IN THIS CHAPTER Do you need an HSM in the first place? ................................................................................................................................................ Can you use a current HSM for post-quantum cryptography? ................................................................................................................................................ Does your HSM have what you need? ................................................................................................................................................ Chapter 5 Hardware Security Modules To break current cryptography — that is, decrypt an encrypted message addressed to someone else or sign a document pretending to be someone else — knowledge of the cryptographic algorithm is not a relevant factor. In fact, all cryptographic algorithms used commercially today are public and well documented. The security of a cryptographic operation depends solely on the knowledge of a secret symmetric key or the private part of an asymmetric key. Therefore, these digital keys are paramount to keeping your secrets safe and preventing identity theft: Similar to someone who obtains your house keys being able to freely access your home, someone with access to your cryptographic keys can access your secret data and sign documents on your behalf. A hardware security module (HSM) is a physical stand-alone device which stores cryptographic keys in a safe environment providing tamper-protection. It also implements standard cryptographic operations such that these keys can be used (by their rightful owners) without ever being exposed outside the safe environment of the HSM. These devices are often certified to international standards like FIPS or Common Criteria. In this chapter we discuss the benefits of using an HSM, explain how to use an HSM for post-quantum cryptography today, and finish with a practical checklist of things you want in an HSM used for post-quantum (or state-of-the-art) cryptography.
PQC_for_Dummies
To see the actual publication please follow the link above