Internet of Things (IoT) applications are composed of massive quantities of resource-limited devices that collect sensitive data with long-term operational and security requirements. With the threat of emerging quantum computers, Post-Quantum Cryptography (PQC) is a critical requirement for IoTs. In particular, digital signatures offer scalable authentication with non-repudiation and are an essential tool for IoTs. However, as seen in NIST PQC standardization, post-quantum signatures are extremely costly for resource-limited IoTs. Hence, there is a significant need for quantum-safe signatures that respect the processing, memory, and bandwidth limitations of IoTs. In this paper, we created a new lightweight quantum-safe digital signature referred to as INFinity-HORS (INF-HORS), which is (to the best of our knowledge) the first signer-optimal hash-based signature with (polynomially) unbounded signing capability. INF-HORS enables a verifier to non-interactively construct one-time public keys from a master public key via encrypted function evaluations. This strategy avoids the performance bottleneck of hash-based standards (e.g., SPHINCS+) by eliminating hyper-tree structures. It also does not require a trusted party or non-colliding servers to distribute public keys. Our performance analysis confirms that INF-HORS is magnitudes of times more signer computation efficient than selected NIST PQC schemes (e.g., SPHINCS+, Dilithium, Falcon) with a small memory footprint.

翻译：物联网应用由大量资源受限设备组成，这些设备收集敏感数据并具有长期运行和安全需求。随着量子计算机的潜在威胁，后量子密码学成为物联网的关键需求。特别是数字签名提供了具备不可否认性的可扩展认证，是物联网的重要工具。然而，正如NIST后量子密码标准化进程所示，后量子签名对资源受限的物联网设备而言成本极高。因此，亟需能够兼顾物联网设备处理能力、内存和带宽限制的量子安全签名方案。本文提出一种新型轻量级量子安全数字签名——INFinity-HORS（INF-HORS），据我们所知，这是首个具备（多项式级）无限制签名能力的签名者最优哈希基签名。INF-HORS允许验证者通过加密函数评估，从主公钥中非交互式构建一次性公钥。该策略通过消除超树结构规避了哈希基标准（如SPHINCS+）的性能瓶颈，且无需可信第三方或非冲突服务器分发公钥。性能分析证实，与选定的NIST后量子密码方案（如SPHINCS+、Dilithium、Falcon）相比，INF-HORS在签名者计算效率上提升数个数量级，且内存占用极低。