SPHINCS+是一种无状态的数字签名算法.2022年11月,美国国家标准与技术研究院(NIST)宣布SPHINCS+成为即将被标准化的后量子数字签名算法,目前已进入具体参数选取的讨论阶段.SPHINCS+的安全性仅依赖于其所使用的杂凑函数的抗某种变体的(第...SPHINCS+是一种无状态的数字签名算法.2022年11月,美国国家标准与技术研究院(NIST)宣布SPHINCS+成为即将被标准化的后量子数字签名算法,目前已进入具体参数选取的讨论阶段.SPHINCS+的安全性仅依赖于其所使用的杂凑函数的抗某种变体的(第二)原像攻击的强度,从安全性角度看,基于杂凑函数的数字签名方案是最保守的设计.在第四届NIST后量子密码标准化会议中,NIST后量子密码(NIST PQC)团队Dustin Moody在他的报告“NIST PQC:Looking into the future”中指出了选择SPHINCS+的原因:坚实的安全性以及其基于与格密码不同的安全性假设.本文利用杂凑函数SM3实例化SPHINCS+,给出了2组达到NIST后量子密码算法征集文档(NIST PQC CFP)中第1安全等级的参数实例,并进行了初步的性能测试.展开更多
SPHINCS+is a hash-based digital signature scheme that has been selected for post-quantum cryptography(PQC)standardization announced by the U.S.National Institute of Standards and Technology(NIST)in 2022.Although SPHIN...SPHINCS+is a hash-based digital signature scheme that has been selected for post-quantum cryptography(PQC)standardization announced by the U.S.National Institute of Standards and Technology(NIST)in 2022.Although SPHINCS+offers significant security against quantum attacks,its relatively slow computation times present a major obstacle to its practical deployment.To address this challenge,improving the computational efficiency of SPHINCS+becomes a critical task.The cryptographic operations in SPHINCS+rely on tweakable hash functions,with various hash algorithms available for selection.Among these,SHA-3 stands out as a widely adopted and NIST-standardized hash function,making it a preferred choice for implementation in SPHINCS+.In this work,we propose a dedicated coprocessor that integrates a SHA-3 accelerator along with its associated peripheral structure.This coprocessor is designed to extend the RISC-V instruction set by incorporating seven custom instructions,enabling efficient software-hardware co-acceleration.Furthermore,we investigate the parallelizable components within SPHINCS+,specifically the FORS and WOTS+Algorithms,to identify means for optimization.By leveraging thread-level parallelism through multi-core programming,we achieve significant improvements in performance.To validate the design,synthesis is performed using TSMC 28-nm CMOS technology at 800 MHz.Compared to the benchmark results from the ARM Cortex-M4 processor,our approach achieves an impressive 23.1×speedup in the overall single-core performance of SPHINCS+,with an additional 3.4×speedup for the verification process by utilizing multi-core acceleration.展开更多
TheIndustrial Internet of Things(IIoT)has emerged as a cornerstone of Industry 4.0,enabling large-scale automation and data-driven decision-making across factories,supply chains,and critical infrastructures.However,th...TheIndustrial Internet of Things(IIoT)has emerged as a cornerstone of Industry 4.0,enabling large-scale automation and data-driven decision-making across factories,supply chains,and critical infrastructures.However,the massive interconnection of resource-constrained devices also amplifies the risks of eavesdropping,data tampering,and device impersonation.While digital signatures are indispensable for ensuring authenticity and non-repudiation,conventional schemes such as RSA and ECCare vulnerable to quantumalgorithms,jeopardizing long-termtrust in IIoT deployments.This study proposes a lightweight,stateless,hash-based signature scheme that achieves post-quantum security while addressing the stringent efficiency demands of IIoT.The design introduces two key optimizations:(1)Forest ofRandomSubsets(FORS)onDemand,where subset secret keys are generated dynamically via a PseudoRandom Function(PRF),thereby minimizing storage overhead and eliminating key-reuse risks;and(2)Winternitz One-Time Signature Plus(WOTS+)partial hash-chain caching,which precomputes intermediate hash values at edge gateways,reducing device-side computations,latency,and energy consumption.The architecture integrates a multi-layerMerkle authentication tree(Merkle tree)and role-based delegation across sensors,gateways,and a Signature Authority Center(SAC),supporting scalable cross-site deployment and key rotation.Froma theoretical perspective,we establish a formal(Existential Unforgeability under Chosen Message Attack)EUF-CMA security proof using a game-based reduction framework.The proof demonstrates that any successful forgerymust reduce to breaking the underlying assumptions of PRF indistinguishability,(second)preimage resistance,or collision resistance,thus quantifying adversarial advantage and ensuring unforgeability.On the implementation side,our design achieves a balanced trade-off between postquantum security and lightweight performance,offering concrete deployment guidelines for real-time industrial systems.In summary,the proposed method contributes both practical system design and formal security guarantees,providing IIoT with a deployable signature substrate that enhances resilience against quantum-era threats and supports future extensions such as device attestation,group signatures,and anomaly detection.展开更多
文摘SPHINCS+是一种无状态的数字签名算法.2022年11月,美国国家标准与技术研究院(NIST)宣布SPHINCS+成为即将被标准化的后量子数字签名算法,目前已进入具体参数选取的讨论阶段.SPHINCS+的安全性仅依赖于其所使用的杂凑函数的抗某种变体的(第二)原像攻击的强度,从安全性角度看,基于杂凑函数的数字签名方案是最保守的设计.在第四届NIST后量子密码标准化会议中,NIST后量子密码(NIST PQC)团队Dustin Moody在他的报告“NIST PQC:Looking into the future”中指出了选择SPHINCS+的原因:坚实的安全性以及其基于与格密码不同的安全性假设.本文利用杂凑函数SM3实例化SPHINCS+,给出了2组达到NIST后量子密码算法征集文档(NIST PQC CFP)中第1安全等级的参数实例,并进行了初步的性能测试.
基金supported by the National Natural Science Foundation of China under Grant 62234008Grant 61934002.
文摘SPHINCS+is a hash-based digital signature scheme that has been selected for post-quantum cryptography(PQC)standardization announced by the U.S.National Institute of Standards and Technology(NIST)in 2022.Although SPHINCS+offers significant security against quantum attacks,its relatively slow computation times present a major obstacle to its practical deployment.To address this challenge,improving the computational efficiency of SPHINCS+becomes a critical task.The cryptographic operations in SPHINCS+rely on tweakable hash functions,with various hash algorithms available for selection.Among these,SHA-3 stands out as a widely adopted and NIST-standardized hash function,making it a preferred choice for implementation in SPHINCS+.In this work,we propose a dedicated coprocessor that integrates a SHA-3 accelerator along with its associated peripheral structure.This coprocessor is designed to extend the RISC-V instruction set by incorporating seven custom instructions,enabling efficient software-hardware co-acceleration.Furthermore,we investigate the parallelizable components within SPHINCS+,specifically the FORS and WOTS+Algorithms,to identify means for optimization.By leveraging thread-level parallelism through multi-core programming,we achieve significant improvements in performance.To validate the design,synthesis is performed using TSMC 28-nm CMOS technology at 800 MHz.Compared to the benchmark results from the ARM Cortex-M4 processor,our approach achieves an impressive 23.1×speedup in the overall single-core performance of SPHINCS+,with an additional 3.4×speedup for the verification process by utilizing multi-core acceleration.
文摘TheIndustrial Internet of Things(IIoT)has emerged as a cornerstone of Industry 4.0,enabling large-scale automation and data-driven decision-making across factories,supply chains,and critical infrastructures.However,the massive interconnection of resource-constrained devices also amplifies the risks of eavesdropping,data tampering,and device impersonation.While digital signatures are indispensable for ensuring authenticity and non-repudiation,conventional schemes such as RSA and ECCare vulnerable to quantumalgorithms,jeopardizing long-termtrust in IIoT deployments.This study proposes a lightweight,stateless,hash-based signature scheme that achieves post-quantum security while addressing the stringent efficiency demands of IIoT.The design introduces two key optimizations:(1)Forest ofRandomSubsets(FORS)onDemand,where subset secret keys are generated dynamically via a PseudoRandom Function(PRF),thereby minimizing storage overhead and eliminating key-reuse risks;and(2)Winternitz One-Time Signature Plus(WOTS+)partial hash-chain caching,which precomputes intermediate hash values at edge gateways,reducing device-side computations,latency,and energy consumption.The architecture integrates a multi-layerMerkle authentication tree(Merkle tree)and role-based delegation across sensors,gateways,and a Signature Authority Center(SAC),supporting scalable cross-site deployment and key rotation.Froma theoretical perspective,we establish a formal(Existential Unforgeability under Chosen Message Attack)EUF-CMA security proof using a game-based reduction framework.The proof demonstrates that any successful forgerymust reduce to breaking the underlying assumptions of PRF indistinguishability,(second)preimage resistance,or collision resistance,thus quantifying adversarial advantage and ensuring unforgeability.On the implementation side,our design achieves a balanced trade-off between postquantum security and lightweight performance,offering concrete deployment guidelines for real-time industrial systems.In summary,the proposed method contributes both practical system design and formal security guarantees,providing IIoT with a deployable signature substrate that enhances resilience against quantum-era threats and supports future extensions such as device attestation,group signatures,and anomaly detection.
