Cryptology ePrint Archive: Report 2018/261

Post-Quantum EPID Signatures from Symmetric Primitives

Dan Boneh and Saba Eskandarian and Ben Fisch

Abstract: EPID signatures are used extensively in real-world systems for hardware enclave attestation. As such, there is a strong interest in making these schemes post-quantum secure. In this paper we initiate the study of EPID signature schemes built only from symmetric primitives, such as hash functions and PRFs. We present two constructions in the random oracle model. The first is a scheme satisfying the EPID signature syntax and security definitions needed for private hardware attestation used in Intelís SGX. The second achieves significantly shorter signatures for many applications, including the use case of remote hardware attestation. While our EPID signatures for attestation are longer than standard post-quantum signatures, they are short enough for applications where the data being signed is large, such as analytics on large private data sets, or streaming media to a trusted display. We evaluate several instantiations of our schemes so that the costs and benefits of these constructions are clear. Along the way we also give improvements to the zero-knowledge Merkle inclusion proofs of Derler et al. (2017).

Category / Keywords: EPID Signatures

Original Publication (with major differences): CT-RSA 2019

Date: received 9 Mar 2018, last revised 10 Dec 2018

Contact author: saba at cs stanford edu

Available format(s): PDF | BibTeX Citation

Version: 20181211:030457 (All versions of this report)

Short URL: ia.cr/2018/261


[ Cryptology ePrint archive ]