Secure Distributed State Management for Stateful Signatures with a Practical and Universally Composable Protocol
J. Blömer, H. Bröcher, V. Krummel, L.A. Porzenheim, (n.d.).
Download (ext.)
Preprint
| Submitted
| English
Author
Blömer, JohannesLibreCat;
Bröcher, HenrikLibreCat 
;
Krummel, Volker;
Porzenheim, Laurens AlexanderLibreCat
;
Krummel, Volker;
Porzenheim, Laurens AlexanderLibreCatAbstract
Stateful signatures like the NIST standardized signature schemes LMS and XMSS provide an efficient and mature realization of post-quantum secure signature schemes. They are recommended for long-term use cases like e.g. firmware signing. However, stateful signature schemes require to properly manage a so-called state. In stateful signature schemes like LMS and XMSS, signing keys consist of a set of keys of a one-time signature scheme and it has to be guaranteed that each one-time key is used only once. This is done by updating a state in each signature computation, basically recording which one-time keys have already been used. While this is straightforward in centralized systems, in distributed systems like secure enclaves consisting of e.g. multiple hardware security modules (HSMs) with limited communication keeping a distributed state that at any point in time is consistent among all parties involved presents a challenge. This challenge is not addressed by the current standardization processes.
In this paper we present a security model for the distributed key management of post-quantum secure stateful signatures like XMSS and LMS. We also present a simple, efficient, and easy to implement protocol proven secure in this security model, i.e. the protocol guarantees at any point in time a consistent state among the parties in a distributed system, like a distributed security enclave. The security model is defined in the universal composabilty (UC) framework by Ran Canetti by providing an ideal functionality for the distributed key management for stateful signatures. Hence our protocol remains secure even if arbitrarily composed with other instances of the same or other protocols, a necessity for the security of distributed key management protocols. Our main application are security enclaves consisting of HSMs, but the model and the protocol can easily be adapted to other scenarios of distributed key management of stateful signature schemes.
Keywords
Publishing Year
Page
22
LibreCat-ID
Cite this
Blömer J, Bröcher H, Krummel V, Porzenheim LA. Secure Distributed State Management for Stateful Signatures with a Practical and Universally Composable Protocol.
Blömer, J., Bröcher, H., Krummel, V., & Porzenheim, L. A. (n.d.). Secure Distributed State Management for Stateful Signatures with a Practical and Universally Composable Protocol.
@article{Blömer_Bröcher_Krummel_Porzenheim, title={Secure Distributed State Management for Stateful Signatures with a Practical and Universally Composable Protocol}, author={Blömer, Johannes and Bröcher, Henrik and Krummel, Volker and Porzenheim, Laurens Alexander} }
Blömer, Johannes, Henrik Bröcher, Volker Krummel, and Laurens Alexander Porzenheim. “Secure Distributed State Management for Stateful Signatures with a Practical and Universally Composable Protocol,” n.d.
J. Blömer, H. Bröcher, V. Krummel, and L. A. Porzenheim, “Secure Distributed State Management for Stateful Signatures with a Practical and Universally Composable Protocol.” .
Blömer, Johannes, et al. Secure Distributed State Management for Stateful Signatures with a Practical and Universally Composable Protocol.
All files available under the following license(s):
Copyright Statement:
This Item is protected by copyright and/or related rights. [...]
Link(s) to Main File(s)
Access Level
Closed Access
Google Scholar