Paper 2022/1225

Hybrid Post-Quantum Signatures in Hardware Security Keys

Diana Ghinea, ETH Zurich, Google (Switzerland)
Fabian Kaczmarczyck, Google (Switzerland)
Jennifer Pullman, Google (Switzerland)
Julien Cretin, Google (Switzerland)
Stefan Kölbl, Google (Switzerland)
Rafael Misoczki, Google (United States)
Jean-Michel Picod, Google (Switzerland)
Luca Invernizzi, Google (Switzerland)
Elie Bursztein, Google (United States)
Abstract

Recent advances in quantum computing are increasingly jeopardizing the security of cryptosystems currently in widespread use, such as RSA or elliptic-curve signatures. To address this threat, researchers and standardization institutes have accelerated the transition to quantum-resistant cryptosystems, collectively known as Post-Quantum Cryptography (PQC). These PQC schemes present new challenges due to their larger memory and computational footprints and their higher chance of latent vulnerabilities. In this work, we address these challenges by introducing a scheme to upgrade the digital signatures used by security keys to PQC. We introduce a hybrid digital signature scheme based on two building blocks: a classically-secure scheme, ECDSA, and a post-quantum secure one, Dilithium. Our hybrid scheme maintains the guarantees of each underlying building block even if the other one is broken, thus being resistant to classical and quantum attacks. We experimentally show that our hybrid signature scheme can successfully execute on current security keys, even though secure PQC schemes are known to require substantial resources. We publish an open-source implementation of our scheme at https://github.com/google/OpenSK/releases/tag/hybrid-pqc so that other researchers can reproduce our results on a nRF52840 development kit.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Published elsewhere. Minor revision. 4th ACNS Workshop on Secure Cryptographic Implementation
Keywords
FIDOWebAuthnCTAPARM Cortex M4Post-quantum securityDilithium
Contact author(s)
ghinead @ ethz ch
kaczmarczyck @ google com
jpullman @ google com
cretin @ google com
kste @ google com
rafaelmisoczki @ google com
jmichel @ google com
invernizzi @ google com
elieb @ google com
History
2023-08-22: revised
2022-09-15: received
See all versions
Short URL
https://ia.cr/2022/1225
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2022/1225,
      author = {Diana Ghinea and Fabian Kaczmarczyck and Jennifer Pullman and Julien Cretin and Stefan Kölbl and Rafael Misoczki and Jean-Michel Picod and Luca Invernizzi and Elie Bursztein},
      title = {Hybrid Post-Quantum Signatures in Hardware Security Keys},
      howpublished = {Cryptology {ePrint} Archive, Paper 2022/1225},
      year = {2022},
      url = {https://eprint.iacr.org/2022/1225}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.