Paper 2022/1198
To Be, or Not to Be Stateful: Post-Quantum Secure Boot using Hash-Based Signatures
Abstract
While research in post-quantum cryptography (PQC) has gained significant momentum, it is only slowly adopted for real-world products. This is largely due to concerns about practicability and maturity. The secure boot process of embedded devices is one s- cenario where such restraints can result in fundamental security problems. In this work, we present a flexible hardware/software co-design for hash-based signature (HBS) schemes which enables the move to a post-quantum secure boot today. These signature schemes stand out due to their straightforward security proofs and are on the fast track to standardisation. In contrast to previous works, we exploit the performance intensive similarities of the s- tateful LMS and XMSS schemes as well as the stateless SPHINCS+ scheme. Thus, we enable designers to use a stateful or stateless scheme depending on the constraints of each individual application. To show the feasibility of our approach, we compare our results with hardware accelerated implementations of classical asymmetric algorithms. Further, we lay out the usage of different HBS schemes during the boot process. We compare different schemes, show the importance of parameter choices, and demonstrate the performance gain with different levels of hardware acceleration.
Metadata
- Available format(s)
- Category
- Implementation
- Publication info
- Published elsewhere. ASHES 2022
- DOI
- 10.1145/3560834.3563831
- Keywords
- post-quantum cryptography hash-based signatures LMS XMSS SPHINCS+ secure boot hardware/software co-design
- Contact author(s)
-
alexander wagner @ aisec fraunhofer de
felix oberhansl @ aisec fraunhofer de
marc schink @ aisec fraunhofer de - History
- 2022-10-07: last of 2 revisions
- 2022-09-11: received
- See all versions
- Short URL
- https://ia.cr/2022/1198
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2022/1198, author = {Alexander Wagner and Felix Oberhansl and Marc Schink}, title = {To Be, or Not to Be Stateful: Post-Quantum Secure Boot using Hash-Based Signatures}, howpublished = {Cryptology {ePrint} Archive, Paper 2022/1198}, year = {2022}, doi = {10.1145/3560834.3563831}, url = {https://eprint.iacr.org/2022/1198} }