Digital Twins (DT) virtually model cyber-physical objects using Internet of Things (IoT) components (e.g., sensors) to gather and process senstive information stored in the cloud. Trustworthiness of the streamed data is crucial which requires quantum safety and breach resiliency. Digital signatures are essential for scalable authentication and non-repudiation. Yet, NIST PQC signature standards are exorbitantly costly for low-end IoT without considering forward security. Moreover, Post-Quantum (PQ) signatures lack aggregation, which is highly desirable to reduce the transmission and storage burdens in DTs. Hence, there is an urgent need for lightweight digital signatures that offer compromise resiliency and compactness while permitting an effective transition into the PQ era for DTs. We create a series of highly lightweight digital signatures called Hardware-ASsisted Efficient Signature (HASES) that meets the above requirements. The core of HASES is a hardware-assisted cryptographic commitment construct oracle (CCO) that permits verifiers to obtain expensive commitments without signer interaction. We created three HASES schemes: PQ-HASES is a forward-secure PQ signature, LA-HASES is an efficient aggregate Elliptic-Curve signature, and HY-HASES is a novel hybrid scheme that combines PQ-HASES and LA-HASES with novel strong nesting and sequential aggregation. HASES does not require a secure-hardware on the signer. We proved that HASES schemes are secure and implemented them on commodity hardware and an 8-bit AVR ATmega2560. Our experiments confirm that PQ-HASES and LA-HASES are two magnitudes of times more signer efficient than their PQ and conventional-secure counterparts, respectively. HY-HASES outperforms NIST PQC and conventional signature combinations, offering a standardcompliant transitional solution for emerging DTs. We open-source HASES schemes for public testing and adaptation.

翻译：数字孪生利用物联网组件（如传感器）对信息物理对象进行虚拟建模，以采集并处理存储在云端的敏感信息。流式数据的可信性至关重要，这要求具备量子安全性和抗泄露能力。数字签名是实现可扩展认证与不可否认性的关键手段。然而，NIST后量子密码标准签名方案对低端物联网设备而言成本过高，且未考虑前向安全性。此外，后量子签名缺乏聚合能力，而这正是降低数字孪生中传输与存储负担的理想特性。因此，亟需一种兼顾抗妥协性与紧凑性、且能有效过渡至后量子时代的轻量级数字签名方案。我们创建了一系列超轻量级数字签名方案——硬件辅助高效签名，可满足上述需求。HASES的核心是硬件辅助密码承诺构造预言机，该预言机允许验证者无需签名者交互即可获取计算代价高昂的承诺。我们设计了三种HASES方案：PQ-HASES是一种前向安全的后量子签名，LA-HASES是一种高效的椭圆曲线聚合签名，HY-HASES则是一种新型混合方案，通过新颖的强嵌套与顺序聚合机制结合了PQ-HASES与LA-HASES。HASES无需在签名端部署安全硬件。我们证明了HASES方案的安全性，并在商用硬件与8位AVR ATmega2560微控制器上实现了这些方案。实验证实，PQ-HASES与LA-HASES的签名效率分别比同类后量子方案和传统安全方案高出两个数量级。HY-HASES的性能优于NIST后量子密码标准与常规签名的组合方案，为新兴数字孪生提供了一种符合标准的过渡性解决方案。我们已开源HASES方案供公开测试与适配。