Post-Quantum Hybrid Digital Signatures with Hardware-Support for Digital Twins

by   Saif E. Nouma, et al.

Digital Twins (DT) virtually model cyber-physical objects using Internet of Things (IoT) components (e.g., sensors) to gather and process senstive information stored in the cloud. Trustworthiness of the streamed data is crucial which requires quantum safety and breach resiliency. Digital signatures are essential for scalable authentication and non-repudiation. Yet, NIST PQC signature standards are exorbitantly costly for low-end IoT without considering forward security. Moreover, Post-Quantum (PQ) signatures lack aggregation, which is highly desirable to reduce the transmission and storage burdens in DTs. Hence, there is an urgent need for lightweight digital signatures that offer compromise resiliency and compactness while permitting an effective transition into the PQ era for DTs. We create a series of highly lightweight digital signatures called Hardware-ASsisted Efficient Signature (HASES) that meets the above requirements. The core of HASES is a hardware-assisted cryptographic commitment construct oracle (CCO) that permits verifiers to obtain expensive commitments without signer interaction. We created three HASES schemes: PQ-HASES is a forward-secure PQ signature, LA-HASES is an efficient aggregate Elliptic-Curve signature, and HY-HASES is a novel hybrid scheme that combines PQ-HASES and LA-HASES with novel strong nesting and sequential aggregation. HASES does not require a secure-hardware on the signer. We proved that HASES schemes are secure and implemented them on commodity hardware and an 8-bit AVR ATmega2560. Our experiments confirm that PQ-HASES and LA-HASES are two magnitudes of times more signer efficient than their PQ and conventional-secure counterparts, respectively. HY-HASES outperforms NIST PQC and conventional signature combinations, offering a standardcompliant transitional solution for emerging DTs. We open-source HASES schemes for public testing and adaptation.


page 1

page 14


FROG: Forward-Secure Post-Quantum Signature

Forward-secure signatures guarantee that the signatures generated before...

Post-Quantum Signatures in DNSSEC via Request-Based Fragmentation

The Domain Name System Security Extensions (DNSSEC) provide authenticati...

A Novel IoT Sensor Authentication Using HaLo Extraction Method and Memory Chip Variability

In this paper, we propose flash-based hardware security primitives as a ...

Ultra Lightweight Multiple-time Digital Signature for the Internet of Things Devices

Digital signatures are basic cryptographic tools to provide authenticati...

PUF Probe: A PUF-based Hardware Authentication Equipment for IEDs

Intelligent Electronic Devices (IEDs) are vital components in modern ele...

Non-Repudiation for VoIP Communication in UMTS and LTE Networks

This thesis work presents an architectural design of a system to bring n...

On the Role of Hash-based Signatures in Quantum-Safe Internet of Things: Current Solutions and Future Directions

The Internet of Things (IoT) is gaining ground as a pervasive presence a...

Please sign up or login with your details

Forgot password? Click here to reset