schemes, on the other hand, are promising quantum-resistant alternatives. Their security is based on the security of cryptographic hash function which is known to be secure against quantum computers. The XMSS signature scheme is a modern HBS construction with several advantages but it requires thousands of hash operations per Sign/Verify operation, which could be challenging in resource constrained IoT motes. In this work, we investigated the use of the XMSS scheme targeting IoT constrained. We propose a latency-area optimized XMSS Sign or Verify scheme with 128-bit post-quantum security. An appropriate HW-SW architecture has been designed and implemented in FPGA and Silicon where it spans out to 1521 ALMs and 13.5k gates respectively. In total, each XMSS Sign/Verify operation takes 4.8 million clock cycles in our proposed HW-SW hybrid design approach which is 5.35 times faster than its pure SW execution latency on a 32-bit microcontroller

Envisioning the Future of Cyber Security in Post-Quantum Era: A Survey on PQ Standardization, Applications, Challenges and Opportunities

The rise of quantum computers exposes vulnerabilities in current public key cryptographic protocols, necessitating the development of secure post-quantum (PQ) schemes. Hence, we conduct a comprehensive study on various PQ approaches, covering the constructional design, structural vulnerabilities, and offer security assessments, implementation evaluations, and a particular focus on side-channel attacks. We analyze global standardization processes, evaluate their metrics in relation to real-world applications, and primarily focus on standardized PQ schemes, selected additional signature competition candidates, and PQ-secure cutting-edge schemes beyond standardization. Finally, we present visions and potential future directions for a seamless transition to the PQ era