Post-quantum authentication in OpenSSL with hash-based signatures

Post-quantum authentication in OpenSSL with hash-based signatures

Quantum computing is a major threat to contemporary security mechanisms. As standards bodies increasingly focus on post-quantum cryptography, hash-based signatures in particular are often mentioned as a viable solution for quantum-safe authentication. Uniquely, such schemes only require minimal secu...

Full description

Saved in:
Bibliographic Details
Published in:2017 Tenth International Conference on Mobile Computing and Ubiquitous Network (ICMU) pp. 1 - 6
Main Authors: Butin, Denis, Walde, Julian, Buchmann, Johannes
Format: Conference Proceeding
Language:English
Published: IPSJ 01-10-2017
Subjects:
Authentication
Ciphers
Encoding
Libraries
Protocols
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Quantum computing is a major threat to contemporary security mechanisms. As standards bodies increasingly focus on post-quantum cryptography, hash-based signatures in particular are often mentioned as a viable solution for quantum-safe authentication. Uniquely, such schemes only require minimal security assumptions. While their security has been analysed thoroughly, their concrete integration in popular security protocols has not been addressed so far. In this paper, we describe our integration of the XMSS hash-based signature scheme into the popular OpenSSL security library. In particular, we introduce support for EVP, ASN.1 and X.509 formats in OpenSSL and for the widely-deployed TLS and S/MIME protocols. Since OpenSSL is sparsely documented, our account can be used as a guide to integrating new signature schemes into the library. Beyond this core integration, we analyse real-world constraints for these protocols, taking into account scheme specificities. Finally, we introduce a strategy for deeper integration and optimised performance.
DOI:10.23919/ICMU.2017.8330093