In Bos et al. ( 2015), an unauthenticated Diffie-Hellman-like key exchange protocol is proposed, based on the ring learning with errors (RLWE) problem, and the authors demonstrate its practicality, integrating it in TLS cipher suits. When it comes to secure joint key generation of two-party keys, fewer proposals are available in the literature. Many of these proposals are not contributory key exchange protocols, but key encapsulation mechanisms (KEMs), allowing one party to send a high-entropy key to another one, which can be later used to secure their two-party communication submissions to NIST’s ongoing standardization effort provide various examples of current candidates for post-quantum KEMs National Institute of Standards and Technology ( 2019). A number of two-party key establishment protocols have been proposed taking into account quantum adversaries with diverse security models and levels of formalism. This is where a future-quantum scenario comes in.
The question arises whether it is possible to put off some of the cost that comes with an immediate transition to a “full-fledged post-quantum design” without jeopardizing the long-term security of established session keys. While a number of primitives for post-quantum cryptographic tasks are available, restricting to this kind of tools comes at a prize in terms of computational cost, memory, bandwidth, etc. Basic building blocks behind a post-quantum GAKE (such as encryption or commitment schemes) should be proven secure in this new restricted scenario, where primitives based on the hardness of factoring or computing discrete logarithms in certain groups can no longer be trusted. On top of the standard security challenges encountered in this framework, significant difficulties arise when considering adversaries that have access to quantum computing-the so-called post-quantum setting. It is typical to assume in this context that the network is fully under adversarial control, and thus a potential adversary may not only eavesdrop, but also delay, suppress, or insert messages at will. Communication is carried out over an insecure channel, and thus legitimate participants need to authenticate themselves (if not necessarily as specific individuals, at least as legitimate group members). In this contribution, we focus on group key exchange protocols ( GAKE), which are cryptographic constructions allowing a group of n ⩾ 2 participants to agree upon a high-entropy secret key.
Some efforts focus on finding new constructions exploiting the great potential of quantum technology ( Quantum Key Distribution schemes being the flagship example), while others target design strategies transitioning from classical to quantum resistant schemes. The advent of quantum computing has had a great effect in cryptographic developments, giving rise to different active lines of work. The hybrid structure dodges potential efficiency downsides, like large signatures, of some “true” post-quantum authentication techniques, making our protocol a potentially interesting fit for current applications with long-term security needs.
#Anysend key code#
Our proposal uses password authentication and builds upon efficient and reasonably well understood primitives: a message authentication code and a post-quantum key encapsulation mechanism. This captures a situation in which keys are to be established in the present, while security guarantees must still be provided in the future when quantum resources may be accessible to a potential adversary.įurther, we propose a protocol design that can be proven secure in this model. In this paper, we put forward a security model for group key establishment ( GAKE) with an adversary that may execute efficient quantum algorithms, yet only once the execution of the protocol has concluded. Namely, the parties seeking to achieve some cryptographic task, often start by establishing a common high-entropy secret that will eventually be used to secure their communication. In cryptography, key establishment protocols are often the starting point paving the way towards secure execution of different tasks.
0 kommentar(er)
