PQFabric: A Permissioned Blockchain Secure from Both Classical and Quantum Attacks

TL;DR

This paper introduces PQFabric, a modified version of Hyperledger Fabric that incorporates hybrid classical and quantum-safe signatures to defend against quantum attacks, with a focus on crypto-agility and migration challenges.

Contribution

It redesigns Fabric's credential management to support hybrid signatures, enabling quantum-safe security and live migration with comprehensive benchmarking of post-quantum algorithms.

Findings

Hybrid signatures increase hashing time with longer keys.

Long public keys significantly impact performance.

Migration to post-quantum signatures presents new challenges.

Abstract

Hyperledger Fabric is a prominent and flexible solution for building permissioned distributed ledger platforms. Access control and identity management relies on a Membership Service Provider (MSP) whose cryptographic interface only handles standard PKI methods for authentication: RSA and ECDSA classical signatures. Also, MSP-issued credentials may use only one signature scheme, tying the credential-related functions to classical single-signature primitives. RSA and ECDSA are vulnerable to quantum attacks, with an ongoing post-quantum standardization process to identify quantum-safe drop-in replacements. In this paper, we propose a redesign of Fabric's credential-management procedures and related specifications in order to incorporate hybrid digital signatures, protecting against both classical and quantum attacks using one classical and one quantum-safe signature. We create PQFabric, an implementation of Fabric with hybrid signatures that integrates with the Open Quantum Safe (OQS) library. Our implementation offers complete crypto-agility, with the ability to perform live migration to a hybrid quantum-safe blockchain and select any existing OQS signature algorithm for each node. We perform comparative benchmarks of PQFabric with each of the NIST candidates and alternates, revealing that long public keys and signatures lead to an increase in hashing time that is sometimes comparable to the time spent signing or verifying messages itself. This is a new and potentially significant issue in the migration of blockchains to post-quantum signatures.