2025年1月,国科大密码学院郑昉昱副教授作为通信作者指导学生,在IEEE Transactions on Industrial Informatics (TII)期刊发表了题为“HTM-PQC: Hardening Cryptography Keys under the Trend of Post-quantum Cryptography Migration on Industrial Internet”的研究论文。论文中提出了一种利用硬件事务内存完成了Dilithium和XMSS的安全实现。该研究工作得到CCF-蚂蚁科研基金(No. CCF-AFSG RF20230206)的支持。
《IEEE Transactions on Industrial Informatics》是IEEE出版的一本多学科期刊,专注于工业环境中信息学理论与应用实践的研究。该期刊是中国科学院1区期刊,是工业信息学领域的顶级期刊之一。
Abstract:With the rapid expansion of Industry 4.0 technology, the proliferation of large-scale devices faces increasingly severe cyber threats, underscoring the critical importance of cryptographic technology for secure communication and authentication. However, cryptographic systems, as the bedrock of security, have faced a barrage of attacks in recent years, including potential threats from quantum computing and memory disclosure vulnerabilities.
In this paper, we focus on enhancing the security of two standard quantum-safe cryptographic algorithms, Dilithium and XMSS, by leveraging hardware transactional memory (HTM) to create a secure operational environment. Unlike traditional cryptography such as RSA and ECC, Dilithium and XMSS involve more and larger sensitive variables, rendering conventional solutions inadequate. By conducting a comprehensive sensitivity analysis of variables within the above algorithms, we confine sensitive operations to transactional execution regions and employ transaction-splitting technology for efficiency. Our prototype, utilizing Intel TSX, demonstrates robust protection against memory disclosure attacks with acceptable performance overheads. Notably, our security-enhanced Dilithium and XMSS software implementations, recommended by NIST, achieve an average throughput factor of 0.75 compared to the (unprotected) reference implementations.
论文信息:Lingjia Meng, Yu Fu, Fangyu Zheng, Mingyu Wang, Ziqiang Ma, Jiankuo Dong, and Jingqiang Lin, “HTM-PQC: Hardening Cryptography Keys under the Trend of Post-quantum Cryptography Migration on Industrial Internet”, IEEE Transactions on Industrial Informatics (TII), 2025(中国科学院1区)
(原文链接:https://ieeexplore.ieee.org/abstract/document/10854988)
