Paper "API Usability of Stateful Signature Schemes" auf der IWSEC 2019 akzeptiert | Do. 13.06

Das Paper "API Usability of Stateful Signature Schemes" von Alexander Zeier, Alexander Wiesmaier und Andreas Heinemann wurde auf der IWSEC 2019 in Tokio, Japan akzepiert. すごい!


The rise of quantum computers poses a threat to asymmetric cryptographic schemes. With their continuing development, schemes such as DSA or ECDSA are likely to be broken in a few years' time. We therefore must begin to consider the use of different algorithms that would be able to withstand powerful quantum computers. Among the considered algorithms are hash-based signature schemes, some of which, including XMSS, are stateful. In comparison to stateless algorithms, these stateful schemes pose additional implementation challenges for developers, regarding error-free usage and integration into IT systems. As the correct use of cryptographic algorithms is the foundation of a secure IT system, mastering these challenges is essential.

This work proposes an easy-to-use API design for stateful signature schemes, using XMSS(MT) as an example. Our design is based on findings from literature as well as on a series of interviews with software developers. It has been prototypically implemented and evaluated in small-scale user-studies. 
Our results show that the API can manage the stateful keys in a way that is transparent to the user.
Furthermore, a preliminary online-study has shown that the API's documentation and applicability are comprehensible. 
However, due to the transparent state management, many of the study's participants were unaware of using a stateful scheme. This might lead to possible obstacles. Our current API design will serve as the basis for a larger user-study in order to review our preliminary findings in the next step.