The Qey: Implementation and performance study of post quantum cryptography in FIDO2

TL;DR

This paper explores integrating post-quantum cryptography, specifically Crystals Dilithium, into FIDO2 authentication to enhance security against quantum attacks, and evaluates its performance and usability.

Contribution

It introduces the use of ML-DSA based on Crystals Dilithium for FIDO2, analyzing its security and performance compared to classical algorithms.

Findings

Crystals Dilithium provides quantum-resistant security for FIDO2.

Performance analysis shows acceptable latency with ML-DSA.

Enhanced security against quantum attacks demonstrated.

Abstract

Authentication systems have evolved a lot since the 1960s when Fernando Corbato first proposed the password-based authentication. In 2013, the FIDO Alliance proposed using secure hardware for authentication, thus marking a milestone in the passwordless authentication era [1]. Passwordless authentication with a possession-based factor often relied on hardware-backed cryptographic methods. FIDO2 being one an amalgamation of the W3C Web Authentication and FIDO Alliance Client to Authenticator Protocol is an industry standard for secure passwordless authentication with rising adoption for the same [2]. However, the current FIDO2 standards use ECDSA with SHA-256 (ES256), RSA with SHA-256 (RS256) and similar classical cryptographic signature algorithms. This makes it insecure against attacks involving large-scale quantum computers [3]. This study aims at exploring the usability of Module Lattice based Digital Signature Algorithm (ML-DSA), based on Crystals Dilithium as a post quantum cryptographic signature standard for FIDO2. The paper highlights the performance and security in comparison to keys with classical algorithms.