2017 Tenth International Conference on Mobile Computing and Ubiquitous Network (ICMU) (2017)
Oct. 3, 2017 to Oct. 5, 2017
Denis Butin , TU Darmstadt, Germany
Julian Walde , TU Darmstadt, Germany
Johannes Buchmann , TU Darmstadt, Germany
Quantum computing is a major threat to contemporary security mechanisms. As standards bodies increasingly focus on post-quantum cryptography, hash-based signatures in particular are often mentioned as a viable solution for quantum-safe authentication. Uniquely, such schemes only require minimal security assumptions. While their security has been analysed thoroughly, their concrete integration in popular security protocols has not been addressed so far. In this paper, we describe our integration of the XMSS hash-based signature scheme into the popular OpenSSL security library. In particular, we introduce support for EVP, ASN.1 and X.509 formats in OpenSSL and for the widely-deployed TLS and S/MIME protocols. Since OpenSSL is sparsely documented, our account can be used as a guide to integrating new signature schemes into the library. Beyond this core integration, we analyse real-world constraints for these protocols, taking into account scheme specificities. Finally, we introduce a strategy for deeper integration and optimised performance.
Protocols, Ciphers, Authentication, Libraries, Encoding
D. Butin, J. Walde and J. Buchmann, "Post-quantum authentication in OpenSSL with hash-based signatures," 2017 Tenth International Conference on Mobile Computing and Ubiquitous Network (ICMU), Toyama, Japan, 2017, pp. 1-6.