SASL XMSS
Make SASL work with XMSS protocol
Simple Authentication and Security Layer (SASL) is an authentication and data security framework. The framework defines a structured interface to which SASL mechanisms must comply. These mechanisms can then be used by application protocols in a uniform manner. XMSS provides cryptographic digital signatures without relying on the conjectured hardness of mathematical problems. Instead, it is proven that it only relies on the properties of cryptographic hash functions. XMSS provides strong security guarantees and is even secure when the collision resistance of the underlying hash function is broken. It is suitable for compact implementations, is relatively simple to implement, and naturally resists side-channel attacks. Unlike most other signature systems, hash-based signatures can so far withstand known attacks using quantum computers. The SASL XMSS project's goal is to implement the XMSS system as a SASL mechanism in one of the publicly available open source SASL libraries.
Why does this actually matter to end users?
Digital signatures are very convenient, for consumers, governments and businesses alike. Most documents that need to be signed these days are 'digitally born': they first exist inside a computer. Signing in the conventional way (on a piece of paper) is both very time-consuming and eco-unfriendly. Each document has to be sent to a printer, someone needs to collect the printout and get it back to their desk, find a pen that works (sigh) and sign it. And in many cases the document at hand will need to be rescanned shortly after, in order to be sent by mail.
Digital signatures are also more secure. Signatures are basically just a few lines of ink from a pen. When you look close, no two signatures from the same person are the same. The natural variance means the origin and history (and thus the authenticity) of those "ink proofs" can be really hard to technically verify properly. With a little practise, a fake signature is easy to create - in fact, in most cases any signature will do. What can people use to verify? While the actual proof is not so good, in a lot of practical cases we have other reasons why we trust a document. For instance because we got it in person, or know the document has been securely locked away by a trusted party. The common practise to scan a "real" signature and cut and past it as an image inside a document, operates on that same premise: we get the document from a trusted source, and so we can trust it - making the addition of the signature more of a ritual.
However, on the internet we do not have such guarantees. As countless phishing mails from banks and credit card companies will show, cloning some existing legitimate document is trivial. On the internet trust and trustworthiness is low, while speed of acting is high. That is why we need digital signatures as a basis to delegate trust: to sign software, documents, etc.. A digital signature is often used at points where you hand over some control to other, so it is really important to get this right.
Digital signatures use advanced math to guarantee authenticity. We are considering trusting something, but we need to make sure the person or organisation that has supposedly signed something, in fact did so. Conventional computers as we use today in our offices and homes would need many thousands of years to break most digital signatures. This is more than orders of magnitude of a human lifetime, as well as the lifetime of most of human dealings. So digital signatures have been recognised as a practical and convenient way to work, with much better security than their ink predecessors. It is no wonder that digital signatures continue to increase in adoption everywhere.
One urgent problem with todays digital signatures however, is that a new type of computer technology is threatening some of the assumptions we made above. These new devices (so called "quantum computers") are assumed to be capable of performing some common types of calculations in parallel at such a speed, that it would be possible to fake current types of digital signatures much faster. So much faster in fact, that people rightfully worry about important things they sign today. It would not be the first time that the pace of development of computers takes people by surprise.
The answer is of course to recognise the threat and innovate, by making the digital signatures smarter. Not all calculations can be sped up by the new quantum computers as well, as least that is the common assumption with computer scientists. So the strategy devised is often called shifting to "quantum-proof" of "post-quantum" solutions, though the latter name is a bit weird given that the quantum computers will continue to exist in parallel with normal computers.
The project SASL XMSS will take an innovative new digital signature type from top European scholars that is "quantum-proof". The math in XMSS works in such a different way, that the quantum computers are not supposed to be able to crack them. And the size of the digital signature is reduced to less than 25% compared to the best alternative we have today. The project connects this new digital signature to an existing standard called SASL, which is the most prevalent internet framework for authentication and security. And it aims to implement this solution in a popular open source libary. That means when people install the latest version of that library, along with the update they will automatically get the exciting new capabilities that this project brings. That double pronged strategy will make the new digital signature type become available to many applications at once. This should help tremendously with adoption. The expected end result is a great degree of trustworthiness, meaning that users can continue to trust others on the internet with confidence - and without additional hassle.
Run by ARPA2
This project was funded through the NGI0 PET Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 825310.