Hash-Based TPM Signatures for the Quantum World

  • Megumi AndoEmail author
  • Joshua D. Guttman
  • Alberto R. Papaleo
  • John Scire
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9696)


Trusted Platform Modules (TPMs) provide trust and attestation services to the platforms they reside on, using public key encryption and digital signatures among other cryptography operations. However, the current standards mandate primitives that will be insecure in the presence of quantum computers. In this paper, we study how to eliminate these insecure primitives. We replace RSA-based digital signatures with a hash-based scheme. We show that this scheme can be implemented using reasonable amounts of space on the TPM. We also show how to protect the TPM from rollback attacks against these state-sensitive signature operations.


Post-quantum Trusted Platform Module (TPM) Attestation Identity Key (AIK) Merkle trees 



The authors would like to thank Anna Lysyanskaya for her suggestion on how to derive the ESK from a Primary Seed and Chris Eliopoulos Alicea, Joseph J. Ferraro, John D. Ramsdell, and the anonymous reviewers for helpful comments.


  1. 1.
    Alkim, E., Bindel, N., Buchmann, J., Dagdelen, Ö.: TESLA: Tightly-Secure Efficient Signatures from Standard Lattices. Cryptology ePrint Archive, Report 2015/755 (2015)Google Scholar
  2. 2.
    Arthur, W., Challener, D., Goldman, K.: A Practical Guide to TPM 2.0: Using the Trusted Platform Module in the New Age of Security. Apress, Berkeley (2015)CrossRefGoogle Scholar
  3. 3.
    Barak, B., Mahmoody-Ghidary, M.: Lower bounds on signatures from symmetric primitives. In: Proceedings of the 48th Annual IEEE Symposium on Foundations of Computer Science, pp. 680–688, October 2007Google Scholar
  4. 4.
    Bernstein, D.J., Buchmann, J., Dahmen, E. (eds.): Post-Quantum Cryptography. Springer Science & Business Media, Heidelberg (2009)zbMATHGoogle Scholar
  5. 5.
    Bernstein, D.J., et al.: SPHINCS: practical stateless hash-based signatures. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015, Part I. LNCS, vol. 9056, pp. 368–397. Springer, Heidelberg (2015)Google Scholar
  6. 6.
    Brickell, E., Camenisch, J., Chen, L.: Direct anonymous attestation. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, CCS 2004, pp. 132–145. ACM, New York, NY, USA (2004)Google Scholar
  7. 7.
    Buchmann, J., Dahmen, E., Hülsing, A.: XMSS–a practical forward secure signature scheme based on minimal security assumptions. In: Yang, B.-Y. (ed.) PQCrypto 2011. LNCS, vol. 7071, pp. 117–129. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  8. 8.
    Buchmann, J., Dahmen, E., Schneider, M.: Merkle tree traversal revisited. In: Buchmann, J., Ding, J. (eds.) PQCrypto 2008. LNCS, vol. 5299, pp. 63–78. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  9. 9.
    Challener, D., Yoder, K., Catherman, R., Safford, D., Van Doorn, L.: A Practical Guide to Trusted Computing. Pearson Education, Upper Saddle River (2007)Google Scholar
  10. 10.
    Coker, G., Guttman, J., Loscocco, P., Herzog, A., Millen, J., O’Hanlon, B., Ramsdell, J., Segall, A., Sheehy, J., Sniffen, B.: Principles of remote attestation. Int. J. Inf. Secur. 10(2), 63–81 (2011)CrossRefGoogle Scholar
  11. 11.
    Grover, L.K.: A fast quantum mechanical algorithm for database search. In: Proceedings of the Twenty-eighth Annual ACM Symposium on Theory of Computing, STOC 1996, pp. 212–219. ACM, New York, NY, USA (1996)Google Scholar
  12. 12.
    Ideguchi, K., Owada, T., Yoshida, H.: A study on RAM requirements of various SHA-3 Candidates on Low-cost 8-bit CPUs. IACR Cryptology ePrint Archive (2009)Google Scholar
  13. 13.
    Jakobsson, M., Leighton, T., Micali, S., Szydlo, M.: Fractal merkle tree representation and traversal. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 314–326. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  14. 14.
    Kinney, S.: Trusted Platform Module Basics: Using TPM in Embedded Systems. Elsevier Inc., Burlington (2006)Google Scholar
  15. 15.
    Merkle, R.C.: Advances in Cryptology–CRYPTO 1989 Proceedings, chapter A Certified Digital Signature, pp. 218–238 (1990)Google Scholar
  16. 16.
    Naor, D., Shenhav, A., Wool, A.: One-Time Signatures Revisited: Have They Become Practical? IACR Cryptology ePrint Archive (2005)Google Scholar
  17. 17.
    Parno, B., McCune, J.M., Perrig, A.: Bootstrapping trust in commodity computers. In: 2010 IEEE Symposium on Security and Privacy (SP), pp. 414–429. IEEE, May 2010Google Scholar
  18. 18.
    Parno, B., McCune, J.M., Perrig, A.: Bootstrapping Trust in Modern Computers. Springer Science & Business Media, New York (2011)CrossRefGoogle Scholar
  19. 19.
    Sarmenta, L.F., van Dijk, M., O’Donnell, C.W., Rhodes, J., Devadas, S.: Virtual monotonic counters and count-limited objects using a TPM without a trusted OS. In: Proceedings of the First ACM Workshop on Scalable Trusted Computing, STC 2006, pp. 27–42. ACM, New York, NY, USA (2006)Google Scholar
  20. 20.
    Scarlata, V., Rozas, C., Wiseman, M., Grawrock, D., Vishik, C.: Trusted Computing: Ein Weg zu neuen IT-Sicherheitsarchitekturen, chapter TPM Virtualization: Building a General Framework, pp. 43–56. Vieweg+Teubner (2008)Google Scholar
  21. 21.
    Segall, A.: Trusted platform modules: When, Why, and How to Use Them. Version: 21 June 2015Google Scholar
  22. 22.
    Peter, W.: Shor.: polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM Rev. 41(2), 303–332 (1999)MathSciNetCrossRefzbMATHGoogle Scholar
  23. 23.
    Szydlo, M.: Merkle tree traversal in log space and time. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 541–554. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  24. 24.
    TCG: TCG Vendor ID Registry, September 2015.

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • Megumi Ando
    • 1
    Email author
  • Joshua D. Guttman
    • 1
  • Alberto R. Papaleo
    • 1
  • John Scire
    • 2
  1. 1.The MITRE CorporationBedfordUSA
  2. 2.Stevens Institute of TechnologyHobokenUSA

Personalised recommendations