To Be, or Not to Be Stateful: Post-Quantum Secure Boot using Hash-Based Signatures

Alexander Wagner; Felix Oberhansl; Marc Schink

Paper 2022/1198

To Be, or Not to Be Stateful: Post-Quantum Secure Boot using Hash-Based Signatures

Alexander Wagner

, Fraunhofer Institute for Applied and Integrated Security

Felix Oberhansl

, Fraunhofer Institute for Applied and Integrated Security

Marc Schink, Fraunhofer Institute for Applied and Integrated Security

Abstract

While research in post-quantum cryptography (PQC) has gained significant momentum, it is only slowly adopted for real-world products. This is largely due to concerns about practicability and maturity. The secure boot process of embedded devices is one s- cenario where such restraints can result in fundamental security problems. In this work, we present a flexible hardware/software co-design for hash-based signature (HBS) schemes which enables the move to a post-quantum secure boot today. These signature schemes stand out due to their straightforward security proofs and are on the fast track to standardisation. In contrast to previous works, we exploit the performance intensive similarities of the s- tateful LMS and XMSS schemes as well as the stateless SPHINCS+ scheme. Thus, we enable designers to use a stateful or stateless scheme depending on the constraints of each individual application. To show the feasibility of our approach, we compare our results with hardware accelerated implementations of classical asymmetric algorithms. Further, we lay out the usage of different HBS schemes during the boot process. We compare different schemes, show the importance of parameter choices, and demonstrate the performance gain with different levels of hardware acceleration.

Metadata

Available format(s): PDF
Category: Implementation
Publication info: Published elsewhere. ASHES 2022
DOI: 10.1145/3560834.3563831
Keywords: post-quantum cryptography hash-based signatures LMS XMSS SPHINCS+ secure boot hardware/software co-design
Contact author(s): alexander wagner @ aisec fraunhofer de
felix oberhansl @ aisec fraunhofer de
marc schink @ aisec fraunhofer de
History: 2022-10-07: last of 2 revisions; 2022-09-11: received; See all versions
Short URL: https://ia.cr/2022/1198
License: CC BY

BibTeX

@misc{cryptoeprint:2022/1198,
      author = {Alexander Wagner and Felix Oberhansl and Marc Schink},
      title = {To Be, or Not to Be Stateful: Post-Quantum Secure Boot using Hash-Based Signatures},
      howpublished = {Cryptology ePrint Archive, Paper 2022/1198},
      year = {2022},
      doi = {10.1145/3560834.3563831},
      note = {\url{https://eprint.iacr.org/2022/1198}},
      url = {https://eprint.iacr.org/2022/1198}
}