Paper 2020/1584

Post-Quantum Hash-Based Signatures for Secure Boot

Panos Kampanakis, Peter Panburana, Michael Curcio, and Chirag Shroff

Abstract

The potential development of large-scale quantum computers is raising concerns among IT and security research professionals due to their ability to solve (elliptic curve) discrete logarithm and integer factorization problems in polynomial time. All currently used, public-key cryptography algorithms would be deemed insecure in a post-quantum setting. In response, the United States National Institute of Standards and Technology has initiated a process to standardize quantum-resistant cryptographic algorithms, focusing primarily on their security guarantees. Additionally, the Internet Engineering Task Force has published two quantum-secure signature schemes and has been looking into adding quantum-resistant algorithms in protocols. In this work, we investigate two post-quantum, hash-based signature schemes published by the Internet Engineering Task Force and submitted to the National Institute of Standards and Technology for use in secure boot. We evaluate various parameter sets for the use-cases in question and we prove that post-quantum signatures would not have material impact on image signing. We also study the hierarchical design of these signatures in different scenarios of hardware secure boot.

Note: Initially uploaded to Cryptology ePrint Archive on Dec 18, 2020 with minor changes in Section III-B from the originally submitted SVCC 2020 camera-ready manuscript. Re-uploaded on Dec 21, 2020 with minor updates in Section III-B for accuracy