Abstract
Hybrid Authenticated Key Exchange (AKE) protocols combine keying material from different sources (post-quantum, classical, and quantum key distribution (QKD)) to build protocols that are resilient to catastrophic failures of the different components. These failures may be due to advances in quantum computing, implementation vulnerabilities, or our evolving understanding of the quantum (and even classical) security of supposedly quantum-secure primitives. This hybrid approach is a prime candidate for initial deployment of post-quantum-secure cryptographic primitives because it hedges against undiscovered weaknesses. We propose a general framework \(\mathsf {HAKE}\) for analysing the security of such hybrid AKE protocols. \(\mathsf {HAKE}\) extends the classical Bellare-Rogaway model for AKE security to encompass forward security, post-compromise security, fine-grained compromise of different cryptographic components, and more. We use the framework to provide a security analysis of a new hybrid AKE protocol named \(\mathsf {Muckle}\). This protocol operates in one round trip and leverages the pre-established symmetric keys that are inherent to current QKD designs to provide message authentication, avoiding the need to use expensive post-quantum signature schemes. We provide an implementation of our Muckle protocol, instantiating our generic construction with classical and post-quantum Diffie-Hellman-based algorithmic choices. Finally, we report on benchmarking exercises against our implementation, examining its performance in terms of clock cycles, elapsed wall-time, and additional latency in both LAN and WAN settings.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The name \(\mathsf {Muckle}\) derives from the traditional English phrase “Many a mickle makes a muckle”: many small things can add up to make a big thing.
- 2.
As a side-note, this is why QKD in this normal form does not solve the key distribution problem, but only the key expansion problem.
- 3.
Either \(\mathsf {mbedtls}\) or \(\mathsf {PQCrypto}\hbox {-}\mathsf {SIDH}\).
References
ARM mbed TLS. https://tls.mbed.org/. Accessed 12 Nov 2018
C-Muckle source code. https://github.com/himsen/muckle. Accessed 29 Jan 2020
Microsoft PQCrypto-SIDH. https://github.com/Microsoft/PQCrypto-SIDH. Accessed 12 Nov 2018
Albrecht, M.R., et al.: Estimate all the \(\{\)LWE, NTRU\(\}\) schemes! In: Catalano, D., De Prisco, R. (eds.) SCN 2018. LNCS, vol. 11035, pp. 351–367. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-98113-0_19
Alkim, E., Ducas, L., Pöppelmann, T., Schwabe, P.: Post-quantum key exchange - a new hope. In: Holz, T., Savage, S. (eds.) 25th USENIX Security Symposium, USENIX Security 16, Austin, TX, USA, 10–12 August 2016, pp. 327–343. USENIX Association (2016)
Bellare, M., Canetti, R., Krawczyk, H.: Keying hash functions for message authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 1–15. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-68697-5_1
Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48329-2_21
Bennett, C., Brassard, G.: Quantum cryptography: public key distribution and coin tossing. In: Proceedings of IEEE International Conference on Computers, Systems and Signal Processing, vol. 175, no. P1 (1984)
Bernstein, D.J.: Curve25519: new Diffie-Hellman speed records. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) PKC 2006. LNCS, vol. 3958, pp. 207–228. Springer, Heidelberg (2006). https://doi.org/10.1007/11745853_14
Bernstein, D.J.: Is the security of quantum cryptography guaranteed by the laws of physics? CoRR, abs/1803.04520 (2018)
Bindel, N., Brendel, J., Fischlin, M., Goncalves, B., Stebila, D.: Hybrid key encapsulation mechanisms and authenticated key exchange. In: Ding, J., Steinwandt, R. (eds.) PQCrypto 2019. LNCS, vol. 11505, pp. 206–226. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-25510-7_12
Bindel, N., Herath, U., McKague, M., Stebila, D.: Transitioning to a quantum-resistant public key infrastructure. In: Lange, T., Takagi, T. (eds.) PQCrypto 2017. LNCS, vol. 10346, pp. 384–405. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-59879-6_22
Braithwaite, M.: Experimenting with post-quantum cryptography, July 2016. https://security.googleblog.com/2016/07/experimenting-with-post-quantum.html
Brendel, J., Fischlin, M., Günther, F.: Breakdown resilience of key exchange protocols: NewHope, TLS 1.3, and Hybrids. In: Sako, K., Schneider, S., Ryan, P.Y.A. (eds.) ESORICS 2019. LNCS, vol. 11736, pp. 521–541. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-29962-0_25
Cohn-Gordon, K., Cremers, C.J.F., Garratt, L.: On post-compromise security. In: IEEE 29th Computer Security Foundations Symposium, CSF 2016, Lisbon, Portugal, 27 June–1 July 2016, pp. 164–178. IEEE Computer Society (2016)
Costello, C., Longa, P., Naehrig, M.: Efficient algorithms for supersingular isogeny Diffie-Hellman. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9814, pp. 572–601. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53018-4_21
Cremers, C., Feltz, M.: Beyond eCK: perfect forward secrecy under actor compromise and ephemeral-key reveal. In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol. 7459, pp. 734–751. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-33167-1_42
Huang, A., Sun, S.-H., Liu, Z., Makarov, V.: Quantum key distribution with distinguishable decoy states. Phys. Rev. A 98, 012330 (2018)
Krawczyk, H.: Cryptographic extraction and key derivation: the HKDF scheme. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 631–648. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14623-7_34
Kwiatkowski, K., Valenta, L.: The TLS post-quantum experiment, October 2010. https://blog.cloudflare.com/the-tls-post-quantum-experiment
Li, J., Kim, K., Zhang, F., Chen, X.: Aggregate proxy signature and verifiably encrypted proxy signature. In: Susilo, W., Liu, J.K., Mu, Y. (eds.) ProvSec 2007. LNCS, vol. 4784, pp. 208–217. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-75670-5_15
Moody, D.: What was NIST thinking? Round 2 of the NIST PQC “Competition”. Talk at Oxford University (2019)
Mosca, M., Stebila, D., Ustaoğlu, B.: Quantum key distribution in the classical authenticated key exchange framework. In: Gaborit, P. (ed.) PQCrypto 2013. LNCS, vol. 7932, pp. 136–154. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38616-9_9
Müller-Quade, J., Renner, R.: Composability in quantum cryptography. CoRR, abs/1006.2215 (2010)
Schank, J., Stebila, D.: A Transport Layer Security (TLS) extension for establishing an additional shared secret. IETF Draft (2017)
Sibson, P., et al.: Chip-based quantum key distribution. Nat. Commun. 8, 13984 (2017)
Stebila, D., Fluhrer, S., Gueron, S.: Design issues for hybrid key exchange in TLS 1.3. IETF Draft (2019). https://tools.ietf.org/id/draft-stebila-tls-hybrid-design-01.html0
Vakhitov, A., Makarov, V., Hjelme, D.R.: Large pulse attack as a method of conventional optical eavesdropping in quantum cryptography. J. Mod. Opt. 48, 2023 (2001)
Whyte, W., Fluhrer, S., Zhang, Z., Garcia-Morchon, O.: Quantum-safe hybrid (QSH) key exchange for transport layer security (TLS) version 1.3. IETF Draft (2017)
Yuen, H.P.: Security of quantum key distribution. IEEE Access 4, 724–749 (2016)
Zhang, R., Hanaoka, G., Shikata, J., Imai, H.: On the security of multiple encryption or CCA-security+CCA-security=CCA-security? In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 360–374. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24632-9_26
Acknowledgments
The research of Dowling was supported by Innovate UK and EPSRC grant EP/L018543/1 (the EQUIP project). The research of Hansen was supported by the EPSRC and the UK government as part of the Centre for Doctoral Training in Cyber Security at Royal Holloway, University of London (EP/K035584/1). The research of Paterson was supported by Innovate UK and EPSRC grants EP/L018543/1, EP/K035584/1 and EP/M013472/1 and a gift from VMware.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Wall-Time Function Profiling in Two Availability Zones
A Wall-Time Function Profiling in Two Availability Zones
Results of the wall-time measurement experiment between two AWS EC2 instances in two different availability zones located in the same region (London). Specifically, the chart captures the relative median wall-time spent executing various functions in the \(\mathsf {C}\hbox {-}\mathsf {Muckle}\) execution flow. The top 6 categories for each chart are functions that correspond to \(\mathsf {C}\hbox {-}\mathsf {Muckle}\) functions described in the text. The network category includes time taken to intialise of the socket, as well as sending and receiving messages. The percentage for the \(\mathsf {Other}\) category is computed by subtracting the median wall-time for the top 6 functions and the median time for networking from the entire median wall-time of the participant. (Left) \(\mathsf {C}\hbox {-}\mathsf {Muckle}\) \(\mathsf {initiator}\). (Right) \(\mathsf {C}\hbox {-}\mathsf {Muckle}\) \(\mathsf {responder}\).
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Dowling, B., Hansen, T.B., Paterson, K.G. (2020). Many a Mickle Makes a Muckle: A Framework for Provably Quantum-Secure Hybrid Key Exchange. In: Ding, J., Tillich, JP. (eds) Post-Quantum Cryptography. PQCrypto 2020. Lecture Notes in Computer Science(), vol 12100. Springer, Cham. https://doi.org/10.1007/978-3-030-44223-1_26
Download citation
DOI: https://doi.org/10.1007/978-3-030-44223-1_26
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-44222-4
Online ISBN: 978-3-030-44223-1
eBook Packages: Computer ScienceComputer Science (R0)