The stateful hash based signatures are a ticking time bomb. As NIST 800-208 states, they must be implemented in HSMs, and the keys cannot be exported (aka backed up). This means that long life firmware signing keys are at risk when the HSM that they were created in fails due to age. I really hope that stateful HBS go away once the other quantum resistant signature schemes are standardized.
I am intigued by the Spanish QKD via geo satellites. I will watch this with interest.
Yes, it's a cool project. First one I've seen focused on geo satellites.
The stateful hash based signatures are a ticking time bomb. As NIST 800-208 states, they must be implemented in HSMs, and the keys cannot be exported (aka backed up). This means that long life firmware signing keys are at risk when the HSM that they were created in fails due to age. I really hope that stateful HBS go away once the other quantum resistant signature schemes are standardized.
I’m rather hoping nobody has chosen to use HBS algorithms. But I’ll guess we’ll find out in due course when things go horribly wrong!
I am thinking about latency, in particular.