Paper 2024/1206
Applying Post-Quantum Cryptography Algorithms to a DLT-Based CBDC Infrastructure: Comparative and Feasibility Analysis
Abstract
This article presents an innovative project for a Central Bank Digital Currency (CBDC) infrastructure. Focusing on security and reliability, the proposed architecture: (1) employs post-quantum cryptography (PQC) algorithms for long-term security, even against attackers with access to cryptographically-relevant quantum computers; (2) can be integrated with a Trusted Execution Environment (TEE) to safeguard the confidentiality of transaction contents as they are processed by third-parties; and (3) uses Distributed Ledger Technology (DLT) to promote a high level of transparency and tamper resistance for all transactions registered in the system. Besides providing a theoretical discussion on the benefits of this architecture, we experimentally evaluate its components. Namely, as PQC algorithms, we consider three signature schemes being standardized by the National Institute of Standards and Technology (NIST), CRYSTALS-Dilithium, Falcon, and SPHINCS+. Those algorithms are integrated into the Hyperledger Besu (DLT) and executed both inside and outside an Intel SGX TEE environment. According to our results, CRYSTALS-Dilithium-2 combined with classical secp256k1 signatures leads to the shortest execution times when signing blocks in the DLT, reaching 1.68ms without the TEE, and 2.09ms with TEE. The same combination also displays the best results for signature verifications, achieving 0.5ms without a TEE and 1.98ms with a TEE. We also describe the main aspects of the evaluation methodology and the next steps in validating the proposed infrastructure. The conclusions drawn from our experiments is that the combination of PQC and TEE promises highly secure and effective DLT-based CBDC scenarios, ready to face the challenges of the digital financial future and potential quantum threats.
Metadata
- Available format(s)
- Category
- Implementation
- Publication info
- Preprint.
- Keywords
- CBDCSecurityPQCDLTTEE
- Contact author(s)
-
daniel moraes @ venturus org br
raijoma @ alumni usp br
bruno grossi @ inter co
gustavo mirapalheta @ fgv br
george smetana @ bradesco com br
wrodrigues @ microsoft com br
courtnayguima @ gmail com
bruno domingues @ intel com
fabiosaito @ microsoft com
msimplicio @ usp br - History
- 2024-07-29: approved
- 2024-07-26: received
- See all versions
- Short URL
- https://ia.cr/2024/1206
- License
-
CC BY-NC-ND
BibTeX
@misc{cryptoeprint:2024/1206, author = {Daniel de Haro Moraes and Joao Paulo Aragao Pereira and Bruno Estolano Grossi and Gustavo Mirapalheta and George Marcel Monteiro Arcuri Smetana and Wesley Rodrigues and Courtnay Nery Guimarães Jr. and Bruno Domingues and Fábio Saito and Marcos Simplício}, title = {Applying Post-Quantum Cryptography Algorithms to a {DLT}-Based {CBDC} Infrastructure: Comparative and Feasibility Analysis}, howpublished = {Cryptology {ePrint} Archive, Paper 2024/1206}, year = {2024}, url = {https://eprint.iacr.org/2024/1206} }