Hi Russ, Yes, I’m absolutely referring to constrained devices verifying signatures. This is there primary reason for my support.
That said, I think it’s an open question whether HSS-LMS or Falcon is more appropriate for a constrained device signing reports in response to firmware loading. HSS-LMS has a fixed number of reports and a strategy key, while Falcon may have a timing side-channel, depending on implementation. I don’t think it’s clear that one or the other is preferable. Brendan On Thu, 25 Jul 2024 at 16:21, Russ Housley <[email protected]> wrote: > Brendan: > > Are you talking about verification of Falcon signatures for code signing? > That seems reasonable. > > If you are talking about constrained devices signing reports when firmware > is loaded, then I think that the Falcon floating point operations > associated with key generation will be a problem. > > Russ > > > > On Jul 25, 2024, at 6:58 PM, Brendan Moran <[email protected]> > wrote: > > > > I want to voice my support for draft-ietf-cose-falcon. > > > > To give some context, constrained devices currently are limited to > > ECDSA, EDDSA, or HSS-LMS. For those deploying devices with PQC > > support, there is only one option: HSS-LMS. This presents a big > > problem: HSS-LMS requires stateful private keys that have race > > conditions in backup scenarios. In other words, HSS-LMS is risky but > > it's the best option we have. > > > > I think Falcon would be a much better option for constrained device > > code signing. To be clear, what we're discussing here is constrained > > devices verifying signatures, with the signers potentially air-gapped, > > so side channels & floating point are a non-issue. > > > > The signature size is smaller than HSS-LMS with an equivalent number > > of bits of security and there's no state on the private key. > > > > This makes Falcon ideal for delivering firmware updates and secure > > boot of constrained devices, where the cost of delivering a SPHINCS+ > > signature, for example, would be prohibitive. > > > > Best Regards, > > Brendan > > _______________________________________________ > COSE mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ COSE mailing list -- [email protected] To unsubscribe send an email to [email protected]
