Cryptology ePrint Archive: Report 2020/990

Constructing the Cryptographic Boundaries for Lattice-based Cryptography on Hardware Security Module

Junting Xiao and Tadahiko Ito

Abstract: Post-QuantumCryptography(PQC)isregardedasaneffectivewaytoresistattackswithquantum computers. Since National Institute of Standards and Technology (NIST) proposed its PQC standardiza- tion project in 2016, many candidates have been submitted and their quantum-resistant capability has been measuring by researchers. Besides this research, this paper evaluates the separation of hash and asymmetric operations in PQC operations. This paper is relatively focused on encryption of large data (e.g. document signing or code signing), instead of small data (e.g. key encryption, authentication). Regardless of the size of the data, it is desirable to be able to use Hardware Security Module (HSM) in the key management of PQC. In addition, it is desirable that the encryption processing API is the same regardless of the size of the data, the presence or absence of HSM, use case, key usage, etc. This document describes that, for a given device (such as HSM) and usecase, the same API may not be available. For a usecase with a small message size, people may input a plain message into the PQC operation, for another use case with a large message size, people may input a hash of plain message into the PQC operation. In theory, this issue can be easily solved by adding a hash function to each of the current PQC candidates and construct an API for that. In that case, the input to the PQC calculation cannot be a plain message, and will always be the hash of message. However, such an approach seems to be outside the scope of the current PQC evaluation, and there is a possibility that difficulties in cryptographic boundaries handling, theoretical proof, or patents may occur. If that approach meets such a difficulty, then there is a possibility that the API of the encryption processing cannot be unified with regard to the size of the data, the presence or absence of HSM, use case, or key usage. We believe this is an undesirable results for PQC user, so we call for the need for integration of API, regardless of any conditions.

Category / Keywords: implementation / Lattice-based cryptography, hardware security module, cryptographic boundary

Date: received 16 Aug 2020, last revised 1 Sep 2020

Contact author: t_ito at hotmail com,shu-sho@secom co jp

Available format(s): PDF | BibTeX Citation

Version: 20200901:062242 (All versions of this report)

Short URL: ia.cr/2020/990


[ Cryptology ePrint archive ]