PQFabric: A Permissioned Blockchain Secure from Both Classical and Quantum Attacks

by   Bhargav Das, et al.

Hyperledger Fabric is a prominent and flexible solution for building permissioned distributed ledger platforms. It supports modular consensus protocols, which allows for selecting distinct trust models and performance trade-offs. Access control and identity management intrinsically relies on credentials issued by a certificate authority (CA) of a Membership Service Provider (MSP), which in turn is under a root CA that can be instantiated as aFabric-CA or an external CA. The default MSP instantiation relies on the Blockchain Cryptographic Service Provider interface (BCCSP), which only handles standard PKI methods for authentication, accommodating basically RSA and ECDSA classical signatures. Also, MSP-issued credentials use only a single signature scheme, making the credential-related functions highly attached to single classical standard primitives. Unfortunately, it is well-known that RSA and ECDSA are vulnerable to quantum attacks and an ongoing post-quantum standardization process run by NIST aims to identify quantum-safe drop-in replacements for such cryptographic primitives in a few years. In this paper, we propose a redesign of the credential-management procedures and related specifications in order to incorporate hybrid digital signatures (i.e., protection against both classical and quantum attacks using two signature schemes) that include the quantum-safe signatures from the upcoming NIST standards. We also validate our proposal by providing an implementation of Fabric that integrates with the Open Quantum Safe library. Our implementation employs the crypto-agility concept, which allows for plugging in different algorithms in the MSP Credentials and performing comparative benchmarks with them. Moreover, our proposal is backwards compatible with the Fabric client implementations, and no SDK changes would be required for the client Node.JS code.



There are no comments yet.


page 6


SPHINCS^+ digital signature scheme with GOST hash functions

Many commonly used public key cryptosystems will become insecure once a ...

A survey on NIST PQ signatures

Shor's shockingly fast quantum algorithm for solving the period-finding ...

QSOR: Quantum-Safe Onion Routing

In this work, we propose a study on the use of post-quantum cryptographi...

Zur Integration von Post-Quantum Verfahren in bestehende Softwareprodukte

Currently, PQC algorithms are being standardized to address the emerging...

Quantum-resistance in blockchain networks

This paper describes the work carried out by the Inter-American Developm...

Efficient FPGA-based ECDSA Verification Engine for Permissioned Blockchains

As enterprises embrace blockchain technology, many real-world applicatio...

Design and Implementation of a Digital Signature Scheme Based on Low-density Generator Matrix Codes

In this paper we consider a post-quantum digital signature scheme based ...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.