Title: Keyless signature infrastructure and PKI: hash-tree signatures in pre- and post-quantum world

Authors: Ahto Buldas; Risto Laanoja; Ahto Truu

Addresses: Tallinn University of Technology, Ehitajate tee 5, 12616 Tallinn, Estonia; Cybernetica AS, Mäealuse 2/1, 12618 Tallinn, Estonia ' Guardtime AS, A.H. Tammsaare tee 60, 11316 Tallinn, Estonia; Tallinn University of Technology, Ehitajate tee 5, 12616 Tallinn, Estonia ' Guardtime AS, A.H. Tammsaare tee 60, 11316 Tallinn, Estonia; Tallinn University of Technology, Ehitajate tee 5, 12616 Tallinn, Estonia

Abstract: Multi-tenancy in the cloud environment brings new challenges to data security including but not limited to trust, data and system integrity and the overhead of cryptographic key management. These challenges can be efficiently addressed using novel data signing schemes. We compare personal digital signature solutions provided by public key infrastructure (PKI) and keyless signature infrastructure (KSI) and describe how these technologies can support each other. We discuss some ways of integrating a personal KSI service with external identity providers. As KSI can 'indemnify' PKI against the cryptographic threat of practical quantum computers, we delve into the post-quantum security of cryptographic hash functions and hash-and-publish signature schemes.

Keywords: public key infrastructure; PKI; keyless signature infrastructure; KSI; cryptographic hash functions; personal digital signatures; digital time-stamping; post-quantum security; hash tree signatures; cloud computing; data security; cryptographic key management; cryptography; quantum computing.

DOI: 10.1504/IJSTM.2017.081881

International Journal of Services Technology and Management, 2017 Vol.23 No.1/2, pp.117 - 130

Accepted: 31 Mar 2016
Published online: 30 Jan 2017 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article