Basic statements on the security model for asymmetric transformations of the ES type taking into account the requirements and threats of the post-quantum period
Keywords:asymmetric ES, classical and quantum cryptanalysis, model of threats in the synthesis of ES, model of threats in the use of ES, list of threats of ES, postquantum period
AbstractThe paper presents the results of substantiation and development of proposals for building a threat model for asymmetric cryptotransformations such as a promising electronic signature (ES), which can be used in the post-quantum period. The generalized models of threats concerning perspective ES are stated in detail and their estimation is given. Threat models for promising ES using classical and quantum cryptanalysis methods and tools, threat models for synthesis and application of ES in general, as well as threat models for synthesis and application of ES in the post-quantum period are proposed. Proposals are formulated for a list of threats for which protection should be provided. The list of possible security threats to existing and future ES is formed from the number of threats available in IT-Grundschutz Catalogs, taking into account hardware, software and hardware-software resources, data processing technologies and cryptographic protection mechanisms in the use of ES, including requirements and conditions of synthesis of promising ES and application of ES in the post-quantum period. The concepts of EUF-CMA and SUF-CMA security are considered. Algorithms of work of each of these schemes are given. The concept of a comprehensive security model is introduced and its components are presented. The model of the violator and its essence are considered. The main threats (attacks) are given using quantum mathematical methods that can be implemented on a quantum computer (of course, if it is built and available for use). Attacks (threats) against a promising ES are presented and considered. The analysis of signature schemes for compliance with the required security models is performed. The terms "forward secrecy" and "perfect forward secrecy" are introduced and used. An analysis of signature schemes that are EUF-CMA and SUF-CMA secure is performed. Signature schemes, that are key-dependent, with evolving keys, are considered in terms of compliance with the EUF-CMA or SUF-CMA security model. The stateless signature algorithm is also considered. Algorithms of operation of such signature schemes are given.
Lily Chen Report on Post-Quatum Cryptography. NISTIR 8105 (DRAFT) / Lili Chen, Stephen Jordan, Yi-Kai-Liu, Dustin Moody, Rene Peralta, Ray Perlner, Daniel Smith-Tone // Access mode: http://csrc.nist.gov/publications/drafts/nistir-8105/nistir_8105_draft.pdf.
Moody D. Post-Quntum Cryptography: NIST’s Plan for the Future. The Seventh International Conference on Post-Quntum Cryptography [Електронний ресурс] // Moody. 2016. Режим доступу: https://pqcrypto2016.jp/data/pqc2016_nist_announcement.pdf.
ETSI GR QSC 001 V.1.1.1 (2016-07). Quantum-Safe Cryptography (QSC); Quantum-safe algorithmic framework. Режим доступу: https://www.etsi.org/deliver/etsi_gr/QSC/001_099/001/01.01.01_60/gr_QSC001v010101p.pdf.
ETSI Quantum safe cryptography and security // White Paper №8, 2015. Режим доступу: https://www.etsi.org/images/files/ETSIWhitePapers/QuantumSafeWhitepaper.pdf.
NIST. Post-Quantum Cryptography Standardization. National Institute of Standards and Technology Internal, Report 8105 [Електронний ресурс] // NIST Режим доступу: https://csrc.nist.gov/Projects/Post-Quantum-Cryptography/Post-Quantum-Cryptography-Standardization.
Gorbenko I., Ponomar V. Examining a possibility to use and the benefits of post-quantum algorithms dependent on the conditions of their application // Eastern-European Journal of Enterprise Technologies. 2017. Vol. 2 NO 9 (86). P.21–32. Available at: http://journals.uran.ua/
EUF-CMA and SUF-CMA. [Електронний ресурс]. Режим доступу: https://blog.cryptographyengineering.com/euf-cma-and-suf-cma/.
Горбенко І. Д., Кузнєцов О. О., Олійников Р. В., Горбенко Ю. І., Ганзя Р. С., Пономар В. А. Аналіз проблем криптографічного захисту інформації у постквантовий період та можливі шляхи їх вирішення // V Міжнар. Наук.-техн. конф. “Захист інформації і безпека інформаційних систем” : Праці Наук.-техн. конф., 02–03 червня 2016 р. Львів : Нац. ун-т “Львівська політехніка”, 2016. С. 110-111.
Горбенко Ю.І. Методи побудування та аналізу, стандартизація та застосування криптографічних систем ; за заг. ред.. І.Д. Горбенка. Харків : Форт, 2015. 959 с.
IT-Grundschutz Catalogues. [Електронний ресурс]. Режим доступу: https://www.bsi.bund.de/EN/Topics/ITGrundschutz/ITGrundschutzCatalogues/itgrundschutzcatalogues_node.html.
How to Cite
Authors who publish with this journal agree to the following terms:
1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).