Abstract
Stateful hash-based signature schemes, which are quantum secure, are being increasingly used across the industry, especially as CNSA 2.0 [4] defines requirements for their use in US National Security Systems going forwards. However, the fact that they are stateful, coupled with the security risk from repetition of the state , introduces concerns around resiliency of the key: backing up the key and state may result in state repetition and therefore a loss of security, but not backing up the key may result in losing the key if key storage fails.
Here, we propose a solution to this problem by enabling an original crypto module who has the key and state to share the key and a subset of the state space with another destination module, but to do so only after the originating module has verified that the destination module is compliant to some policy.
Creative Commons License
This work is licensed under a Creative Commons Attribution-Share Alike 4.0 License.
Recommended Citation
INC, HP, "Sharing stateful hash-based signature keys and state with a compliant device", Technical Disclosure Commons, (July 16, 2024)
https://www.tdcommons.org/dpubs_series/7197