计算机科学
散列函数
数字签名
密码学
椭圆曲线数字签名算法
计算机安全
认证(法律)
数字信号运算法则
凭据
公钥基础设施
公钥密码术
理论计算机科学
加密
椭圆曲线密码
作者
Amelia Holcomb,Geovandro C. C. F. Pereira,Bhargav Das,Michele Mosca
标识
DOI:10.1109/icbc51069.2021.9461070
摘要
Hyperledger Fabric is a prominent and flexible solution for building permissioned distributed ledger platforms. Access control and identity management relies on a Membership Service Provider (MSP) whose cryptographic interface only handles standard PKI methods for authentication: RSA and ECDSA classical signatures. Also, MSP-issued credentials may use only one signature scheme, tying the credential-related functions to classical single-signature primitives. RSA and ECDSA are vulnerable to quantum attacks, with an ongoing post-quantum standardization process to identify quantum-safe drop-in replacements. In this paper, we propose a redesign of Fabric's credential-management procedures and related specifications in order to incorporate hybrid digital signatures, protecting against both classical and quantum attacks using one classical and one quantum-safe signature. We create PQFabric, an implementation of Fabric with hybrid signatures that integrates with the Open Quantum Safe (OQS) library. Our implementation offers complete crypto-agility, with the ability to perform live migration to a hybrid quantum-safe blockchain and select any existing OQS signature algorithm for each node. We perform comparative benchmarks of PQFabric with each of the NIST candidates and alternates, revealing that long public keys and signatures lead to an increase in hashing time that is sometimes comparable to the time spent signing or verifying messages itself. This is a new and potentially significant issue in the migration of blockchains to post-quantum signatures.
科研通智能强力驱动
Strongly Powered by AbleSci AI