Monitoring system for monitoring hash-based digital signatures
By introducing a monitoring device between the signing device and the requesting device to monitor the use of the one-time public key, the problem of private key reuse in stateful hash-based signatures is solved, and the security monitoring and protection of the signature system is realized.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- SIEMENS AG
- Filing Date
- 2022-03-07
- Publication Date
- 2026-06-09
AI Technical Summary
Existing stateful hash-based signature schemes cannot effectively monitor whether one-time private keys are reused, and verifiers cannot check the signer's correct behavior, leading to security vulnerabilities.
By introducing a monitoring device between the signing device and the requesting device, the monitoring device extracts the one-time public key from the received digital signature and compares it with the previously stored public key. If the signature is reused, a warning signal is issued, and the invalid signature is blocked or forwarded, ensuring that the one-time private key is used only once.
It effectively prevents one-time private key reuse, ensures the security of the signature system, protects the signing device and the requesting device from attacks, and does not require modification of existing devices.
Smart Images

Figure CN117397202B_ABST
Abstract
Description
[0001] This disclosure relates to a method and monitoring system for monitoring hash-based digital signatures, including a requesting device, a monitoring apparatus, and a stateful hash-based cryptographic device.
[0002] Today, Internet of Things (IoT) devices are increasingly used in private and industrial environments. IoT devices communicate with each other or with controllers within public or private communication networks. Public-key cryptography is used to protect the authenticity of communication partners and the integrity of exchanged data. Digital signatures are applied to device certificates to provide protection against forgery. Therefore, digital signatures need to provide protection throughout the entire lifecycle of the device, which can extend to 10 to 20 years in industrial environments. Accordingly, public-key cryptographic schemes are needed that remain secure for 10 or 20 years.
[0003] Public-key cryptography refers to cryptosystems that use key pairs instead of individual secret keys. A key pair consists of a private key and a public key. The private key is known only to its owner, while the public key can be publicly distributed to anyone without compromising the security of the cryptosystem.
[0004] Digital signatures are an example of public-key cryptography, where a message is signed using the sender's private key and can be verified by anyone who has access to the corresponding sender's public key. Two widely adopted methods for public-key cryptography are RSA (Rivest-Shamir-Adleman) and elliptic curve cryptography. These cryptosystems are based on the RSA problem and the elliptic curve discrete logarithm algorithm problem, respectively. To date, no efficient method is known to solve such problems using current computing technology. This means that for sufficiently large numbers of data, solving such problems using traditional computers is considered impossible. However, efficient quantum algorithms (such as Shor's algorithm) are known to solve such problems with the help of quantum computers. This means that once sufficiently powerful quantum computers are built in the future, the security of RSA and elliptic curve cryptosystems will be at risk of compromise.
[0005] Post-quantum cryptography generally refers to a class of public-key cryptographic algorithms for which no efficient quantum or non-quantum algorithm is known to solve the underlying mathematical problems. One way to implement post-quantum digital signatures is to use a stateful hash-based signature algorithm. Any stateful hash-based signature scheme is built on one-time signatures and Merkle hash trees.
[0006] An example of a stateful hash-based signature algorithm is the Extended Merkle Signature Scheme (XMSS), which is built on the Winterniz One-Time Signature+ (WOTS+) and a Merkle tree. The Leighton-Micali Signature (LMS) scheme is another approach to hash-based signatures described in RFC 8554. XMSS and LMS are stateful algorithms, meaning that unlike traditional digital signature schemes (such as Digital Signature Algorithm (DSA) or Elliptic Curve Digital Signature Algorithm (ECDSA)), the internal state must be maintained and updated after each signature to ensure the correct operation and security of the digital signature system: it must be ensured that the WOTS+ secret key is not used more than once. Using the same WOTS+ secret key more than once implies a security vulnerability.
[0007] For users of stateful hash-based signatures, i.e., verifiers, there is no way to check whether the entity that generates the stateful hash-based signature (i.e., the signer) is behaving correctly.
[0008] Therefore, the purpose of this application is to provide a monitoring system and method that enables users of stateful hash-based signatures to identify security vulnerabilities in hash-based signatures, such as key reuse attacks or signer failures.
[0009] This objective is achieved through the features of the independent claim. The dependent claims contain further developments of the invention.
[0010] The first aspect relates to a monitoring system for monitoring hash-based digital signatures, comprising a requesting device, a monitoring device, and a signing device, wherein the monitoring device is configured to:
[0011] - Receive a signature request data structure from the requesting device, which includes the data to be digitally signed.
[0012] - Store the data to be signed.
[0013] - Receive a hash-based digital signature generated by a stateful hash-based cryptographic function of the signing device for the data to be signed.
[0014] - Extract a one-time signature from the received hash-based digital signature.
[0015] -The one-time public key is determined based on the stored data to be signed and the one-time signature.
[0016] - Compare the one-time public key with a previously determined one-time public key based on a hash-based digital signature previously received from the signing device, and
[0017] If the one-time public key differs from any of the previous one-time public keys, the one-time public key is stored in the data storage unit, and the received hash-based digital signature is forwarded to the requesting device.
[0018] If the one-time public key is equal to at least one of the previous one-time public keys, then output a first warning signal to the requesting device.
[0019] Based on the observation that one-time private keys are uniquely bound to their corresponding one-time public keys, one-time public keys are uniquely bound to one-time signatures, and one-time signatures are included within the corresponding stateful hash-based signatures. Since one-time public keys can be calculated from one-time signatures, it is possible to indirectly verify whether a one-time private key has been used multiple times by verifying whether the one-time public key has been seen. The monitoring system monitors structured signature request data and, in turn, provides hash-based signatures between the signature requesting device and the signing device. This monitoring is completely transparent from the perspective of both the signing device and the requesting device. Therefore, no adaptation is required in either the requesting device or the signing device. Based on a first warning signal, the requesting device is informed of the security vulnerability and can take countermeasures, such as aborting the signing process or requesting a new hash-based signature.
[0020] In a further embodiment of the monitoring system, if the one-time public key is equal to any of the previous public keys, the hash-based digital signature is blocked and not forwarded to the requesting device.
[0021] The requesting device must not receive malicious digital signatures and must not be compromised by key reuse attacks. Preventing one-time private key reuse is fundamental to ensuring the security of the signature system.
[0022] In a further embodiment of the monitoring system, the monitoring device is configured to send a second warning signal to the signing device if the one-time public key is equal to any of the previous public keys.
[0023] Thus, the signing device is informed about its unexpected and erroneous behavior and can take steps to recover from the erroneous state.
[0024] In a further embodiment of the monitoring system, upon receiving a second warning signal, the signing device generates an additional hash-based signature for the data to be signed. This signing process is not interrupted by sending an additional hash-based signature for the data to be signed, and the delay in providing the hash-based signature to the requesting device is minimized.
[0025] In a further embodiment, the monitoring device outputs a first warning signal to the requesting device only if all of the predefined number of additional hash-based signatures received for the data to be signed are equal to any of the previous one-time public keys.
[0026] Using this embodiment, the signing process can run without interruption in the event of a temporary failure, and genuine malicious behavior can be detected.
[0027] In a further embodiment of the monitoring device, the data storage unit is protected regarding data integrity.
[0028] This prevents the storage of one-time public keys from being corrupted and ensures that the current one-time public key is compared with the correct previous one-time public key.
[0029] In a further embodiment, the monitoring device stores additional metadata about the signature request data structure and / or metadata about the hash-based digital signature.
[0030] This enables further security checks to be performed on the monitoring device.
[0031] In a further embodiment, the monitoring device forwards the signature request data structure to the signing device, and / or the monitoring device forwards the hash-based digital signature received from the signing device to the requesting device.
[0032] This allows monitoring devices to directly block the transmission of hash-based signatures to the requesting device. The monitoring device can take over firewall functions related to signature retrieval.
[0033] In a further embodiment of the monitoring system, the signature request data structure is provided to the signing device without passing through the monitoring device, and the monitoring device receives the data to be signed and the hash-based digital signature generated for the data to be signed from the transmitting device.
[0034] This allows for centralized monitoring of the signing process. The monitoring device does not need to communicate directly between the requesting device and the signing device.
[0035] In a further embodiment, the monitoring device and the requesting device are included in a first communication network, and the signing device is included in a second communication network, wherein the first communication network is different from the second communication network.
[0036] The monitoring device provides gateway functionality to the second network and the signing device. Any damage to the signing device itself or the impact of a compromised second communication network on the signing device can be kept away from the first network and the requesting device. The monitoring device provides the first communication network with the possibility of verifying stateful, hash-based digital signatures provided in the external network (i.e., the second communication network).
[0037] In a further embodiment, the signing device initializes an internal state for a set of one-time private keys related to a stateful hash-based cryptographic function, generates a hash-based public key based on the initial internal state, and provides the hash-based public key to verify the generated hash-based digital signature. Therefore, each internal state of the stateful hash-based cryptographic function is uniquely associated with a one-time private key. The requesting device or a connected verifier unit can verify the integrity of the hash-based digital signature based on the provided hash-based public key.
[0038] In a further embodiment, when a signature request data structure is received, the stateful hash-based cryptographic function of the signing device is enabled, and after the requested hash-based signature is generated and provided, the stateful hash-based cryptographic function of the signing device is disabled.
[0039] By switching between two signature requests, the data structure protects stateful hash-based cryptographic functions from potential failures and attacks.
[0040] The second aspect relates to a monitoring device for monitoring hash-based digital signatures, comprising:
[0041] The interface unit is configured as follows:
[0042] - Receive a signature request data structure from the requesting device, which includes the data to be digitally signed.
[0043] - Store the data to be signed.
[0044] - Receives a hash-based digital signature generated by a stateful hash-based cryptographic function of the signing device for the data to be signed, and
[0045] The key evaluation unit is configured as follows:
[0046] - Extract a one-time signature from the received hash-based digital signature.
[0047] -The one-time public key is determined based on the stored data to be signed and the one-time signature.
[0048] - Compare the one-time public key with a previously determined one-time public key based on a hash-based digital signature previously received from the signing device, and
[0049] - If the one-time public key is different from any of the previous one-time public keys, the one-time public key is stored in the data storage unit, and the received hash-based digital signature is forwarded to the requesting device. If the one-time public key is equal to at least one of the previous one-time public keys, a first warning signal is output to the requesting device.
[0050] This monitoring device provides protection for both the signing and requesting devices against one-time key reuse attacks. An attacker would have to tamper not only with the signing device but also with the monitoring device to successfully subvert the hash-based signing process. If the signature is verified by a verifier unit connected to the requesting device, the verifier unit is also protected against such attacks.
[0051] The third aspect relates to a method for monitoring hash-based digital signatures, including:
[0052] - Receive a signature request data structure from the requesting device, which includes the data to be digitally signed.
[0053] - Store the data to be signed.
[0054] - Receive a hash-based digital signature generated by a stateful hash-based cryptographic function of the signing device for the data to be signed.
[0055] - Extract a one-time signature from the received hash-based digital signature.
[0056] -The one-time public key is determined based on the stored data to be signed and the one-time signature.
[0057] - Compare the one-time public key with a previously determined one-time public key based on a hash-based digital signature previously received from the signing device, and
[0058] - If the one-time public key is different from any of the previous one-time public keys, the one-time public key is stored in the data storage unit, and the received hash-based digital signature is forwarded to the requesting device. If the one-time public key is equal to any of the previous one-time public keys, a first warning signal is output to the requesting device.
[0059] The fourth aspect relates to a computer program product that can be directly loaded into the internal memory of a digital computer, including a software code portion that, when the product is run on the digital computer, performs the steps as described above.
[0060] The invention will be explained in more detail with reference to the accompanying drawings. Similar objects will be labeled with the same reference numerals.
[0061] Figure 1 A signature scheme for stateful hash-based digital cryptography is illustrated schematically.
[0062] Figure 2 The structure of a stateful hash-based digital signature is illustrated schematically.
[0063] Figure 3 A first embodiment of the monitoring system of the present invention is schematically illustrated, the monitoring system being configured to monitor hash-based digital signatures requested from a requesting device.
[0064] Figure 4 A second embodiment of the monitoring system of the present invention is schematically illustrated, which is configured to monitor hash-based digital signatures requested from a requesting device.
[0065] Figure 5 An embodiment of the monitoring device of the present invention is schematically illustrated, which is configured to monitor hash-based digital signatures requested from a requesting device.
[0066] Figure 6 An embodiment of the method of the present invention, illustrated by a flowchart, is shown.
[0067] Note that in the following detailed description of the embodiments, the accompanying drawings are merely illustrative, and the illustrated elements are not necessarily shown to scale. Rather, the drawings are intended to illustrate the function and cooperation of components. It is to be understood here that any connection or coupling of functional blocks, devices, components, or other physical or functional elements may also be achieved through indirect connections or couplings, such as via one or more intermediate elements. Connections or couplings of elements or components or nodes may be achieved, for example, through wire-based, wireless connections, and / or a combination of wire-based and wireless connections. Functional units may be implemented by dedicated hardware (e.g., a processor), firmware or software, and / or a combination of dedicated hardware and firmware and software. It should be further noted that each functional unit described for the apparatus may perform functional steps of the associated method.
[0068] Figure 1 The structure of a stateful hash-based cryptographic function, i.e., a stateful hash-based signature scheme, is shown. The hash-based signature scheme combines the One-Time Signature Scheme (OTSS) with a Merkle tree structure (MT). Since one-time signature scheme keys can only securely sign a single message (i.e., the data to be signed), it is feasible to combine many such keys within a single, larger structure. For this purpose, the Merkle tree structure (MT) is used. In this hierarchical data structure, hash functions and concatenation are repeatedly used to compute tree nodes.
[0069] In this way, the one-time private key OTsk is uniquely used to generate the one-time signature OTsig, and the one-time signature OTsig is uniquely bound to the one-time public key OTpk. The hash-based public key HBpk is determined based on all one-time signature scenarios. The hash-based public key HBpk is published to verify all hash-based digital signatures generated based on one of the one-time private keys OTsk.
[0070] As an example, the Extended Merkle Signature Scheme (XMSS) described in RFC 8391 uses a secret seed value and an index value to generate a Winternitzplus (WOTS+) private key. The index value is updated for each hash-based signature, ensuring that only a unique WOTS+ private key is generated. To guarantee the security of the XMSS cryptosystem, the signer generating the XMSS signature must ensure that the index value is never used more than once. This can be achieved using a secure monotonic counter that cannot be decremented or reset. This is typically a very strong requirement, and can even be circumvented in some cases, for example, by modifying the counter during signature computation after it has been securely loaded from memory. There is no way for an XMSS verifier to check whether the XMSS signer is behaving correctly. The Leighton-Micali Signature (LMS) scheme is another method for hash-based signatures described in RFC 8554.
[0071] Figure 2 The hash-based signature HBsig is shown. The hash-based signature HBsig is a data structure consisting of several segments 11, 12, 13, and 14. Segment 11 includes an index to the one-time key pair, and segment 12 includes a randomized message hash. Segment 13 includes the one-time signature OTsig. Segment 14 includes the so-called authentication path AP for the one-time key pair used, which provides the nodes of the Merkle tree required to compute the so-called root, which is the hash-based public key of all hash-based digital signatures 10 generated from one of the one-time private keys OTsk of the stateful hash-based signature scheme. See [link to relevant documentation]. Figure 1 .
[0072] The monitoring system, monitoring device, and method are based on the observation that a one-time private key OTsk is uniquely bound to its corresponding one-time public key OTpk, the one-time public key OTpk is uniquely bound to a one-time signature OTsig, and the one-time signature OTsig is included within a hash-based signature HBsig. Since the one-time public key OTpk can be calculated from the one-time signature OTsig, it is possible to indirectly verify whether the one-time private key OTsk has been used multiple times by verifying whether the one-time public key OTpk has been seen.
[0073] Figure 3A monitoring system 20 is illustrated, comprising a signing device 21 and a requesting device 23. The signing device 21 has a stateful hash-based cryptographic function and is configured to output a hash-based digital signature HBsig generated by the stateful hash-based cryptographic function. The requesting device 23 requests the hash-based digital signature HBsig from the signing device 21 for itself or a connected verifier device. To monitor whether the hash-based digital signature is based on a unique, one-time private key, a monitoring device 22 is inserted between the signing device 21 and the requesting device 23 to verify the hash-based digital signature HBsig generated by the signing device 21. The monitoring device 22 allows or blocks hash-based digital signature transactions based on whether the one-time private key OTsk is used only once. The monitoring device 22 is completely transparent from the perspectives of both the signing device 21 and the verifier device 24. No changes are required to the signing device 21 or the verifier device 24 connected to the requesting device 23. The requesting device 23 requires a specific adapter for receiving and processing warning signals only if the monitoring device 22 detects a vulnerability based on hash-based digital signatures.
[0074] During the setup phase, the signing device 21 initializes the state of its stateful hash-based cryptographic function and generates a hash-based public key HBpk, which is published, for example, on the requesting device and made accessible by any connected validator device 24.
[0075] When data (such as input messages) must be signed, the requesting device 23 generates data including the data to be signed (see [link to documentation]). Figure 3 The signature request data structure is sent to monitoring device 22, which forwards it to signing device 21 (see steps 1 and 2). Signing device 21 generates a hash-based digital signature HBsig for the data to be signed using, for example, a current one-time secret key generated using current state information, and sends it back to monitoring device 22 (see step 3). Monitoring device 22 extracts a one-time signature OTsig from the hash-based digital signature HBsig and uses the one-time signature OTsig and the data to be signed previously provided by the signature request data structure to calculate a one-time public key OTpk. Monitoring device 22 verifies whether the one-time public key OTpk already exists in data storage unit 25. Data storage unit 25 may be a component of monitoring device 22 or attached to monitoring device 22. Data storage unit 25 is protected regarding data integrity. Integrity protection can be ensured by digitally signing the contents of storage unit 25 or by storing the data in a blockchain or Merkle tree.
[0076] If the one-time public key OTpk does not exist in the data storage unit 25, it is added to the data storage unit 25.
[0077] The monitoring device 22 forwards the hash-based digital signature HBsig to the verifier device, see step 4.
[0078] Verifier device 24 receives the hash-based digital signature HBsig and the data to be signed (see step 5), and uses the hash-based public key HBpk published in the setup phase to verify the validity of the hash-based digital signature HBsig of the data to be signed. If the one-time public key OTpk already exists in data storage unit 25, a first alarm is issued, and the defined measures are applied.
[0079] In one embodiment, the monitoring device 22 and the requesting device 23 are included in a first communication network, and the signing device 21 is included in a second communication network, wherein the first communication network is different from the second communication network. In this scenario, the monitoring device 22 provides gateway and / or firewall functionality that blocks invalid hash-based signatures received from the second communication network.
[0080] Figure 4 A monitoring system 30 in an alternative communication environment is illustrated. The monitoring system 30 includes a signing device 31, a monitoring device 32, a requesting device 33, and at least one verifier device 34 connected to the requesting device 33. In this environment, the data to be signed is provided to the signing device 31 without passing through the monitoring device 32. Similarly, the generated hash-based digital signature HBsig may also bypass the monitoring device 32. In this environment, the data to be signed and the generated hash-based digital signature HBsig are transmitted to the monitoring device 32 via a transmission device 35, see [link to relevant documentation]. Figure 4 Steps 2a and 3a in the process. Monitoring device 32 stores the data to be signed received from transmission device 35.
[0081] When the generated hash-based digital signature HBsig is received from the transmitting device 35, the monitoring device 32 extracts a one-time signature OTsig from the received hash-based digital signature HBsig, determines a one-time public key OTpk based on the stored data to be signed and the one-time signature OTsig, and compares the one-time public key OTpk with a previously determined one-time public key based on a hash-based digital signature previously received from the signing device 31. If the one-time public key OTpk differs from any of the previously determined one-time public keys, the monitoring device stores the one-time public key in a data storage unit. It is assumed that the data storage unit is part of the monitoring unit 32. Optionally, the monitoring device outputs a release indicator indicating that the hash-based digital signature HBsig is valid. Upon receiving the release indicator, the transmitting device 35 forwards the hash-based digital signature HBsig to the requesting device 33. Alternatively, the requesting device 33 forwards the hash-based digital signature HBsig to the verifier device 34 upon receiving the release indicator.
[0082] If the one-time public key OTpk is equal to at least one of the previous one-time public keys, the monitoring device 32 outputs a first warning signal to the requesting device 33 via the transmitting device 35, see step 4. In one embodiment, when a signature request data structure is received, the stateful hash-based cryptographic functions of the signing devices 21 and 31 are enabled, and after the requested hash-based signature is generated and provided, the stateful hash-based cryptographic functions of the signing devices are disabled. All communication required for signing is handed over to the monitoring devices 22 and 32. When the hash-based digital signature HBsig is requested, the monitoring devices 22 and 32 enable the signing devices 21 and 31. Once the signing devices 21 and 31 have generated the hash-based digital signature HBsig, they can be disabled again. This protects the signing devices 21 and 31 from possible malfunctions and attacks.
[0083] Communication between signing devices 21 and 31, monitoring devices 22 and 32, requesting devices 23 and 33, and transmitting device 35 is encrypted. All of the above parties are mutually authenticated.
[0084] Figure 5 An embodiment of the monitoring device 40 is shown in more detail. The monitoring device 40 includes an interface unit 41, a data storage unit 42, and a key evaluation unit 43. The interface unit 41 is configured to receive a signature request data structure including data to be digitally signed, and to store the data to be signed. The interface unit 41 is configured to receive a signature request data structure from a transmitting device or a requesting device. The interface unit 41 is further configured to receive a hash-based digital signature generated by a stateful hash-based cryptographic function of a signing device for the data to be signed.
[0085] The key evaluation unit 43 is configured to extract a one-time signature OTsig from the received hash-based digital signature HBsig, and determine a one-time public key OTpk based on the stored data to be signed and the one-time signature OTsig. The key evaluation unit compares the one-time public key OTpk with a previous one-time public key determined based on a hash-based digital signature previously received from the signing device. If the one-time public key OTpk differs from any of the previous one-time public keys, the one-time public key OTpk is stored in the data storage unit 42.
[0086] If the one-time public key OTpk is equal to at least one of the previous one-time public keys stored in the data storage unit 42, the key evaluation unit 43 is configured to output a first warning signal to the requesting device. Optionally, hash-based digital signatures are blocked and not forwarded to the requesting device.
[0087] In one embodiment, the monitoring device 40 outputs a first warning signal to the requesting device only if all of the predefined number of additional hash-based signatures received for the data to be signed are equal to any of the previous one-time public keys. This means that after detecting reuse of the one-time private key OTsk, the monitoring device 40 does not immediately issue a first alarm, but rather informs the signing device about the unexpected behavior. The signing device can attempt to recover from its erroneous state and generate a hash-based digital signature HBsig using the next available one-time private key OTsk. This process can be repeated multiple times. If the signing device continuously fails to provide a valid hash-based digital signature HBsig, the monitoring device 40 eventually outputs the first alarm signal.
[0088] Optionally, the monitoring device 40 is configured to send a second warning signal to the signing device if the one-time public key OTpk is equal to any of the previous public keys. Upon receiving the second warning signal, the signing device generates an additional hash-based signature for the data to be signed.
[0089] Depending on the communication environment, the first and second warning signals are sent directly to the requesting device and the signing device, respectively. See [link / reference]. Figure 3 and 4 .
[0090] The monitoring device stores additional metadata about the signature request data structure and / or metadata about the hash-based digital signature. This metadata includes, for example, local and time information, and identifiers. The metadata is stored together with the one-time public key in data storage unit 42. This metadata can be used to implement further security checks on the monitoring device 40.
[0091] Monitoring devices 22, 32, and 40 can be part of a monitoring system or stand-alone monitoring devices. When they are part of a monitoring system, all features of the monitoring devices are also incorporated into the stand-alone monitoring devices, and vice versa.
[0092] Figure 6 The flowchart illustrates a method for monitoring hash-based digital signatures.
[0093] In the first method step S1, a signature request data structure including the data to be digitally signed is received from the requesting device. In the second step S2, the data to be signed is stored. After receiving a hash-based digital signature generated by the stateful hash-based cryptographic function of the signing device for the data to be signed, see step S3, where a one-time signature is extracted from the received hash-based digital signature, see step S4. A one-time public key is determined based on the stored data to be signed and the one-time signature, see step S5, and the one-time public key is compared with a previously determined one-time public key based on a hash-based digital signature previously received from the signing device, see step S6.
[0094] If the one-time public key is different from any of the previous one-time public keys, the one-time public key is stored in the data storage unit, see step S7. If the one-time public key is equal to at least one of the previous one-time public keys, a first warning signal is output to the requesting device in step 8.
[0095] The monitoring system and method using the monitoring device offer the following advantages: an attacker must tamper with both the signing device and the monitoring device to successfully subvert the hash-based signing process. Preventing one-time private key reuse is fundamental to ensuring the security of the signing system. The signing device and the monitoring device can be implemented by different companies and can be located in different regions. For the signing device, there is no need to implement expensive self-checking mechanisms for internal state management and one-time private key generation. Security is further guaranteed by the monitoring device. The monitoring device can be a more powerful computer than the signing device, which can additionally perform further security checks on the generated signatures, such as authenticity checks.
[0096] It should be understood that the above description of the examples is intended to be illustrative, and the illustrated components are readily adaptable to various modifications. For example, the illustrated concepts can be applied to different technical systems, and especially to different subtypes of corresponding technical systems with only minor adaptations.
Claims
1. A monitoring system for monitoring hash-based digital signatures, comprising a requesting device (23, 33), a monitoring device (22, 32, 40), and a signing device (21, 31), wherein the monitoring device (22, 32, 40) is configured to: - Receive a signature request data structure from the requesting device (23, 33), which includes the data to be digitally signed. - Store the data to be signed. - Receive a hash-based digital signature (HBsig) generated by a stateful hash-based cryptographic function of the signing device (21, 31) for the data to be signed. - Extract the one-time signature (OTsig) from the received hash-based digital signature (HBsig). -The one-time public key (OTpk) is determined based on the stored data to be signed and the one-time signature (OTsig). - Compare the one-time public key (OTpk) with the previous one-time public key determined based on the hash-based digital signature previously received from the signing devices (21, 31), and - If the one-time public key (OTpk) is different from any of the previous one-time public keys, then the one-time public key (OTpk) is stored in the data storage unit (25). If the one-time public key (OTpk) is equal to at least one of the previous one-time public keys, a first warning signal is output to the requesting device (23, 33).
2. The monitoring system according to claim 1, wherein if the one-time public key (OTpk) is equal to any of the previous public keys, the hash-based digital signature (HBsig) is blocked and not forwarded to the requesting device (23, 33).
3. The monitoring system according to any one of the preceding claims, wherein the monitoring device (22, 32, 40) is configured to send a second warning signal to the signing device (21, 31) if the one-time public key (OTpk) is equal to any of the previous public keys.
4. The monitoring system according to claim 3, wherein upon receiving a second warning signal, the signature device (21, 31) generates an additional hash-based signature (HBsig) for the data to be signed.
5. The monitoring system according to any one of the preceding claims, wherein the monitoring device (22, 32, 40) outputs a first warning signal to the requesting device (23, 33) only when all of the additional hash-based signatures (HBsig) received for the data to be signed in a predefined number of additional hash-based signatures are equal to any one of the previous one-time public keys.
6. The monitoring system according to any one of the preceding claims, wherein the data storage unit (25, 35) is protected with respect to data integrity.
7. The monitoring system according to any one of the preceding claims, wherein the monitoring device (22, 32, 40) stores additional metadata of the signature request data structure and / or metadata of the hash-based digital signature (HBsig).
8. The monitoring system according to any one of the preceding claims, wherein the monitoring device (22, 32, 40) forwards the signature request data structure to the signing device (21, 31), and / or the monitoring device (22, 32, 40) forwards the hash-based digital signature (HBsig) received from the signing device (21, 31) to the requesting device (23, 33).
9. The monitoring system according to any one of claims 1 to 7, wherein the signature request data structure is provided to the signing device (21, 31) without passing through the monitoring device (22, 32, 40), and the monitoring device (22, 32, 40) receives the data to be signed and the hash-based digital signature (HBsig) generated for the data to be signed from the transmission device (36).
10. The monitoring system according to claim 5, wherein the monitoring device (22, 32, 40) and the request device (23, 33) are included in a first communication network, and the signature device (21, 31) is included in a second communication network, wherein the first communication network is different from the second communication network.
11. The monitoring system according to any one of the preceding claims, wherein the signature device (21, 31) initializes an internal state of a set of one-time private keys (OTsk) with respect to a stateful hash-based cryptographic function, generates a hash-based public key (HBpk) based on the initial internal state, and provides the hash-based public key (HBpk) to verify the generated hash-based digital signature (HBsig).
12. The monitoring system according to any one of the preceding claims, wherein when a signature request data structure is received, the stateful hash-based cryptographic function of the signing device (21, 31) is enabled, and after the requested hash-based signature (HBsig) is generated and provided, the stateful hash-based cryptographic function of the signing device (21, 31) is disabled.
13. A monitoring device for monitoring hash-based digital signatures, comprising: Interface unit (41) is configured as follows: - Receive a signature request data structure from the requesting device (23, 33), which includes the data to be digitally signed. - Store the data to be signed. - Receive a hash-based digital signature (HBsig) generated by a stateful hash-based cryptographic function of the signing devices (21, 31) for the data to be signed, and The key evaluation unit (43) is configured to: - Extract the one-time signature (OTsig) from the received hash-based digital signature (HBsig). -The one-time public key (OTpk) is determined based on the stored data to be signed and the one-time signature (OTsig). - Compare the one-time public key (OTpk) with the previous one-time public key determined based on the hash-based digital signature previously received from the signing devices (21, 31), and - If the one-time public key (OTpk) is different from any of the previous one-time public keys, the one-time public key (OTpk) is stored in the data storage unit (25, 35), and if the one-time public key (OTpk) is equal to at least one of the previous one-time public keys, a first warning signal is output to the requesting device.
14. Methods for monitoring hash-based digital signatures, including: - Receive (S1) a signature request data structure from the requesting device, which includes the data to be digitally signed. - Store (S2) the data to be signed. - Receive (S3) a hash-based digital signature generated by a stateful hash-based cryptographic function of the signing device for the data to be signed. - Extract (S4) one-time signature from the received hash-based digital signature. - Determine the one-time public key (S5) based on the stored data to be signed and the one-time signature. - Compare the one-time public key with the previous one-time public key determined based on the hash-based digital signature previously received from the signing device (S6), and - If the one-time public key is different from any of the previous one-time public keys, then the one-time public key is stored (S7) in the data storage unit, and If the one-time public key is equal to at least one of the previous one-time public keys, then output (S8) a first warning signal to the requesting device.
15. A computer program product that can be directly loaded into the internal memory of a digital computer, comprising a software code portion that, when the product is run on the digital computer, performs the steps of claim 14.