---
_id: '63403'
abstract:
- lang: eng
text: "Stateful signatures like the NIST standardized signature schemes LMS and
XMSS provide an efficient and mature realization of post-quantum secure signature
schemes. They are recommended for long-term use cases like e.g. firmware signing.
However, stateful signature schemes require to properly manage a so-called state.
In stateful signature schemes like LMS and XMSS, signing keys consist of a set
of keys of a one-time signature scheme and it has to be guaranteed that each one-time
key is used only once. This is done by updating a state in each signature computation,
basically recording which one-time keys have already been used. While this is
straightforward in centralized systems, in distributed systems like secure enclaves
consisting of e.g. multiple hardware security modules (HSMs) with limited communication
keeping a distributed state that at any point in time is consistent among all
parties involved presents a challenge. This challenge is not addressed by the
current standardization processes. \r\nIn this paper we present a security model
for the distributed key management of post-quantum secure stateful signatures
like XMSS and LMS. We also present a simple, efficient, and easy to implement
protocol proven secure in this security model, i.e. the protocol guarantees at
any point in time a consistent state among the parties in a distributed system,
like a distributed security enclave. The security model is defined in the universal
composabilty (UC) framework by Ran Canetti by providing an ideal functionality
for the distributed key management for stateful signatures. Hence our protocol
remains secure even if arbitrarily composed with other instances of the same or
other protocols, a necessity for the security of distributed key management protocols.
Our main application are security enclaves consisting of HSMs, but the model and
the protocol can easily be adapted to other scenarios of distributed key management
of stateful signature schemes."
author:
- first_name: Johannes
full_name: Blömer, Johannes
id: '23'
last_name: Blömer
- first_name: Henrik
full_name: Bröcher, Henrik
id: '41047'
last_name: Bröcher
orcid: 0009-0008-3938-5485
- first_name: Volker
full_name: Krummel, Volker
last_name: Krummel
- first_name: Laurens Alexander
full_name: Porzenheim, Laurens Alexander
id: '47434'
last_name: Porzenheim
citation:
ama: Blömer J, Bröcher H, Krummel V, Porzenheim LA. Secure Distributed State Management
for Stateful Signatures with a Practical and Universally Composable Protocol.
apa: Blömer, J., Bröcher, H., Krummel, V., & Porzenheim, L. A. (n.d.). Secure
Distributed State Management for Stateful Signatures with a Practical and Universally
Composable Protocol.
bibtex: '@article{Blömer_Bröcher_Krummel_Porzenheim, title={Secure Distributed State
Management for Stateful Signatures with a Practical and Universally Composable
Protocol}, author={Blömer, Johannes and Bröcher, Henrik and Krummel, Volker and
Porzenheim, Laurens Alexander} }'
chicago: Blömer, Johannes, Henrik Bröcher, Volker Krummel, and Laurens Alexander
Porzenheim. “Secure Distributed State Management for Stateful Signatures with
a Practical and Universally Composable Protocol,” n.d.
ieee: J. Blömer, H. Bröcher, V. Krummel, and L. A. Porzenheim, “Secure Distributed
State Management for Stateful Signatures with a Practical and Universally Composable
Protocol.” .
mla: Blömer, Johannes, et al. Secure Distributed State Management for Stateful
Signatures with a Practical and Universally Composable Protocol.
short: J. Blömer, H. Bröcher, V. Krummel, L.A. Porzenheim, (n.d.).
date_created: 2025-12-22T21:23:22Z
date_updated: 2025-12-23T11:30:38Z
department:
- _id: '34'
- _id: '64'
keyword:
- distributed state
- hash-based signature
- stateful hash-based signature
- universal composability
- secure enclave
language:
- iso: eng
main_file_link:
- open_access: '1'
url: https://eprint.iacr.org/2025/2278.pdf
oa: '1'
page: '22'
project:
- _id: '191'
name: 'PhoQuant: Photonische Quantencomputer - Quantencomputing Testplattform'
publication_status: submitted
status: public
title: Secure Distributed State Management for Stateful Signatures with a Practical
and Universally Composable Protocol
type: preprint
user_id: '41047'
year: '2025'
...