Short Signatures via Multiple Hardware Security Modules with Key Splitting in Circuit Breaking Environments.

A Circuit Breaking Environment (CBE) for Connected Railway Infrastructures (CRI) requires that high sensitive cargos are bound to the transportation train carriges. This implies a continous verification of the connectivity and rapid identification of potenital disconnections. For that purpose we consider signatures run on devices with multiple Hardware Security Modules (HSM) architectures. We propose a modification of BLS signatures with an additive key split augumented with a refresh technique. This protects against a powerful adversary that can control distinct HSMs in different signing sessions. Thus, we consider our scheme to be secure even if the adversary switches between chosen HSMs for leakage of partial secrets, from session to session. Finally, we provide promising results from a proof-ofconcept implementation, tested on several different type of lowpowered devices for comparison. These indicate the feasibility of our constructions.