1 / 13

State Management in Hash-Based Signatures

State Management in Hash-Based Signatures. David McGrew , Panos Kampanakis, Scott Fluhrer, Stefan-Lukas Gazdag, Denis Butin, Johannes Buchmann {mcgrew,pkampana,sfluhrer}@cisco.com stefan-lukas_gazdag@genua.eu {dbutin,buchmann}@cdc.informatik.tu-darmstadt.de. C. F. R. G. 4/8/16.

eloiseo
Download Presentation

State Management in Hash-Based Signatures

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. State Management in Hash-Based Signatures David McGrew, Panos Kampanakis, Scott Fluhrer, Stefan-Lukas Gazdag, Denis Butin, Johannes Buchmann {mcgrew,pkampana,sfluhrer}@cisco.com stefan-lukas_gazdag@genua.eu {dbutin,buchmann}@cdc.informatik.tu-darmstadt.de C F R G 4/8/16 CFRG @ IETF95 1

  2. One-Time Signatures • Merkle • Signatures • Hierarchical • Signatures • 1,048,576 Signatures • ~4.5KB • 1 Signature • ~2KB • 1024 Signatures • ~2.5KB 4/8/16 CFRG @ IETF95 2

  3. Private key state management File System Cache Disk Cache readKN M write i=N+1 Synchronization Delay ok Sig(KN, M) 4/8/16 CFRG @ IETF95 3

  4. State management issues • Synchronization delay • Synchronization failure • Implementation problem • Nonvolatile cloning • System backup • Volatile cloning • VM cloning Performance Security; testable Security; not testable Security; not testable 4/8/16 CFRG @ IETF95 4

  5. State management issues • Synchronization delay • Synchronization failure • Implementation problem • Nonvolatile cloning • System backup • Volatile cloning • VM cloning Performance Security; testable Security; not testable Also breaks: Entropy pools and PRNGs Deterministic IVs and Nonces Encryption counters Digital signature seeds One Time Passwords (OTP) TCP sequence numbers 4/8/16 CFRG @ IETF95 5

  6. Scheme = (Key Generation, Signing, Verifying) Key Generation Kpriv Signing Sig M Verifying Kpub 0/1 4/8/16 CFRG @ IETF95 6

  7. Scheme = (Key Generation, Reservation, Signing, Verifying) Reservation Key Generation Kpriv Signing Sig M Verifying Kpub 0/1 4/8/16 CFRG @ IETF95 7

  8. Signing with State Reservation { reserve next R OTS keys Kj, Kj+1, … , Kj+R while j< R { sign message Mj with Kjand increment i } } 4/8/16 CFRG @ IETF95 8

  9. Hierarchical signatures and state reservation Nonvolatile Volatile 4/8/16 CFRG @ IETF95 9

  10. Hierarchical signatures and state reservation • Synchronization delay • Synchronization failure • Unintended cloning • Nonvolatile • Volatile SOLVED SOLVED Nonvolatile NOT SOLVED NONISSUE Volatile 4/8/16 CFRG @ IETF95 10

  11. Stateless HBS • No synchronization or cloning issues! • SPHINCS • ~ 45 KB signatures • Significantly slower signing times 4/8/16 CFRG @ IETF95 11

  12. Hybrid stateful/stateless signatures • Synchronization delay • Synchronization failure • Unintended cloning • Nonvolatile • Volatile SOLVED SOLVED Stateless SOLVED NONISSUE Stateful 4/8/16 CFRG @ IETF95 12

  13. Please do not delete this slide if you would like to use this style. Click the right hand corner of the image to select it. Right click on the image and select Change Picture to locate your image and insert it. 1979 Technology Rocks!

More Related