As a part of our effort to deploy quantum resistant cryptography, we’re comfortable to announce the launch of the primary quantum resilient FIDO2 safety key implementation as a part of OpenSK, our open supply safety key firmware. This open-source {hardware} optimized implementation makes use of a novel ECC/Dilithium hybrid signature schema that advantages from the safety of ECC in opposition to commonplace assaults and Dilithium’s resilience in opposition to quantum assaults. This schema was co-developed in partnership with the ETH Zürich and gained the ACNS safe cryptographic implementation workshop finest paper.
Quantum processor
As progress towards sensible quantum computer systems is accelerating, making ready for his or her introduction is turning into a extra urgent situation as time passes. In explicit, commonplace public key cryptography which was designed to guard in opposition to conventional computer systems, will be unable to face up to quantum assaults. Fortunately, with the current standardization of public key quantum resilient cryptography together with the Dilithium algorithm, we now have a transparent path to safe safety keys in opposition to quantum assaults.
While quantum assaults are nonetheless within the distant future, deploying cryptography at Internet scale is a large enterprise which is why doing it as early as doable is significant. In explicit, for safety keys this course of is anticipated to be gradual as customers must purchase new ones as soon as FIDO has standardized put up quantum cryptography resilient cryptography and this new commonplace is supported by main browser distributors.
Hybrid signature: Strong nesting with classical and PQC scheme
Our proposed implementation depends on a hybrid strategy that mixes the battle examined ECDSA signature algorithm and the lately standardized quantum resistant signature algorithm, Dilithium. In collaboration with ETH, we developed this novel hybrid signature schema that provides the perfect of each worlds. Relying on a hybrid signature is vital because the safety of Dilithium and different lately standardized quantum resistant algorithms haven’t but stood the take a look at of time and up to date assaults on Rainbow (one other quantum resilient algorithm) exhibit the necessity for warning. This cautiousness is especially warranted for safety keys as most can’t be upgraded – though we’re working towards it for OpenSK. The hybrid strategy can be utilized in different post-quantum efforts like Chrome’s help for TLS.
On the technical aspect, a big problem was to create a Dilithium implementation sufficiently small to run on safety keys’ constrained {hardware}. Through cautious optimization, we have been capable of develop a Rust reminiscence optimized implementation that solely required 20 KB of reminiscence, which was small enough sufficient. We additionally frolicked making certain that our implementation signature pace was properly throughout the anticipated safety keys specification. That stated, we imagine enhancing signature pace additional by leveraging {hardware} acceleration would enable for keys to be extra responsive.
Moving ahead, we hope to see this implementation (or a variant of it), being standardized as a part of the FIDO2 key specification and supported by main internet browsers in order that customers’ credentials may be protected in opposition to quantum assaults. If you have an interest in testing this algorithm or contributing to safety key analysis, head to our open supply implementation OpenSK.