Paper 2020/1584

Post-Quantum Hash-Based Signatures for Secure Boot

Panos Kampanakis, Peter Panburana, Michael Curcio, and Chirag Shroff

Abstract

The potential development of large-scale quantum computers is raising concerns among IT and security research professionals due to their ability to solve (elliptic curve) discrete logarithm and integer factorization problems in polynomial time. All currently used, public-key cryptography algorithms would be deemed insecure in a post-quantum setting. In response, the United States National Institute of Standards and Technology has initiated a process to standardize quantum-resistant cryptographic algorithms, focusing primarily on their security guarantees. Additionally, the Internet Engineering Task Force has published two quantum-secure signature schemes and has been looking into adding quantum-resistant algorithms in protocols. In this work, we investigate two post-quantum, hash-based signature schemes published by the Internet Engineering Task Force and submitted to the National Institute of Standards and Technology for use in secure boot. We evaluate various parameter sets for the use-cases in question and we prove that post-quantum signatures would not have material impact on image signing. We also study the hierarchical design of these signatures in different scenarios of hardware secure boot.

Note: Initially uploaded to Cryptology ePrint Archive on Dec 18, 2020 with minor changes in Section III-B from the originally submitted SVCC 2020 camera-ready manuscript. Re-uploaded on Dec 21, 2020 with minor updates in Section III-B for accuracy

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Published elsewhere. Minor revision. SVCC 2020
DOI
10.1007/978-3-030-72725-3
Keywords
HBS signaturespost-quantum image signingpost-quantum root of trustpost-quantum hardware secure boot
Contact author(s)
pkampana @ cisco com
History
2021-04-28: last of 2 revisions
2020-12-21: received
See all versions
Short URL
https://ia.cr/2020/1584
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2020/1584,
      author = {Panos Kampanakis and Peter Panburana and Michael Curcio and Chirag Shroff},
      title = {Post-Quantum Hash-Based Signatures for Secure Boot},
      howpublished = {Cryptology ePrint Archive, Paper 2020/1584},
      year = {2020},
      doi = {10.1007/978-3-030-72725-3},
      note = {\url{https://eprint.iacr.org/2020/1584}},
      url = {https://eprint.iacr.org/2020/1584}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.