Stateful hash-based signature (HBS) schemes are digital signature schemes believed to be resistant to the threat posed by a cryptographically relevant quantum computer. NSA’s CNSA 2.0 encourages vendors to adopt stateful HBS schemes as defined in SP 800-208 immediately for all software and firmware code signing, with a requirement to support them by 2025.

SP 800-208 requires that all stateful HBS key generation and signature algorithms be implemented within a FIPS 140 certified HSM with level 3 physical security.  Furthermore, the HSM “shall not allow for the export of private keying material.” This is intended to ensure that the state of the OTS signature keys is always enforced and keys are never reused, which would introduce cryptologic vulnerabilities into the signature scheme.

Attendiees of this webcast learned about Thales TCT’s SP800-208 Compliant Code Signing Solution. Thales TCT’s crypto-expert, Evan Pelecky, discussed topics including:

• What stateful HBS schemes are
• How stateful HBS schemes compare to classical algorithms
• When to use stateful HBS for code signing
• What SP 800-208 requirements are for hardware security modules
• How Thales Luna hardware security modules support LMS/HSS