OpenSSL Conference

This talk explains how to solve the private key protection problem for PQC algorithms, in the domain of regulated and certified digital identity wallets, but applicable more generally. EUDI wallets will rely on the abstract components WSCA (Wallet Secure Cryptographic Application) and WSCD (Wallet Secure Cryptographic Device). We show that the use of threshold and thresholdized pre- and postquantum-secure signature schemes in handshake protocols is a viable approach, providing an alternative for the case when hardware support for such schemes will be delayed. We discuss how such schemes can be deployed, and what performance to expect. While hardware solutions usually enjoy government approved security certification status, we show how to achieve the same security assurance level with software-oriented products, which are based on PQC-secure threshold schemes.