PQC signature process for HSM
Private keys are used to protect all security-relevant processes in companies. They are valuable because they hide the "secret" for decrypting the previously encrypted data. This sensitive key material must be kept highly secure. Hardware security modules (HSM) play a very important role in this context. HSMs are particularly effective in protecting the stored private keys from unauthorized access and ensure that cryptographic operations can be performed quickly.
For private keys of post-quantum cryptosystems there are still no HSMs that natively support their storage and use. But Utimaco HSMs can already be extended for the use of post-quantum cryptosystems. This is realized by developing special cryptographic modules that are loaded into the HSM. MTG has developed a special PQC module for exactly this purpose.
Utimaco General Purpose Hardware-Sicherheitsmodule: CryptoServer LAN V5 (© Utimaco GmbH)
For the implementation of a PQC signature procedure in the Utimaco HSM, the so-called XMSS algorithm has been applied. XMSS is the world's first standardized signature method for post-quantum cryptography, developed by Prof. Dr. Johannes Buchmann and his research team.
The MTG XMSS module for the Utimaco HSM enables a secure storage and usage of XMSS keys. This algorithm is appropriate, for example, to secure the boot and update process of firmware in embedded systems against quantum computer attacks in the future. PQC is particularly relevant for systems that are used for long-life products in transportation, aerospace or comparable critical areas of application.
Additional PQC Modules for HSM
More PQC algorithms can be developed for the Utimaco HSM upon request. Currently we are working with the following PQC algorithms:
- Classic McEliece
- SPHINCS+
- Others upon request