A transparent analysis of what PhoenixSig protects against, what it assumes, and where its boundaries lie. Security through clarity, not obscurity.
PhoenixSig is designed to resist the following adversary classes, ordered by increasing capability:
| Adversary Class | Capabilities | PhoenixSig Response |
|---|---|---|
| Remote Software Attacker | RCE on application processor, RAM access, file system read/write | Full PCS recovery after Phoenix refresh |
| Insider Threat | Authorized access to device, may extract application-level secrets | VaultKey in TEE — non-exportable, insider cannot extract |
| Supply Chain Attacker | May compromise firmware, inject backdoors in software updates | TEE attestation detects tampered firmware; quarantine mode activated |
| Quantum Adversary (Future) | Access to cryptographically relevant quantum computer | ML-DSA/SLH-DSA backends — NIST PQC standards |
| Physical Device Capture | Full hardware access, TEE probing, side-channel attacks | Partially mitigated — see Section 5 |
The primary attack surface. An adversary with remote code execution can read the current state (sigma, epoch, counter) from memory. PhoenixSig's response: Even with full state capture, the attacker cannot forge future signatures after a Phoenix refresh, because VaultKey is isolated in the TEE and cannot be read from the application processor.
An attacker may attempt to restore a previous device state to reuse old signing keys. PhoenixSig's response: Monotonic epoch and counter enforcement. Verifiers reject signatures from stale epochs. Hardware-backed counters (where available) prevent OS-level rollback.
Compromised or weak random number generators could make key derivation predictable. PhoenixSig's response: DyLWE core is deterministic — it does not depend on OS RNG. Entropy comes exclusively from VaultKey (TEE-anchored) and the current state, both of which are outside attacker control.
Timing, power analysis, or electromagnetic emanation attacks against the signing operation. PhoenixSig's response: Delegated to the PQC implementation (ML-DSA/SLH-DSA) which must use constant-time implementations. TEE execution provides an additional isolation boundary.
An attacker may attempt to forge Merkle authentication paths. PhoenixSig's response: The Merkle root (RootPK) is published and committed at enrollment time. Forging a valid path requires finding a preimage of the hash function — computationally infeasible under standard assumptions.
PhoenixSig's PCS guarantee depends on the following assumptions. If any assumption is violated, the specific guarantee it supports may be weakened.
| Assumption | Supports | If Violated |
|---|---|---|
| TEE isolates VaultKey correctly | PCS | PCS degrades to forward security only |
| HKDF behaves as random oracle | All properties | State evolution becomes predictable |
| Module-LWR is computationally hard | Forward security | Past states may be recoverable |
| ML-DSA/SLH-DSA is unforgeable | Signature validity | Signatures can be forged regardless of PCS |
| Attacker access is temporary | PCS recovery | Persistent access = persistent compromise |
Between the moment of compromise (t₁) and the first Phoenix refresh (t₂), the attacker can forge signatures. This window is the fundamental limitation of PCS — the system cannot retroactively invalidate the compromise, only ensure recovery after refresh.
Minimizing this window is an operational concern: automatic periodic refresh, anomaly-triggered refresh, and quarantine-on-reboot all reduce the exposure period.
These risks remain after all PhoenixSig mitigations are applied:
| Risk | Severity | Mitigation Strategy |
|---|---|---|
| TEE hardware vulnerability (e.g., Spectre-class) | High | Monitor TEE vendor advisories; firmware update policy |
| Compromise window forgery | Medium | Minimize refresh interval; anomaly detection |
| Merkle tree exhaustion | Low | Tree re-enrollment protocol; capacity planning |
| Implementation bugs | Medium | Third-party audit; open-source core components |
We welcome security review and responsible disclosure. Reach out to discuss PhoenixSig's security properties.