Download PDFOpen PDF in browser

XMSS-based Chain of Trust

17 pagesPublished: October 3, 2022


Given that large-scale quantum computers can eventually compute discrete logarithm and integer factorization in polynomial time [44], all asymmetric cryptographic schemes will break down. Hence, replacing them becomes mandatory. For this purpose, the Na- tional Institute of Standards and Technology (NIST) initiated a standardization process for post-quantum schemes. These schemes are supposed to substitute classical cryptography in different use-cases, such as client-server authentication during the TLS handshake. How- ever, their signatures, public key sizes, and signature verification time impose difficulty, especially for resource-constrained devices. In this paper, we improve the TLS hand- shake performance relying on post-quantum signatures by combining the XMSS and the Dilithium signature schemes along the chain of certificates. We provide proof-of-concept implementation of our solution by integrating the two signature schemes in the WolfSSL library. Moreover, we evaluate the performance of our solution and establish that it re- duces the signature verification time considerably and minimizes the size of the chain of trust. We provide a security proof of the proposed chain of trust which is relies on the security of the XMSS scheme.

Keyphrases: Chain of Trust, Dilithium, handshake protocol, post-quantum cryptography, XMSS

In: Ulrich Kühne and Fan Zhang (editors). Proceedings of 10th International Workshop on Security Proofs for Embedded Systems, vol 87, pages 66--82

BibTeX entry
  author    = {Soundes Marzougui and Jean-Pierre Seifert},
  title     = {XMSS-based Chain of Trust},
  booktitle = {Proceedings of 10th International Workshop on Security Proofs for Embedded Systems},
  editor    = {Ulrich K\textbackslash{}"uhne and Fan Zhang},
  series    = {EPiC Series in Computing},
  volume    = {87},
  pages     = {66--82},
  year      = {2022},
  publisher = {EasyChair},
  bibsource = {EasyChair,},
  issn      = {2398-7340},
  url       = {},
  doi       = {10.29007/2fv1}}
Download PDFOpen PDF in browser