Surnaming Schemes, Fast Verification, and Applications to SGX Technology

Conference paper
First Online:
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10159)

Abstract

We introduce a new cryptographic primitive that we call surnaming, which is closely related to digital signatures, but has different syntax and security requirements. While surnaming can be constructed from a digital signature, we show that a direct construction can be somewhat simpler.

We explain how surnaming plays a central role in Intel’s new Software Guard Extensions (SGX) technology, and present its specific surnaming implementation as a special case. These results explain why SGX does not require a PKI or pinned keys for authorizing enclaves.

SGX motivates an interesting question in digital signature design: for reasons explained in the paper, it requires a digital signature scheme where verification must be as fast as possible, the public key must be short, but signature size is less important. We review the RSA-based method currently used in SGX and evaluate its performance.

Finally, we propose a new hash-based signature scheme where verification time is much faster than the RSA scheme used in SGX. Our scheme can be scaled to provide post-quantum security, thus offering a viable alternative to the current SGX surnaming system, for a time when post-quantum security becomes necessary.

Keywords

Digital signatures Fast verification Software Guard Extensions (SGX) technology Post-quantum secure signatures 
This is a preview of subscription content, log in to check access.

Notes

Acknowledgments

The first author is supported by NSF, DARPA, the Simons foundation, and a grant from ONR. Opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of DARPA. The second author is supported by the PQCRYPTO project, which is partially funded by the European Commission Horizon 2020 research Programme, grant #645622, by the Blavatnik Interdisciplinary Cyber Research Center (ICRC) at the Tel Aviv University, and by the ISRAEL SCIENCE FOUNDATION (grant No. 1018/16).

References

  1. 1.
    An attack on RSA digital signature. A NIST document (2006). http://csrc.nist.gov/groups/ST/toolkit/documents/dss/RSAstatement_10-12-06.pdf
  2. 2.
    Intel\(^{\textregistered }\) Software Guard Extensions Programming Reference (2014). https://software.intel.com/en-us/isa-extensions/intel-sgx
  3. 3.
    Anati, I., Gueron, S., Johnson, S., Scarlata, V.: Innovative technology for CPU based attestation and sealing. In: Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy, vol. 13 (2013)Google Scholar
  4. 4.
    Bellare, M., Rogaway, P.: The exact security of digital signatures-how to sign with RSA and Rabin. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 399–416. Springer, Heidelberg (1996). doi: 10.1007/3-540-68339-9_34 CrossRefGoogle Scholar
  5. 5.
    Bernstein, D.J., Hopwood, D., Hülsing, A., Lange, T., Niederhagen, R., Papachristodoulou, L., Schneider, M., Schwabe, P., Wilcox-O’Hearn, Z.: SPHINCS: practical stateless hash-based signatures. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 368–397. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-46800-5_15 Google Scholar
  6. 6.
    Bleichenbacher, D., Maurer, U.: On the efficiency of one-time digital signatures. In: Kim, K., Matsumoto, T. (eds.) ASIACRYPT 1996. LNCS, vol. 1163, pp. 145–158. Springer, Heidelberg (1996). doi: 10.1007/BFb0034843 CrossRefGoogle Scholar
  7. 7.
    Boneh, D., Gueron, S.: Surnaming schemes, fast verification, and applications to SGX technology (2016). http://crypto.stanford.edu/~dabo/pubs/abstracts/surnaming.html
  8. 8.
    Boneh, D., Lynn, B., Shacham, H.: Short signatures from the Weil pairing. J. Cryptol. 17(4), 297–319 (2004)MathSciNetCrossRefMATHGoogle Scholar
  9. 9.
    Buchmann, J., Dahmen, E., Ereth, S., Hülsing, A., Rückert, M.: On the security of the Winternitz one-time signature scheme. In: Nitaj, A., Pointcheval, D. (eds.) AFRICACRYPT 2011. LNCS, vol. 6737, pp. 363–378. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-21969-6_23 CrossRefGoogle Scholar
  10. 10.
    Gueron, S.: Quick verification of RSA signatures. In: 2011 Eighth International Conference on Information Technology: New Generations (ITNG), pp. 382–386, April 2011Google Scholar
  11. 11.
    Gueron, S.: A memory encryption engine suitable for general purpose processors. Cryptology ePrint Archive, Report 2016/204 (2016). http://eprint.iacr.org/
  12. 12.
    Gueron, S., Krasnov, V.: Improved P256 ECC performance by means of a dedicated function for modular inversion modulo the P256 group order. OpenSSL patch (2015). https://mta.openssl.org/pipermail/openssl-dev/2015-December/003821.html
  13. 13.
    Gueron, S., Mouha, N.: Simpira v2: a family of efficient permutations using the AES round function. Cryptology ePrint Archive, Report 2016/122 (2016)Google Scholar
  14. 14.
    Halevi, S., Krawczyk, H.: Strengthening digital signatures via randomized hashing. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 41–59. Springer, Heidelberg (2006). doi: 10.1007/11818175_3 CrossRefGoogle Scholar
  15. 15.
    Hoekstra, M., Lal, R., Pappachan, P., Phegade, V., Del Cuvillo, J.: Using innovative instructions to create trustworthy software solutions. In: Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy, HASP 2013, p. 11:1. ACM, New York (2013)Google Scholar
  16. 16.
    Johnson, S., Scarlata, V., Rozas, C., Brickell, E., Mckeen, F.: Extensions, Intel\(^{\textregistered }\) Software Guard: EPID provisioning and attestation services. White Paper (2016)Google Scholar
  17. 17.
    Kaliski, B.S.: Public-Key Cryptography Standards (PKCS) #1: RSA CryptographySpecifications Version 2.1. RFC 3447, October 2015Google Scholar
  18. 18.
    McKeen, F., Alexandrovich, I., Berenzon, A., Rozas, C.V., Shafi, H., Shanbhogue, V., Savagaonkar, U.R.: Innovative instructions and software model for isolated execution. In: Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy, HASP 2013, p. 10:1. ACM, New York (2013)Google Scholar
  19. 19.
    Menezes, A.: Another look at HMQV. Cryptology ePrint Archive, Report 2005/205 (2005). http://eprint.iacr.org/
  20. 20.
    Merkle, R.C.: A certified digital signature. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 218–238. Springer, Heidelberg (1990). doi: 10.1007/0-387-34805-0_21 CrossRefGoogle Scholar
  21. 21.
    Nyberg, K., Rueppel, A.: A new signature scheme based on the DSA giving message recovery. In: Proceedings of the 1st ACM Conference on Computer and Communications Security, CCS 1993 (1993)Google Scholar
  22. 22.
    Reyzin, L., Reyzin, N.: Better than BiBa: short one-time signatures with fast signing and verifying. In: Batten, L., Seberry, J. (eds.) ACISP 2002. LNCS, vol. 2384, pp. 144–153. Springer, Heidelberg (2002). doi: 10.1007/3-540-45450-0_11 CrossRefGoogle Scholar
  23. 23.
    Rivest, R.L., Hellman, M.E., Anderson, J.C., Lyons, J.W.: Responses to NIST’s proposal. Commun. ACM 35(7), 41–54 (1992)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.Department of Computer ScienceStanford UniversityStanfordUSA
  2. 2.Department of MathematicsUniversity of HaifaHaifaIsrael
  3. 3.Intel Development CenterIntel CorporationHaifaIsrael

Personalised recommendations