Related papers: QoeSiGN: Towards Qualified Collaborative eSignatures

QoeSiGN: Towards Qualified Collaborative eSignatures

URL: http://arxiv.org/abs/2512.13613v1
Date: Mon, 15 Dec 2025 18:07:17 GMT
Title: QoeSiGN: Towards Qualified Collaborative eSignatures
Authors: Karl W. Koch, Stephan Krenn, Alexandra Hofer,
Abstract summary: EU's eIDAS regulation specifies, e.g., advanced and qualified (QES) eSignatures.<n>QESs are based on a qualified certificate issued by a qualified trust service provider (QTSP)<n>We perform a threat analysis on the QES-creation process of Austria's national eID.<n>We present QoeSiGN, utilizing novel P2C2 technologies.
Score: 42.13843953705695
License: http://creativecommons.org/licenses/by-sa/4.0/
Abstract: eSignatures ensure data's authenticity, non-repudiation, and integrity. EU's eIDAS regulation specifies, e.g., advanced and qualified (QES) eSignatures. While eSignatures' concrete legal effects depend on the individual case, QESs constitute the highest level of technical protection and authenticity under eIDAS. QESs are based on a qualified certificate issued by a qualified trust service provider (QTSP). Despite legal requirements, technically, a QTSP represents a single point of failure. Contrary, privacy-preserving collaborative computations (P2C2s) have become increasingly practical in recent years; yet lacking an extensive investigation on potential integrations in the QES landscape. We perform a threat analysis on the QES-creation process of Austria's national eID, using STRIDE and a DREAD-like model to extract requirement challenges (RCs) primarily related to: (1) Distributed Service Robustness, (2) Agile Crypto Deployment, and (3) Active User Involvement. To address these RCs, we present QoeSiGN, utilizing novel P2C2 technologies. While currently no P2C2 addresses all RCs, legal aspects, and practical efficiency simultaneously, QoeSiGN gives instantiation possibilities for different needs. For instance, "Multi-Party HSMs" for distributed hardware-secured computations; or secure multi-party computation (software) for highest crypto agility and user involvement, where the user participates in the QES computation. Deployment-wise, QTSPs would need to adapt the signing process and setup trusted communication channels. Legal-wise, QoeSiGN's implementation appears permissible, needing further analysis for realization. Technically, QoeSiGN addresses some regulation requirements better than the current solution, such as "sole control" or crypto agility. Our identified threats and extracted requirements can be transferred to the general QES ecosystem.

Related papers

Post-Quantum Cryptography and Quantum-Safe Security: A Comprehensive Survey [0.9204149287692597]
Post-quantum cryptography (PQC) is moving from evaluation to deployment as NIST finalizes standards for ML-KEM, ML-DSA, and SLH-DSA.<n>This survey maps the space from foundations to practice.
arXiv Detail & Related papers (2025-10-12T04:00:01Z)
Safe and Certifiable AI Systems: Concepts, Challenges, and Lessons Learned [45.44933002008943]
This white paper presents the T"UV AUSTRIA Trusted AI framework.<n>It is an end-to-end audit catalog and methodology for assessing and certifying machine learning systems.<n>Building on three pillars - Secure Software Development, Functional Requirements, and Ethics & Data Privacy - it translates the high-level obligations of the EU AI Act into specific, testable criteria.
arXiv Detail & Related papers (2025-09-08T17:52:08Z)
Performance and Storage Analysis of CRYSTALS Kyber as a Post Quantum Replacement for RSA and ECC [45.88028371034407]
CRYSTALS-Kyber is a post-quantum cryptographic solution standardized by NIST in 2022.<n>This study evaluates Kyber's practical viability through performance testing across various implementation schemes.
arXiv Detail & Related papers (2025-08-03T09:53:45Z)
A Scalable Framework for Post-Quantum Authentication in Public Key Infrastructures [0.0]
This work explores the performance and scalability of a hierarchical certificate authority framework with automated certificate issuance.<n>The system is designed for compatibility with both classical and PQC algorithms, promoting crypto-agility while ensuring robust security against quantum-based threats.
arXiv Detail & Related papers (2025-04-16T13:18:11Z)
Performance Analysis and Industry Deployment of Post-Quantum Cryptography Algorithms [0.8602553195689513]
The National Institute of Standards and Technology (NIST) has selected CRYSTALS-Kyber and CRYSTALS-Dilithium as standardized PQC algorithms for secure key exchange and digital signatures.<n>This study conducts a comprehensive performance analysis of these algorithms by benchmarking execution times across cryptographic operations.<n>Our findings demonstrate that Kyber and Dilithium achieve efficient execution times, outperforming classical cryptographic schemes such as RSA and ECDSA at equivalent security levels.
arXiv Detail & Related papers (2025-03-17T09:06:03Z)
Hybrid Scheme of Post-Quantum Cryptography and Elliptic-Curve Cryptography for Certificates -- A Case Study of Security Credential Management System in Vehicle-to-Everything Communications [0.0]
This study proposes a hybrid certificate scheme of PQC and ECC to overcome the challenges in V2X communication.<n>PQC is used to establish a security level resistant to quantum computing attacks, while ECC is utilized to establish anonymous certificates.
arXiv Detail & Related papers (2025-01-13T02:59:59Z)
TRUST: A Toolkit for TEE-Assisted Secure Outsourced Computation over Integers [30.72930396939045]
We propose a toolkit for TEE-assisted (Trusted Execution Environment) SOC over integers, named TRUST.<n>In terms of system architecture, TRUST falls in a single TEE-equipped cloud server only through seamlessly integrating the computation of REE (Rich Execution Environment) and TEE.<n>We present textttSEAT, secure data trading based on TRUST.
arXiv Detail & Related papers (2024-12-02T03:19:29Z)
ACRIC: Securing Legacy Communication Networks via Authenticated Cyclic Redundancy Integrity Check [98.34702864029796]
Recent security incidents in safety-critical industries exposed how the lack of proper message authentication enables attackers to inject malicious commands or alter system behavior.<n>These shortcomings have prompted new regulations that emphasize the pressing need to strengthen cybersecurity.<n>We introduce ACRIC, a message authentication solution to secure legacy industrial communications.
arXiv Detail & Related papers (2024-11-21T18:26:05Z)
A Survey and Comparative Analysis of Security Properties of CAN Authentication Protocols [92.81385447582882]
The Controller Area Network (CAN) bus leaves in-vehicle communications inherently non-secure. This paper reviews and compares the 15 most prominent authentication protocols for the CAN bus. We evaluate protocols based on essential operational criteria that contribute to ease of implementation.
arXiv Detail & Related papers (2024-01-19T14:52:04Z)
HasTEE+ : Confidential Cloud Computing and Analytics with Haskell [50.994023665559496]
Confidential computing enables the protection of confidential code and data in a co-tenanted cloud deployment using specialized hardware isolation units called Trusted Execution Environments (TEEs) TEEs offer low-level C/C++-based toolchains that are susceptible to inherent memory safety vulnerabilities and lack language constructs to monitor explicit and implicit information-flow leaks. We address the above with HasTEE+, a domain-specific language (cla) embedded in Haskell that enables programming TEEs in a high-level language with strong type-safety.
arXiv Detail & Related papers (2024-01-17T00:56:23Z)
Matching Game for Optimized Association in Quantum Communication Networks [65.16483325184237]
This paper proposes a swap-stable request-QS association algorithm for quantum switches. It achieves a near-optimal (within 5%) performance in terms of the percentage of served requests. It is shown to be scalable and maintain its near-optimal performance even when the size of the QCN increases.
arXiv Detail & Related papers (2023-05-22T03:39:18Z)

This list is automatically generated from the titles and abstracts of the papers in this site.