April 7-10, 2025 | Toronto, Canada

Applied PQC – Deploying Stateful Hash-Based Signature Algorithms in Distributed Environments (Q30a)

20 Sep 2024
09:00

Applied PQC – Deploying Stateful Hash-Based Signature Algorithms in Distributed Environments (Q30a)

Today, customers utilize various types of PQC algorithms implemented in hardware security modules (HSMs) to safeguard their businesses, with applications ranging from communication security to software signing. Stateful hash-based signature algorithms such as LMS/HSS and XMSS/XMSSMT are frequently chosen due to their robustness against future quantum computer attacks. However, practical implementation faces challenges in scaling due to the complexity of managing state in distributed environments. Specifically, preventing the reuse of One-Time Signature (OTS) keys throughout their lifecycle is imperative for security, even across multiple disconnected system nodes. These challenges can be addressed, including through the use of hardware security modules, by employing an OTS-preserving framework designed to enable stateful hash-based signature algorithms in distributed environments. The talk will outline design requirements for proper state handling in real-world distributed environments, describe the proposed OTS-preserving framework, its implementation status, and its discussion within the PQC community, including with NIST, and conclude by presenting a customer implementation.