Hybrid Post-Quantum Signatures in Hardware Security Keys

Diana Ghinea; Fabian Kaczmarczyck; Jennifer Pullman; Julien Cretin; Stefan Kölbl; Rafael Misoczki; Jean-Michel Picod; Luca Invernizzi; Elie Bursztein

Paper 2022/1225

Hybrid Post-Quantum Signatures in Hardware Security Keys

Diana Ghinea

, ETH Zurich, Google (Switzerland)

Fabian Kaczmarczyck, Google (Switzerland)

Jennifer Pullman, Google (Switzerland)

Julien Cretin, Google (Switzerland)

Stefan Kölbl, Google (Switzerland)

Rafael Misoczki, Google (United States)

Jean-Michel Picod, Google (Switzerland)

Luca Invernizzi, Google (Switzerland)

Elie Bursztein, Google (United States)

Abstract

Recent advances in quantum computing are increasingly jeopardizing the security of cryptosystems currently in widespread use, such as RSA or elliptic-curve signatures. To address this threat, researchers and standardization institutes have accelerated the transition to quantum-resistant cryptosystems, collectively known as Post-Quantum Cryptography (PQC). These PQC schemes present new challenges due to their larger memory and computational footprints and their higher chance of latent vulnerabilities. In this work, we address these challenges by introducing a scheme to upgrade the digital signatures used by security keys to PQC. We introduce a hybrid digital signature scheme based on two building blocks: a classically-secure scheme, ECDSA, and a post-quantum secure one, Dilithium. Our hybrid scheme maintains the guarantees of each underlying building block even if the other one is broken, thus being resistant to classical and quantum attacks. We experimentally show that our hybrid signature scheme can successfully execute on current security keys, even though secure PQC schemes are known to require substantial resources. We publish an open-source implementation of our scheme at https://github.com/google/OpenSK/releases/tag/hybrid-pqc so that other researchers can reproduce our results on a nRF52840 development kit.

Metadata

Available format(s): PDF
Category: Implementation
Publication info: Published elsewhere. Minor revision. 4th ACNS Workshop on Secure Cryptographic Implementation
Keywords: FIDO WebAuthn CTAP ARM Cortex M4 Post-quantum security Dilithium
Contact author(s): ghinead @ ethz ch
kaczmarczyck @ google com
jpullman @ google com
cretin @ google com
kste @ google com
rafaelmisoczki @ google com
jmichel @ google com
invernizzi @ google com
elieb @ google com
History: 2023-08-22: revised; 2022-09-15: received; See all versions
Short URL: https://ia.cr/2022/1225
License: CC BY

BibTeX

@misc{cryptoeprint:2022/1225,
      author = {Diana Ghinea and Fabian Kaczmarczyck and Jennifer Pullman and Julien Cretin and Stefan Kölbl and Rafael Misoczki and Jean-Michel Picod and Luca Invernizzi and Elie Bursztein},
      title = {Hybrid Post-Quantum Signatures in Hardware Security Keys},
      howpublished = {Cryptology ePrint Archive, Paper 2022/1225},
      year = {2022},
      note = {\url{https://eprint.iacr.org/2022/1225}},
      url = {https://eprint.iacr.org/2022/1225}
}