Abstract
The rise of quantum computers poses a threat to asymmetric cryptographic schemes. With their continuing development, schemes such as DSA or ECDSA are likely to be broken in a few years’ time. We therefore must begin to consider the use of different algorithms that would be able to withstand powerful quantum computers. Among the considered algorithms are hash-based signature schemes, some of which, including XMSS, are stateful. In comparison to stateless algorithms, these stateful schemes pose additional implementation challenges for developers, regarding error-free usage and integration into IT systems. As the correct use of cryptographic algorithms is the foundation of a secure IT system, mastering these challenges is essential.
This work proposes an easy-to-use API design for stateful signature schemes, using XMSS(MT) as an example. Our design is based on findings from literature as well as on a series of interviews with software developers. It has been prototypically implemented and evaluated in small-scale user-studies. Our results show that the API can manage the stateful keys in a way that is transparent to the user. Furthermore, a preliminary online-study has shown that the API’s documentation and applicability are comprehensible. However, due to the transparent state management, many of the study’s participants were unaware of using a stateful scheme. This might lead to possible obstacles. Our current API design will serve as the basis for a larger user-study in order to review our preliminary findings in the next step.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
https://csrc.nist.gov/Projects/Post-Quantum-Cryptography (2019-02-12).
- 2.
https://eugdpr.org (2019-06-07).
- 3.
https://cve.mitre.org (2019-03-09).
- 4.
- 5.
https://github.com/joostrijneveld/xmss-reference (2019-03-09).
- 6.
https://www.bouncycastle.org (2019-03-09).
- 7.
- 8.
https://stackoverflow.com (2019-03-09).
- 9.
https://github.com/google/tink (2019-03-09).
- 10.
https://github.com/google/keyczar (2019-03-17).
- 11.
These were sent invitations by e-mail that had previously been extracted from git commits.
- 12.
https://docs.microsoft.com/en-us/windows/desktop/seccng (2019-02-27).
- 13.
- 14.
- 15.
Source code available at https://github.com/azeier-ucs/EasySigner-API.
- 16.
It was the most popular programming language in the StackOverflow developer survey 2018: https://insights.stackoverflow.com/survey/2018/ (2019-03-07).
- 17.
They are referred to as predefined values within the API’s documentation, since the term profiles proved to be confusing in the first iteration of our usability tests.
- 18.
- 19.
Developer Observatory, including setup guide, is available for download at https://github.com/developer-observatory/developer-observatory (2019-03-09).
- 20.
http://jupyter.org (2019-03-09).
- 21.
https://github.com/scijava/scijava-jupyter-kernel (2019-03-09).
References
Acar, Y., et al.: Comparing the usability of cryptographic APIs. In: 2017 IEEE Symposium on Security and Privacy (SP), pp. 154–171 (2017). https://doi.org/10.1109/SP.2017.52
Acar, Y., Backes, M., Fahl, S., Kim, D., Mazurek, M.L., Stransky, C.: You get where you’re looking for: the impact of information sources on code security. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 289–305 (2016). https://doi.org/10.1109/SP.2016.25
Acar, Y., Stransky, C., Wermke, D., Weir, C., Mazurek, M.L., Fahl, S.: Developers need support, too: a survey of security advice for software developers. In: 2017 IEEE Cybersecurity Development (SecDev), pp. 22–26 (2017). https://doi.org/10.1109/SecDev.2017.17
Bernstein, D., et al.: SPHINCS: practical stateless hash-based signatures. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 368–397. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46800-5_15
Bloch, J.: Slides on how to design a good API and why it matters. In: Companion to the 21st ACM SIGPLAN Symposium on Object-Oriented Programming Systems, Languages, and Applications. ACM (2006)
Brooke, J.: SUS - a quick and dirty usability scale. Usability Eval. Ind. 189(194), 4–7 (1996)
Brooke, J.: SUS: retrospective. J. Usability Stud. 8(2), 29–40 (2013)
Buchmann, J., Dahmen, E., Hülsing, A.: XMSS - a practical forward secure signature scheme based on minimal security assumptions. In: Yang, B.-Y. (ed.) PQCrypto 2011. LNCS, vol. 7071, pp. 117–129. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25405-5_8
Butin, D., Wälde, J., Buchmann, J.: Post-quantum authentication in OpenSSL with hash-based signatures. In: 2017 Tenth International Conference on Mobile Computing and Ubiquitous Network (ICMU), pp. 1–6. IEEE (2017). https://doi.org/10.23919/ICMU.2017.8330093
Chen, L., et al.: Report on Post-Quantum Cryptography. US Department of Commerce, National Institute of Standards and Technology (2016). https://doi.org/10.6028/NIST.IR.8105
Fahl, S., Harbach, M., Muders, T., Baumgärtner, L., Freisleben, B., Smith, M.: Why Eve and Mallory Love Android: an analysis of Android SSL (in) security. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 50–61. ACM (2012). https://doi.org/10.1145/2382196.2382205
Gorski, P.L., et al.: Developers deserve security warnings, too: on the effect of integrated security advice on cryptographic API misuse. In: Fourteenth Symposium on Usable Privacy and Security, SOUPS 2018, pp. 265–281. USENIX Association (2018)
Green, M., Smith, M.: Developers are not the enemy!: the need for usable security APIs. IEEE Secur. Priv. 14(5), 40–46 (2016). https://doi.org/10.1109/MSP.2016.111
Housley, R.: Guidelines for Cryptographic Algorithm Agility and Selecting Mandatory-to-Implement Algorithms. BCP 201, RFC Editor (2015)
Hülsing, A., Butin, D., Gazdag, S., Rijneveld, J., Mohaisen, A.: XMSS: eXtended Merkle Signature Scheme. RFC 8391, RFC Editor, May 2018
Hülsing, A., Rausch, L., Buchmann, J.: Optimal parameters for XMSSMT. In: Cuzzocrea, A., Kittl, C., Simos, D.E., Weippl, E., Xu, L. (eds.) CD-ARES 2013. LNCS, vol. 8128, pp. 194–208. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40588-4_14
Johnson, A.F., Millett, L.I. (eds.): Cryptographic Agility and Interoperability: Proceedings of a Workshop. The National Academies Press, Washington, DC (2017). https://doi.org/10.17226/24636
Krüger, S., et al.: CogniCrypt: supporting developers in using cryptography. In: Proceedings of the 32nd IEEE/ACM International Conference on Automated Software Engineering, pp. 931–936. IEEE Press (2017). https://doi.org/10.1109/ASE.2017.8115707
Lazar, D., Chen, H., Wang, X., Zeldovich, N.: Why does cryptographic software fail? A case study and open problems. In: Proceedings of 5th Asia-Pacific Workshop on Systems, pp. 1–7. ACM Press (2014). https://doi.org/10.1145/2637166.2637237
McGrew, D., Curcio, M., Fluhrer, S.: Leighton-Micali Hash-Based Signatures. RFC 8554, RFC Editor, April 2019
McGrew, D., Kampanakis, P., Fluhrer, S., Gazdag, S.-L., Butin, D., Buchmann, J.: State management for hash-based signatures. In: Chen, L., McGrew, D., Mitchell, C. (eds.) SSR 2016. LNCS, vol. 10074, pp. 244–260. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-49100-4_11
Merkle, R.C.: A certified digital signature. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 218–238. Springer, New York (1990). https://doi.org/10.1007/0-387-34805-0_21
Nadi, S., Krüger, S., Mezini, M., Bodden, E.: Jumping through hoops: why do Java developers struggle with cryptography APIs? In: Proceedings of the 38th International Conference on Software Engineering, pp. 935–946. ACM Press (2016). https://doi.org/10.1145/2884781.2884790
Nelson, D.: Crypto-Agility Requirements for Remote Authentication Dial-In User Service (RADIUS). RFC 6421, RFC Editor (2011)
Nielsen, J.: Usability Engineering. Elsevier, Amsterdam (1994)
Scheller, T., Kuhn, E.: Influencing factors on the usability of API classes and methods. In: 2012 IEEE 19th International Conference and Workshops on Engineering of Computer-Based Systems, pp. 232–241 (2012). https://doi.org/10.1109/ECBS.2012.27
Scheller, T., Kühn, E.: Usability evaluation of configuration-based API design concepts. In: Holzinger, A., Ziefle, M., Hitz, M., Debevc, M. (eds.) SouthCHI 2013. LNCS, vol. 7946, pp. 54–73. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39062-3_4
Shor, P.W.: Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM J. Comput. 26(5), 1484–1509 (1997). https://doi.org/10.1137/S0097539795293172
Stransky, C., et al.: Lessons learned from using an online platform to conduct large-scale, online controlled security experiments with software developers. In: 10th USENIX Workshop on Cyber Security Experimentation and Test, CSET 2017 (2017)
Xie, J., Lipford, H.R., Chu, B.: Why do programmers make security errors? In: 2011 IEEE Symposium on Visual Languages and Human-Centric Computing (VL/HCC), pp. 161–164 (2011). https://doi.org/10.1109/VLHCC.2011.6070393
Acknowledgements
This project (HA proj. no. 633/18-56) is financed with funds of LOEWE – Landes-Offensive zur Entwicklung Wissenschaftlich-ökonomischer Exzellenz, Förderlinie 3 (State Offensive for the Development of Scientific and Economic Excellence). We thank our reviewers and the shepherd for their valuable feedback.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendix. API Usability Score of the Online Study
Appendix. API Usability Score of the Online Study
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Zeier, A., Wiesmaier, A., Heinemann, A. (2019). API Usability of Stateful Signature Schemes. In: Attrapadung, N., Yagi, T. (eds) Advances in Information and Computer Security. IWSEC 2019. Lecture Notes in Computer Science(), vol 11689. Springer, Cham. https://doi.org/10.1007/978-3-030-26834-3_13
Download citation
DOI: https://doi.org/10.1007/978-3-030-26834-3_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-26833-6
Online ISBN: 978-3-030-26834-3
eBook Packages: Computer ScienceComputer Science (R0)