theme image
Hybrid Post-Quantum Signatures in Hardware Security KeysHybrid Post-Quantum Signatures in Hardware Security Keys
  1. publications
  2. cryptography

Hybrid Post-Quantum Signatures in Hardware Security Keys

Available Media

Publication (Pdf)

Slides (pdf)

Slides (Online)

ConferenceInternational Conference on Applied Cryptography and Network Security (ACNS) - 2023
AuthorsDiana Ghinea , Fabian Kaczmarczyck , Jennifer Pullman ,
Award Best Workshop Paper Award
Citation

Bibtex Citation

@inproceedings{NANHYBRID,title = {Hybrid Post-Quantum Signatures in Hardware Security Keys},author = {"Diana Ghinea" and "Fabian Kaczmarczyck" and "Jennifer Pullman" and "Julien Cretin" and "Stefan Kolbl" and "Rafael Misoczki" and "Jean-Michel Picod" and "Luca Invernizzi" and "Elie Bursztein"},booktitle = {International Conference on Applied Cryptography and Network Security},year = {2023},organization = {Spring}}

Recent advances in quantum computing are increasingly jeopardizing the security of cryptosystems currently in widespread use, such as RSA or elliptic-curve signatures. To address this threat, researchers and standardization institutes have accelerated the transition to quantum-resistant cryptosystems, collectively known as Post-Quantum Cryptography (PQC). These PQC schemes present new challenges due to their larger memory and computational footprints and their higher chance of latent vulnerabilities. In this work, we address these challenges by introducing a scheme to upgrade the digital signatures used by security keys to PQC, focusing on both its theoretical and practical aspects.

Specifically, we introduce a hybrid digital signature scheme based on two building blocks: a classically-secure scheme, ECDSA, and a post-quantum secure one, Dilithium. Our hybrid scheme maintains the guarantees of each underlying building block even if the other one is broken, thus being resistant to classical and quantum attacks.

Additionally, our hybrid scheme ensures that an adversary cannot derive ECDSA or Dilithium signatures that this authentication protocol considers valid. On the practical aspect, we experimentally show that our hybrid signature scheme can successfully execute on current security keys, even though secure PQC schemes are known to require substantial resources. We publish an open-source implementation of our scheme as part of OpenSK, the leading open source security key implementation, so that other researchers can reproduce our results on a nRF52840 development kit.

Google Slides

Related

newsletter signup slide

Get cutting edge research directly in your inbox.

newsletter signup slide

Get cutting edge research directly in your inbox.