Surnaming schemes, fast verification, and applications to SGX technology

Dan Boneh; Shay Gueron

doi:10.1007/978-3-319-52153-4_9

Surnaming schemes, fast verification, and applications to SGX technology

Dan Boneh, Shay Gueron

Department of Mathematics

Research output: Chapter in Book/Report/Conference proceeding › Chapter › peer-review

Abstract

We introduce a new cryptographic primitive that we call surnaming, which is closely related to digital signatures, but has different syntax and security requirements. While surnaming can be constructed from a digital signature, we show that a direct construction can be somewhat simpler. We explain how surnaming plays a central role in Intel’s new Software Guard Extensions (SGX) technology, and present its specific surnaming implementation as a special case. These results explain why SGX does not require a PKI or pinned keys for authorizing enclaves. SGX motivates an interesting question in digital signature design: for reasons explained in the paper, it requires a digital signature scheme where verification must be as fast as possible, the public key must be short, but signature size is less important. We review the RSA-based method currently used in SGX and evaluate its performance. Finally, we propose a new hash-based signature scheme where verification time is much faster than the RSA scheme used in SGX. Our scheme can be scaled to provide post-quantum security, thus offering a viable alternative to the current SGX surnaming system, for a time when post-quantum security becomes necessary.

Original language	English
Title of host publication	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Publisher	Springer Verlag
Pages	149-164
Number of pages	16
DOIs	https://doi.org/10.1007/978-3-319-52153-4_9
State	Published - 1 Jan 2017

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	10159
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Bibliographical note

Funding Information:
The first author is supported by NSF, DARPA, the Simons foundation, and a grant from ONR. Opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of DARPA. The second author is supported by the PQCRYPTO project, which is partially funded by the European Commission Horizon 2020 research Programme, grant #645622, by the Blavatnik Interdisciplinary Cyber Research Center (ICRC) at the Tel Aviv University, and by the ISRAEL SCIENCE FOUNDATION (grant No. 1018/16).

Publisher Copyright:
© Springer International Publishing AG 2017.

Keywords

Digital signatures
Fast verification
Post-quantum secure signatures
Software guard extensions (SGX) technology

ASJC Scopus subject areas

Theoretical Computer Science
Computer Science (all)

Access to Document

10.1007/978-3-319-52153-4_9

Cite this

Boneh, D., & Gueron, S. (2017). Surnaming schemes, fast verification, and applications to SGX technology. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (pp. 149-164). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10159). Springer Verlag. https://doi.org/10.1007/978-3-319-52153-4_9

Boneh, Dan ; Gueron, Shay. / Surnaming schemes, fast verification, and applications to SGX technology. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Springer Verlag, 2017. pp. 149-164 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inbook{553b13f466d54feba93034193c496972,

title = "Surnaming schemes, fast verification, and applications to SGX technology",

abstract = "We introduce a new cryptographic primitive that we call surnaming, which is closely related to digital signatures, but has different syntax and security requirements. While surnaming can be constructed from a digital signature, we show that a direct construction can be somewhat simpler. We explain how surnaming plays a central role in Intel{\textquoteright}s new Software Guard Extensions (SGX) technology, and present its specific surnaming implementation as a special case. These results explain why SGX does not require a PKI or pinned keys for authorizing enclaves. SGX motivates an interesting question in digital signature design: for reasons explained in the paper, it requires a digital signature scheme where verification must be as fast as possible, the public key must be short, but signature size is less important. We review the RSA-based method currently used in SGX and evaluate its performance. Finally, we propose a new hash-based signature scheme where verification time is much faster than the RSA scheme used in SGX. Our scheme can be scaled to provide post-quantum security, thus offering a viable alternative to the current SGX surnaming system, for a time when post-quantum security becomes necessary.",

keywords = "Digital signatures, Fast verification, Post-quantum secure signatures, Software guard extensions (SGX) technology",

author = "Dan Boneh and Shay Gueron",

note = "Funding Information: The first author is supported by NSF, DARPA, the Simons foundation, and a grant from ONR. Opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of DARPA. The second author is supported by the PQCRYPTO project, which is partially funded by the European Commission Horizon 2020 research Programme, grant #645622, by the Blavatnik Interdisciplinary Cyber Research Center (ICRC) at the Tel Aviv University, and by the ISRAEL SCIENCE FOUNDATION (grant No. 1018/16). Publisher Copyright: {\textcopyright} Springer International Publishing AG 2017.",

year = "2017",

month = jan,

day = "1",

doi = "10.1007/978-3-319-52153-4_9",

language = "English",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "149--164",

booktitle = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

address = "Germany",

}

Boneh, D & Gueron, S 2017, Surnaming schemes, fast verification, and applications to SGX technology. in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 10159, Springer Verlag, pp. 149-164. https://doi.org/10.1007/978-3-319-52153-4_9

Surnaming schemes, fast verification, and applications to SGX technology. / Boneh, Dan; Gueron, Shay.
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Springer Verlag, 2017. p. 149-164 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10159).

Research output: Chapter in Book/Report/Conference proceeding › Chapter › peer-review

TY - CHAP

T1 - Surnaming schemes, fast verification, and applications to SGX technology

AU - Boneh, Dan

AU - Gueron, Shay

N1 - Funding Information: The first author is supported by NSF, DARPA, the Simons foundation, and a grant from ONR. Opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of DARPA. The second author is supported by the PQCRYPTO project, which is partially funded by the European Commission Horizon 2020 research Programme, grant #645622, by the Blavatnik Interdisciplinary Cyber Research Center (ICRC) at the Tel Aviv University, and by the ISRAEL SCIENCE FOUNDATION (grant No. 1018/16). Publisher Copyright: © Springer International Publishing AG 2017.

PY - 2017/1/1

Y1 - 2017/1/1

N2 - We introduce a new cryptographic primitive that we call surnaming, which is closely related to digital signatures, but has different syntax and security requirements. While surnaming can be constructed from a digital signature, we show that a direct construction can be somewhat simpler. We explain how surnaming plays a central role in Intel’s new Software Guard Extensions (SGX) technology, and present its specific surnaming implementation as a special case. These results explain why SGX does not require a PKI or pinned keys for authorizing enclaves. SGX motivates an interesting question in digital signature design: for reasons explained in the paper, it requires a digital signature scheme where verification must be as fast as possible, the public key must be short, but signature size is less important. We review the RSA-based method currently used in SGX and evaluate its performance. Finally, we propose a new hash-based signature scheme where verification time is much faster than the RSA scheme used in SGX. Our scheme can be scaled to provide post-quantum security, thus offering a viable alternative to the current SGX surnaming system, for a time when post-quantum security becomes necessary.

AB - We introduce a new cryptographic primitive that we call surnaming, which is closely related to digital signatures, but has different syntax and security requirements. While surnaming can be constructed from a digital signature, we show that a direct construction can be somewhat simpler. We explain how surnaming plays a central role in Intel’s new Software Guard Extensions (SGX) technology, and present its specific surnaming implementation as a special case. These results explain why SGX does not require a PKI or pinned keys for authorizing enclaves. SGX motivates an interesting question in digital signature design: for reasons explained in the paper, it requires a digital signature scheme where verification must be as fast as possible, the public key must be short, but signature size is less important. We review the RSA-based method currently used in SGX and evaluate its performance. Finally, we propose a new hash-based signature scheme where verification time is much faster than the RSA scheme used in SGX. Our scheme can be scaled to provide post-quantum security, thus offering a viable alternative to the current SGX surnaming system, for a time when post-quantum security becomes necessary.

KW - Digital signatures

KW - Fast verification

KW - Post-quantum secure signatures

KW - Software guard extensions (SGX) technology

UR - http://www.scopus.com/inward/record.url?scp=85009465959&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-52153-4_9

DO - 10.1007/978-3-319-52153-4_9

M3 - Chapter

AN - SCOPUS:85009465959

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 149

EP - 164

BT - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

PB - Springer Verlag

ER -

Boneh D, Gueron S. Surnaming schemes, fast verification, and applications to SGX technology. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Springer Verlag. 2017. p. 149-164. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-319-52153-4_9

Surnaming schemes, fast verification, and applications to SGX technology

Abstract

Publication series

Bibliographical note

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this