Abstract
Public key cryptosystems play a crucial role in the security of widely used communication protocols and in the protection of data. However, the foreseen emergence of quantum computers will break the security of most of the asymmetric cryptographic techniques used today, including those used to verify the authenticity of electronic travel documents. The security of international borders would thus be jeopardised in a quantum scenario. To overcome the threat to current asymmetric cryptography, post-quantum cryptography aims to provide practical mechanisms which are resilient to attacks using quantum computers. In this paper, we investigate the practicality of employing post-quantum digital signatures to ensure the authenticity of an electronic travel document. We created a special-purpose public key infrastructure based on these techniques, and give performance results for both creation and verification of certificates. This is the first important step towards specifying the next generation of electronic travel documents, as well as providing a valuable test use case for post-quantum techniques.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
More precisely, 7 schemes are finalists and the other 8 are kept as alternatives.
- 2.
The results of Round 3 of the process were published on July 22, 2020, https://csrc.nist.gov/projects/post-quantum-cryptography/round-3-submissions.
- 3.
The document data page is the page containing personal information of the document owner, such as photograph, name, date of birth, etc.
- 4.
For example the German Master List: https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/ElekAusweise/CSCA/GermanMasterList.html.
- 5.
- 6.
Since January 2018, states have been permitted to implement PACE but not BAC, given the known security issues with BAC; previously both protocols had to be implemented for interoperability reasons.
- 7.
The experiments were run before the publication of RoundĀ 3, which was announced on July 22, 2020.
- 8.
Some of the chosen algorithms did not advance to Round 3 of the NIST competition. The results are published on the following website: https://csrc.nist.gov/projects/post-quantum-cryptography/round-3-submissions.
- 9.
- 10.
An example of such an ad hoc extension is given at: http://openssl.6102.n7.nabble.com/Private-Key-Usage-Period-td28401.html.
- 11.
See resolution in https://github.com/open-quantum-safe/openssl/issues/68.
- 12.
In particular, the CSCA certificate from Luxembourg is signed using RSASSA-PSS. See https://repository.incert.lu/ for more details.
- 13.
- 14.
See for example these contactless cryptocontrollers: https://www.infineon.com/cms/en/product/security-smart-card-solutions/security-controllers/sle-78/.
- 15.
These results are in line with the NIST Round 3 statement: https://nvlpubs.nist.gov/nistpubs/ir/2020/NIST.IR.8309.pdf.
- 16.
- 17.
Please see https://www.bouncycastle.org/releasenotes.html.
References
Ajtai, M.: Generating hard instances of lattice problems (extended abstract). In: STOC, pp. 99ā108. ACM (1996)
Albrecht, M.R., Deo, A.: Large modulus ring-LWE \(\ge \) module-LWE. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017, Part I. LNCS, vol. 10624, pp. 267ā296. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70694-8_10
Alkim, E., Barreto, P.S.L.M., Bindel, N., Longa, P., Ricardini, J.E.: The lattice-based digital signature scheme qtesla. Cryptology ePrint Archive, Report 2019/085 (2019)
Avoine, G., Beaujeant, A., Hernandez-Castro, J., Demay, L., Teuwen, P.: A survey of security and privacy issues in ePassport protocols. ACM Comput. Surv. 48(3), 471ā4737 (2016)
Barak, B.: The complexity of public-key cryptography. Tutorials on the Foundations of Cryptography. ISC, pp. 45ā77. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-57048-8_2
Bernstein, D.J., HĆ¼lsing, A., Kƶlbl, S., Niederhagen, R., Rijneveld, J., Schwabe, P.: The sphincs\({}^{\text{+}}\) signature framework. In: ACM Conference on Computer and Communications Security, pp. 2129ā2146. ACM (2019)
Bernstein, D.J., Lange, T.: Post-quantum cryptography ā dealing with the fallout of physics success. Cryptology ePrint Archive, Report 2017/314 (2017)
Blundo, C., Persiano, G., Sadeghi1, A.R., Visconti, I.: Resettable and non-transferable chip authentication for e-passports. In: Workshop on RFID Security (RFIDSec 2008) (2008)
BSI: Elliptic curve cryptography. Technical guideline, Federal Office for Information Security, Bonn, Germany (2018)
Chaabouni, R., Vaudenay, S.: The extended access control for machine readable travel documents. In: BIOSIG. LNI, vol. P-155, pp. 93ā103. GI (2009)
Chase, M., et al.: Post-quantum zero-knowledge and signatures from symmetric-key primitives. In: ACM Conference on Computer and Communications Security. pp. 1825ā1842. ACM (2017)
Chen, L., et al.: Report on post-quantum cryptography. Report, US Department of Commerce, National Institute of Standards and Technology (2016)
Chen, M., HĆ¼lsing, A., Rijneveld, J., Samardjiska, S., Schwabe, P.: From 5-pass MQ -based identification to MQ -based signatures. In: ASIACRYPT (2). LNCS, vol. 10032, pp. 135ā165 (2016)
Davida, G.I., Desmedt, Y.G.: Passports and visas versus IDs. In: Barstow, D., et al. (eds.) EUROCRYPT 1988. LNCS, vol. 330, pp. 183ā188. Springer, Heidelberg (1988). https://doi.org/10.1007/3-540-45961-8_16
Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Trans. Inf. Theory 22(6), 644ā654 (1976)
Ding, J., Schmidt, D.: Rainbow, a new multivariable polynomial signature scheme. In: Ioannidis, J., Keromytis, A., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 164ā175. Springer, Heidelberg (2005). https://doi.org/10.1007/11496137_12
Ducas, L., et al.: Crystals-dilithium: a lattice-based digital signature scheme. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2018(1), 238ā268 (2018)
Fouque, P.A., et al.: Falcon: Fast-fourier lattice-based compact signatures over NTRU (2017)
Gentry, C., Peikert, C., Vaikuntanathan, V.: Trapdoors for hard lattices and new cryptographic constructions. In: STOC, pp. 197ā206. ACM (2008)
Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof-systems (extended abstract). In: STOC, pp. 291ā304. ACM (1985)
Hoepman, J.-H., Hubbers, E., Jacobs, B., Oostdijk, M., Schreur, R.W.: Crossing borders: security and privacy issues of the european e-passport. In: Yoshiura, H., Sakurai, K., Rannenberg, K., Murayama, Y., Kawamura, S. (eds.) IWSEC 2006. LNCS, vol. 4266, pp. 152ā167. Springer, Heidelberg (2006). https://doi.org/10.1007/11908739_11
Hoffstein, J., Pipher, J., Silverman, J.H.: NTRU: a ring-based public key cryptosystem. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 267ā288. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0054868
International Civil Aviation Organization (ICAO): Doc 9303 ā Machine Readable Travel Documents ā Part 1: Introduction. Technical report, 7th Edn. ICAO, MontrĆ©al, CA (2015)
International Civil Aviation Organization (ICAO): Doc 9303 ā Machine Readable Travel Documents ā Part 10: Logical Data Structure (LDS) for Storage of Biometrics and Other Data in the Contactless Integrated Circuit (IC). Technical report, 7th Edn. ICAO, MontrĆ©al, CA (2015)
International Civil Aviation Organization (ICAO): Doc 9303 ā Machine Readable Travel Documents ā Part 11: Security Mechanisms for MRTDs. Technical report, 7th Edn. ICAO, MontrĆ©al, CA (2015)
International Civil Aviation Organization (ICAO): Doc 9303 ā Machine Readable Travel Documents ā Part 12: Public Key Infrastructure for MRTDs. Technical report, 7th Edn. ICAO, MontrĆ©al, CA (2015)
International Civil Aviation Organization (ICAO): Supplemental Access Control for Machine Readable Travel Documents. Technical report, Version 1.01. ICAO, MontrƩal, CA (2015)
ISO Central Secretary: Information technology ā Security techniques ā Encryption algorithms ā Part 3: Block ciphers. Standard ISO/IEC 18033ā3:2010, International Organization for Standardization, Geneva, CH (2010)
ISO Central Secretary: Information technology ā Security techniques ā Message Authentication Codes (MACs) ā Part 1: Mechanisms using a block cipher. Standard ISO/IEC 9797ā1:2011, International Organization for Standardization, Geneva, CH (2011)
ISO Central Secretary: IT Security techniques ā Key management ā Part 2: Mechanisms using symmetric techniques. Standard ISO/IEC 11770ā2:2018, International Organization for Standardization, Geneva, CH (2018)
Juels, A., Molnar, D., Wagner, D.A.: Security and privacy issues in e-passports. In: First International Conference on Security and Privacy for Emerging Areas in Communications Networks, SecureComm 2005, Athens, Greece, 5ā9 September 2005, pp. 74ā88. IEEE (2005)
Kampanakis, P., Panburana, P., Daw, E., Geest, D.V.: The viability of post-quantum x.509 certificates. Cryptology ePrint Archive, Report 2018/063 (2018)
Kerry, C.F., Secretary, A., Director, C.R.: FIPS PUB 186ā4 Digital Signature Standard (DSS) (2013)
Kƶlbl, S., Lauridsen, M.M., Mendel, F., Rechberger, C.: Haraka v2 - efficient short-input hashing for post-quantum applications. IACR Trans. Symmetric Cryptol. 2016(2), 1ā29 (2016)
Lyubashevsky, V., Peikert, C., Regev, O.: On ideal lattices and learning with errors over rings. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 1ā23. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13190-5_1
Merkle, J., Lochter, M.: Elliptic Curve Cryptography (ECC) Brainpool Standard Curves and Curve Generation. RFC 5639, March 2010
Moriarty, K.M., Kaliski, B., Jonsson, J., Rusch, A.: PKCS#1: RSA Cryptography Specifications Version 2.2. RFC 8017, November 2016
National Institute of Standards and Technology: Submission requirements and evaluation criteria for the post-quantum cryptography standardization process. Report, US Department of Commerce, December 2016
Pasupathinathan, V., Pieprzyk, J., Wang, H.: Security analysis of Australian and E.U. e-passport implementation. J. Res. Pract. Inf. Technol. 40(3), 187ā206 (2008)
Proos, J., Zalka, C.: Shorās discrete logarithm quantum algorithm for elliptic curves. Quantum Inf. Comput. 3(4), 317ā344 (2003)
Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: STOC, pp. 84ā93. ACM (2005)
Rivest, R.L., Shamir, A., Adleman, L.M.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120ā126 (1978)
Shor, P.W.: Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM J. Comput. 26(5), 1484ā1509 (1997)
Stebila, D., Mosca, M.: Post-quantum key exchange for the internet and the open quantum safe project. In: Avanzi, R., Heys, H. (eds.) SAC 2016. LNCS, vol. 10532, pp. 14ā37. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-69453-5_2
United States Department of Homeland Security: United states customs and border protection: Visage waiver passport requirements, October 2006
U.S. DoC/NIST: Sha-3 standard: Permutation-based hash and extendable-output functions. Standard, National Institute for Standards and Technology (2015)
Acknowledgements
Supported by the Luxembourg National Research Fund (FNR) (12602667).
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
Ā© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Pradel, G., Mitchell, C.J. (2020). Post-quantum Certificates for Electronic Travel Documents. In: Boureanu, I., et al. Computer Security. ESORICS 2020. Lecture Notes in Computer Science(), vol 12580. Springer, Cham. https://doi.org/10.1007/978-3-030-66504-3_4
Download citation
DOI: https://doi.org/10.1007/978-3-030-66504-3_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-66503-6
Online ISBN: 978-3-030-66504-3
eBook Packages: Computer ScienceComputer Science (R0)