Title: Keyless signature infrastructure and PKI: hash-tree signatures in pre- and post-quantum world
Authors: Ahto Buldas; Risto Laanoja; Ahto Truu
Addresses: Tallinn University of Technology, Ehitajate tee 5, 12616 Tallinn, Estonia; Cybernetica AS, Mäealuse 2/1, 12618 Tallinn, Estonia ' Guardtime AS, A.H. Tammsaare tee 60, 11316 Tallinn, Estonia; Tallinn University of Technology, Ehitajate tee 5, 12616 Tallinn, Estonia ' Guardtime AS, A.H. Tammsaare tee 60, 11316 Tallinn, Estonia; Tallinn University of Technology, Ehitajate tee 5, 12616 Tallinn, Estonia
Abstract: Multi-tenancy in the cloud environment brings new challenges to data security including but not limited to trust, data and system integrity and the overhead of cryptographic key management. These challenges can be efficiently addressed using novel data signing schemes. We compare personal digital signature solutions provided by public key infrastructure (PKI) and keyless signature infrastructure (KSI) and describe how these technologies can support each other. We discuss some ways of integrating a personal KSI service with external identity providers. As KSI can 'indemnify' PKI against the cryptographic threat of practical quantum computers, we delve into the post-quantum security of cryptographic hash functions and hash-and-publish signature schemes.
Keywords: public key infrastructure; PKI; keyless signature infrastructure; KSI; cryptographic hash functions; personal digital signatures; digital time-stamping; post-quantum security; hash tree signatures; cloud computing; data security; cryptographic key management; cryptography; quantum computing.
International Journal of Services Technology and Management, 2017 Vol.23 No.1/2, pp.117 - 130
Available online: 24 Jan 2017 *Full-text access for editors Access for subscribers Purchase this article Comment on this article