State Management Against Two-message Attacks in Hash-Based Post Quantum Signatures for Large IoT Sensor Networks Using Blockchain

With the rise of quantum computers, quantum-safe digital signatures have been invented to ensure the security and verifiability of communication. Hash-based one-time signatures are one of the candidates to ensure unforgeability against the improved processing power. This signature algorithm requires tracking of secret keys to ensure one-time usage, called key state. In an Internet of Things(IoT) environment, failure to maintain key state due to network failures, hardware/software failures, implementation flaws, and improper access is possible. Consequences of failure to manage key state results in the degradation of the system’s security, opening up opportunities for attackers to forge signatures. Solutions to this however are limited due to the scale and resource constraints of IoT devices. Hence, this paper proposes a solution named, Blockchain-based Key State Management to ensure the key state is maintained without affecting resources and scalability heavily. The solution utilizes blockchain and smart contracts to maintain key states by leveraging blockchain protocols to ensure key states remain updated and un-tampered. The paper also contains a qualitative survey comparing other alternative solutions for preventing key reuse to highlight the importance of the proposed solution.