Cryptology ePrint Archive: Report 2020/1584

Post-Quantum Hash-Based Signatures for Secure Boot

Panos Kampanakis and Peter Panburana and Michael Curcio and Chirag Shroff

Abstract: The potential development of large-scale quantum computers is raising concerns among IT and security research professionals due to their ability to solve (elliptic curve) discrete logarithm and integer factorization problems in polynomial time. All currently used, public-key cryptography algorithms would be deemed insecure in a post-quantum setting. In response, the United States National Institute of Standards and Technology has initiated a process to standardize quantum-resistant cryptographic algorithms, focusing primarily on their security guarantees. Additionally, the Internet Engineering Task Force has published two quantum-secure signature schemes and has been looking into adding quantum-resistant algorithms in protocols. In this work, we investigate two post-quantum, hash-based signature schemes published by the Internet Engineering Task Force and submitted to the National Institute of Standards and Technology for use in secure boot. We evaluate various parameter sets for the use-cases in question and we prove that post-quantum signatures would not have material impact on image signing. We also study the hierarchical design of these signatures in different scenarios of hardware secure boot.

Category / Keywords: public-key cryptography / HBS signatures, post-quantum image signing, post-quantum root of trust, post-quantum hardware secure boot

Original Publication (with minor differences): SVCC 2020

Date: received 18 Dec 2020, last revised 21 Dec 2020

Contact author: pkampana at cisco com

Available format(s): PDF | BibTeX Citation

Note: Initially uploaded to Cryptology ePrint Archive on Dec 18, 2020 with minor changes in Section III-B from the originally submitted SVCC 2020 camera-ready manuscript. Re-uploaded on Dec 21, 2020 with minor updates in Section III-B for accuracy

Version: 20201221:175251 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]