Paper 2024/1206

Applying Post-Quantum Cryptography Algorithms to a DLT-Based CBDC Infrastructure: Comparative and Feasibility Analysis

Daniel de Haro Moraes, Venturus
Joao Paulo Aragao Pereira, Microsoft (Brazil)
Bruno Estolano Grossi, Inter&Co bank
Gustavo Mirapalheta, Fundação Getúlio Vargas
George Marcel Monteiro Arcuri Smetana, Bradesco bank
Wesley Rodrigues, Microsoft (Brazil)
Courtnay Nery Guimarães Jr., Avanade
Bruno Domingues, Intel (United States)
Fábio Saito, Microsoft (Brazil)
Marcos Simplício, Universidade de São Paulo
Abstract

This article presents an innovative project for a Central Bank Digital Currency (CBDC) infrastructure. Focusing on security and reliability, the proposed architecture: (1) employs post-quantum cryptography (PQC) algorithms for long-term security, even against attackers with access to cryptographically-relevant quantum computers; (2) can be integrated with a Trusted Execution Environment (TEE) to safeguard the confidentiality of transaction contents as they are processed by third-parties; and (3) uses Distributed Ledger Technology (DLT) to promote a high level of transparency and tamper resistance for all transactions registered in the system. Besides providing a theoretical discussion on the benefits of this architecture, we experimentally evaluate its components. Namely, as PQC algorithms, we consider three signature schemes being standardized by the National Institute of Standards and Technology (NIST), CRYSTALS-Dilithium, Falcon, and SPHINCS+. Those algorithms are integrated into the Hyperledger Besu (DLT) and executed both inside and outside an Intel SGX TEE environment. According to our results, CRYSTALS-Dilithium-2 combined with classical secp256k1 signatures leads to the shortest execution times when signing blocks in the DLT, reaching 1.68ms without the TEE, and 2.09ms with TEE. The same combination also displays the best results for signature verifications, achieving 0.5ms without a TEE and 1.98ms with a TEE. We also describe the main aspects of the evaluation methodology and the next steps in validating the proposed infrastructure. The conclusions drawn from our experiments is that the combination of PQC and TEE promises highly secure and effective DLT-based CBDC scenarios, ready to face the challenges of the digital financial future and potential quantum threats.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Preprint.
Keywords
CBDCSecurityPQCDLTTEE
Contact author(s)
daniel moraes @ venturus org br
raijoma @ alumni usp br
bruno grossi @ inter co
gustavo mirapalheta @ fgv br
george smetana @ bradesco com br
wrodrigues @ microsoft com br
courtnayguima @ gmail com
bruno domingues @ intel com
fabiosaito @ microsoft com
msimplicio @ usp br
History
2024-07-29: approved
2024-07-26: received
See all versions
Short URL
https://ia.cr/2024/1206
License
Creative Commons Attribution-NonCommercial-NoDerivs
CC BY-NC-ND

BibTeX 

@misc{cryptoeprint:2024/1206,
      author = {Daniel de Haro Moraes and Joao Paulo Aragao Pereira and Bruno Estolano Grossi and Gustavo Mirapalheta and George Marcel Monteiro Arcuri Smetana and Wesley Rodrigues and Courtnay Nery Guimarães Jr. and Bruno Domingues and Fábio Saito and Marcos Simplício},
      title = {Applying Post-Quantum Cryptography Algorithms to a {DLT}-Based {CBDC} Infrastructure: Comparative and Feasibility Analysis},
      howpublished = {Cryptology ePrint Archive, Paper 2024/1206},
      year = {2024},
      note = {\url{https://eprint.iacr.org/2024/1206}},
      url = {https://eprint.iacr.org/2024/1206}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.