Post-quantum Key Exchange for the Internet and the Open Quantum Safe Project

@inproceedings{Stebila2016PostquantumKE,
  title={Post-quantum Key Exchange for the Internet and the Open Quantum Safe Project},
  author={Douglas Stebila and Michele Mosca},
  booktitle={SAC},
  year={2016}
}
Designing public key cryptosystems that resist attacks by quantum computers is an important area of current cryptographic research and standardization. To retain confidentiality of today’s communications against future quantum computers, applications and protocols must begin exploring the use of quantum-resistant key exchange and encryption. In this paper, we explore post-quantum cryptography in general and key exchange specifically. We review two protocols for quantum-resistant key exchange… 
Survey on Quantum Resist Public Key Algorithms Compatible for Java Card
TLDR
This paper surveys quantum resistant algorithms that could be new alternative to current standard scheme for public key identification to employ Quantum safe Security in Java Cards.
Post-quantum Lattice-based Cryptography Implementations: A Survey
TLDR
This work survey trends in lattice-based cryptographic schemes, some recent fundamental proposals for the use of lattices in computer security, challenges for their implementation in software and hardware, and emerging needs for their adoption.
Performance evaluation of liboqs in Open Quantum Safe project (Part I)
TLDR
This paper checks and compares the performance of OQS key exchange protocols using lattices and suggests future work in Open Quantum Safe project, which focuses on lattice-based OZS projects such as BCNS15, NewHope, MSrln, Kyber, and Frodo.
Post-Quantum Lattice-Based Cryptography Implementations
TLDR
This work survey trends in lattice-based cryptographic schemes, some recent fundamental proposals for the use of lattices in computer security, challenges for their implementation in software and hardware, and emerging needs for their adoption.
Assessing the overhead of post-quantum cryptography in TLS 1.3 and SSH
TLDR
This paper evaluates protocol handshake performance when both post-quantum key exchange and authentication are integrated into TLS and SSH and finds that the introduced handshake latency ranges between 1-300% for TLS and 0.5-50% for SSH depending on the post-Quantum algorithms used.
Post-quantum Certificates for Electronic Travel Documents
TLDR
This paper investigates the practicality of employing post-quantum digital signatures to ensure the authenticity of an electronic travel document, and creates a special-purpose public key infrastructure based on these techniques, and gives performance results for both creation and verification of certificates.
Post-quantum authentication in OpenSSL with hash-based signatures
TLDR
This paper describes the integration of the XMSS hash-based signature scheme into the popular OpenSSL security library and introduces support for EVP, ASN.1 and X.509 formats in OpenSSL and for the widely-deployed TLS and S/MIME protocols.
Evaluating the Efficiency of Physical and Cryptographic Security Solutions for Quantum Immune IoT
TLDR
The results reveal that the proposed physical layer implementation of NewHope and Frodo key exchange algorithms as well as novel physical layer secrecy coding approach that is based on polar codes is very competitive with respect to the cryptographic solutions, particularly in short-range wireless communication.
Performance of New Hope and CRYSTALS-Dilithium Postquantum Schemes in the Transport Layer Security Protocol
TLDR
This analysis considers integrating the implementation of two cryptographic schemes that were successful in the second round of the postquantum standardization process, namely, Dilithium and New Hope into the transport layer security (TLS) protocol.
Mixed Certificate Chains for the Transition to Post-Quantum Authentication in TLS 1.3
TLDR
This work proposes and investigates a migration strategy towards post-quantum (PQ) authentication for the network protocol Transport Layer Security (TLS), and demonstrates the suitability of the migration strategy even for embedded devices.
...
...

References

SHOWING 1-10 OF 56 REFERENCES
Post-Quantum Key Exchange for the TLS Protocol from the Ring Learning with Errors Problem
TLDR
This work demonstrates the practicality of post-quantum key exchange by constructing cipher suites for the Transport Layer Security (TLS) protocol that provide key exchange based on the ring learning with errors (R-LWE) problem, and accompanies these cipher suites with a rigorous proof of security.
Speeding up R-LWE Post-quantum Key Exchange
TLDR
This paper builds on the implementation of Alkim et al., and focuses on improving the algorithm for generating a uniformly random polynomial, by optimizing three independent directions: efficient pseudorandom bytes generation, decreasing the rejection rate during sampling, and vectorizing the sampling step.
Practical and post-quantum authenticated key exchange from one-way secure key encapsulation mechanism
TLDR
A generic construction of AKE protocols from OW-CCA secure KEMs is proposed and CK+ security of the protocols in the random oracle model is proved and communication costs are reduced.
Frodo: Take off the Ring! Practical, Quantum-Secure Key Exchange from LWE
TLDR
Despite conventional wisdom that generic lattices might be too slow and unwieldy, it is demonstrated that LWE-based key exchange is quite practical: the authors' constant time implementation requires around 1.3ms computation time for each party; compared to the recent NewHope R-LWE scheme, communication sizes increase by a factor of 4.7x, but remain under 12 KiB in each direction.
Small Field Attack, and Revisiting RLWE-Based Authenticated Key Exchange from Eurocrypt'15
TLDR
This work proposes a new type of attack, referred to as small field attack (SFA), against the one-pass protocol Π1 as well as its resultant deniable encryption scheme, and develops some new property regarding the CRT basis forRq that may be of independent interest.
Post-quantum Key Exchange - A New Hope
TLDR
New parameters and a better suited error distribution are proposed, the scheme's hardness against attacks by quantum computers is analyzed in a conservative way, a new and more efficient error-reconciliation mechanism is introduced, and a defense against backdoors and all-for-the-price-of-one attacks is proposed.
How to Enhance the Security of Public-Key Encryption at Minimum Cost
This paper presents a simple and efficient conversion from a semantically secure public-key encryption scheme against passive adversaries to a non-malleable (or semantically secure) public-key
Fast Cryptographic Primitives and Circular-Secure Encryption Based on Hard Learning Problems
TLDR
Public-key and symmetric-key cryptosystems that provide security for key-dependent messages and enjoy circular security and a pseudorandom generator that can be computed by a circuit of n ·polylog(n) size are constructed.
Towards Quantum-Resistant Cryptosystems from Supersingular Elliptic Curve Isogenies
TLDR
The main technical idea in this scheme is that the images of torsion bases under the isogeny are transmitted in order to allow the two parties to arrive at a common shared key despite the noncommutativity of the endomorphism ring.
Authenticated Key Exchange from Ideal Lattices
TLDR
A practical and provably secure two-pass authenticated key exchange protocol over ideal lattices, which is conceptually simple and has similarities to the Diffie-Hellman based protocols such as HMQV and OAKE.
...
...