Login Papers Register

Need an account to vote? Register to attend at gsec.hitb.org/sg2017/

<< previous next >>

What Could Go Wrong with Stateful Quantum Resistant Digital Signatures

Najwa Aaraj

0 vote(s)

NSA's Information Assurance Directorate has announced that they will initiate a government-wide transition to quantum-resistant algorithms.

Current public-key standards do not meet the requirement for quantum security. Both RSA (factoring-based) and ECDSA/ECDH (Elliptic Curve Discrete log - based) algorithms can be  broken in polynomial time with quantum computers. For this reason, NIST has initiated a post-quantum project calling for proposals with the aim of standardizing one or  more quantum-resistant public-key cryptographic algorithms within the upcoming years.

We focus on hash-based signatures, a potential replacement for today's signatures schemes given their well understood and reliable security estimates. There are two main families of hash-based signatures: stateful and stateless. We review the different algorithms that compose stateful schemes and some industrial applications. Finally, we dissect the scenarios that could lead to severe security breaches.

In the talk, we would be able to cover the following aspects (for now):

-    Key re-usage
-    PRNG
-    Smartcard cloning (if embedded into a smartcard and used for authentication)
-    SHA-1 in XMSS and MSS: they require a pre-image resistant hashÖ so what could happen with sha-1 collision?
-    Side Channel Analysis

The talk provides an insight of a unique experience of implementing post-quantum cryptography schemes at production code level as well as an overview of all the traps on your way to post quantum security. To our knowledge, our team is one of the few teams in the world leading such project, plus we contribute to the standardization effort of the presented schemes.


#1 Get sensibilized to Post Quantum Crypto
#2 Know the path from scientific publications to production code level
#3 Avoid those silly simple mistakes which will make you vulnerable against a non-quantum adversary

About Najwa Aaraj

Senior Vice President – Special Projects at DarkMatter LLC, with 12+ years experience in information and systems security. International Experience: USA, Middle East, Australia, Africa, Asia


* Ph.D. with Highest Honors in Computer Engineering from Princeton University
* Masters Degree in Computer Engineering from Princeton University
* B.Eng. in Computer and Communication Engineering from American University of Beirut

Employment History

* Lead Senior Associate, Booz & Company, USA and Middle East
* Research Staff Member, NEC Labs-Princeton University, NJ, USA
* Research Staff Member, IBM T. J. Watson, NY, USA
* Research Staff Member, Intel Corporation, Oregon, USA

Cyber Security – Related Experience