SHRINCS: 324-byte stateful post-quantum signatures with static backups

The discussion emphasizes the utilization of dedicated signing devices for the deployment of SHRINCS, highlighting their ability to securely maintain state without user interference. A speculative solution is proposed for implementing SHRINCS on desktop wallets by leveraging a Trusted Platform Module (TPM) to securely store state information. The TPM would offer functionalities such as initializing a storage slot with a secret, writing data to the slot, and reading data from it, all contingent upon the presentation of the correct secret. This approach ensures that the data cannot be inadvertently included in disk backups and maintains the integrity of the data between write operations.

To integrate this mechanism into a software wallet, a series of steps are suggested: initializing the slot with a unique authentication token, storing a hash of the wallet's state along with the seed and public key on disk, and updating this stored state only after verifying its consistency through the TPM. However, this method is identified as potentially insecure due to the risk of concurrent execution of the Sign function with different messages, which could lead to inconsistent states being loaded from the disk if proper locking mechanisms are not implemented.

Additionally, practical steps to set up such a TPM slot on an Intel CPU using tpm2 tools are provided, including commands to define, write to, and read from the secure slot. This process requires specific permissions, such as adding the user to the tss group on NixOS, to execute the necessary commands without root access.

This exploration into integrating TPM technology for state management in cryptographic signing processes like SHRINCS on non-dedicated devices raises important considerations about security, efficiency, and operational feasibility. Such innovations could potentially enhance the usability and security of software wallets, albeit with careful attention to the challenges highlighted.