By Teik Guan Tan, Pawel Szalachowski, Jianying Zhou
Public key cryptography is threatened by the advent of quantum computers. Using Shor’s algorithm on a large-enough quantum computer, an attacker can cryptanalyze any RSA/ECC public key and generate fake digital signatures in seconds. If this vulnerability is left unaddressed, digital communications and electronic transactions can potentially be without the assurance of authenticity and non-repudiation.
In this paper, we study the use of digital signatures in 14 real-world applications across the financial, critical infrastructure, Internet, and enterprise sectors. Besides understanding the digital signing usage, we compare the applications’ signing requirements against all six NIST’s Post-Quantum Cryptography Standardization round 3 candidate algorithms. This is done through a proposed framework where we map out the suitability of each algorithm against the applications’ requirements in a feasibility matrix. Using the matrix, we identify improvements needed for all 14 applications to have a feasible post-quantum secure replacement digital signing algorithm.
The full article is published in the International Journal of Information Security (IJIS) https://link.springer.com/article/10.1007/s10207-022-00587-6
You can also read it at https://rdcu.be/cVplb