Hybrid Key Encapsulation Mechanisms and Authenticated Key Exchange

Concerns about the impact of quantum computers on currently deployed public key cryptography have instigated research into not only quantum-resistant cryptographic primitives but also how to transition applications from classical to quantum-resistant solutions. One approach to mitigate the risk of quantum attacks and to preserve common security guarantees are hybrid schemes, which combine classically secure and quantum-resistant schemes. Various academic and industry experiments and draft standards related to the Transport Layer Security (TLS) protocol already use some form of hybrid key exchange; however sound theoretical approaches to substantiate the design and security of such hybrid key exchange protocols are missing so far.

[1]  Eric Crockett,et al.  BIKE and SIKE Hybrid Key Exchange Cipher Suites for Transport Layer Security (TLS) , 2019 .

[2]  Douglas Stebila,et al.  Transitioning to a Quantum-Resistant Public Key Infrastructure , 2017, IACR Cryptol. ePrint Arch..

[3]  Oded Goldreich,et al.  On the power of cascade ciphers , 1985, TOCS.

[4]  Moni Naor,et al.  On Robust Combiners for Oblivious Transfer and Other Primitives , 2005, EUROCRYPT.

[5]  Mark Zhandry,et al.  Quantum-Secure Message Authentication Codes , 2013, IACR Cryptol. ePrint Arch..

[6]  Christina Brzuska On the foundations of key exchange , 2013 .

[7]  Hugo Krawczyk,et al.  Keying Hash Functions for Message Authentication , 1996, CRYPTO.

[8]  Alexander W. Dent,et al.  A Designer's Guide to KEMs , 2003, IMACC.

[9]  Mihir Bellare,et al.  New Proofs for NMAC and HMAC: Security without Collision Resistance , 2006, Journal of Cryptology.

[10]  Mark Zhandry,et al.  Secure Signatures and Chosen Ciphertext Security in a Quantum Computing World , 2013, CRYPTO.

[11]  Marc Fischlin,et al.  Composability of bellare-rogaway key exchange protocols , 2011, CCS '11.

[12]  Larry Carter,et al.  New Hash Functions and Their Use in Authentication and Set Equality , 1981, J. Comput. Syst. Sci..

[13]  Hugo Krawczyk,et al.  SIGMA: The 'SIGn-and-MAc' Approach to Authenticated Diffie-Hellman and Its Use in the IKE-Protocols , 2003, CRYPTO.

[14]  Sean Turner,et al.  Transport Layer Security , 2014, IEEE Internet Computing.

[15]  Thierry Paul,et al.  Quantum computation and quantum information , 2007, Mathematical Structures in Computer Science.

[16]  Mihir Bellare,et al.  Optimal Asymmetric Encryption , 1994, EUROCRYPT.

[17]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.3 , 2018, RFC.

[18]  Christian Paquin,et al.  Prototyping post-quantum and hybrid key exchange and authentication in TLS and SSH , 2019, IACR Cryptol. ePrint Arch..

[19]  Mark Zhandry,et al.  How to Construct Quantum Random Functions , 2012, 2012 IEEE 53rd Annual Symposium on Foundations of Computer Science.

[20]  Mark Zhandry,et al.  Random Oracles in a Quantum World , 2010, ASIACRYPT.

[21]  Eike Kiltz,et al.  A Modular Analysis of the Fujisaki-Okamoto Transformation , 2017, TCC.

[22]  Marc Fischlin,et al.  Breakdown Resilience of Key Exchange Protocols: NewHope, TLS 1.3, and Hybrids , 2019, ESORICS.

[23]  Franziskus Kiefer,et al.  Hybrid ECDHE-SIDH Key Exchange for TLS , 2018 .

[24]  Bertram Poettering,et al.  KEM Combiners , 2018, IACR Cryptol. ePrint Arch..

[25]  Tommaso Gagliardoni,et al.  Unforgeable Quantum Encryption , 2017, IACR Cryptol. ePrint Arch..

[26]  Shay Gueron,et al.  Design issues for hybrid key exchange in TLS 1.3 , 2000 .

[27]  Erdem Alkim,et al.  Post-quantum Key Exchange - A New Hope , 2016, USENIX Security Symposium.

[28]  Craig Costello,et al.  Frodo: Take off the Ring! Practical, Quantum-Secure Key Exchange from LWE , 2016, IACR Cryptol. ePrint Arch..

[29]  Jonathan Katz,et al.  Aggregate Message Authentication Codes , 1995 .

[30]  Tibor Jager,et al.  On the Security of TLS-DHE in the Standard Model , 2012, CRYPTO.

[31]  Jonathan Katz,et al.  Scalable Protocols for Authenticated Group Key Exchange , 2003, Journal of Cryptology.

[32]  Fernando Virdia,et al.  Estimate all the {LWE, NTRU} schemes! , 2018, IACR Cryptol. ePrint Arch..

[33]  Mihir Bellare,et al.  Entity Authentication and Key Distribution , 1993, CRYPTO.

[34]  Mihir Bellare,et al.  The Power of Verification Queries in Message Authentication and Authenticated Encryption , 2004, IACR Cryptol. ePrint Arch..

[35]  Jonathan Katz,et al.  Chosen-Ciphertext Security of Multiple Encryption , 2005, TCC.

[36]  Kenneth G. Paterson,et al.  Efficient One-Round Key Exchange in the Standard Model , 2008, ACISP.

[37]  Oscar Garcia-Morchon,et al.  Quantum-Safe Hybrid (QSH) Key Exchange for Transport Layer Security (TLS) version 1.3 , 2017 .

[38]  Mihir Bellare,et al.  Symmetric and Dual PRFs from Standard Assumptions: A Generic Validation of an HMAC Assumption , 2015, IACR Cryptol. ePrint Arch..

[39]  Douglas Stebila,et al.  A Transport Layer Security (TLS) Extension For Establishing An Additional Shared Secret , 2017 .

[40]  Junji Shikata,et al.  On the Security of Multiple Encryption or CCA-security+CCA-security=CCA-security? , 2004, Public Key Cryptography.

[41]  Marc Fischlin,et al.  Breakdown Resilience of Key Exchange Protocols and the Cases of NewHope and TLS 1.3 , 2017, IACR Cryptol. ePrint Arch..

[42]  Zheng Yang,et al.  New Modular Compilers for Authenticated Key Exchange , 2014, ACNS.

[43]  Shay Gueron,et al.  Continuous Key Agreement with Reduced Bandwidth , 2019, IACR Cryptol. ePrint Arch..

[44]  Hugo Krawczyk,et al.  A modular approach to the design and analysis of authentication and key exchange protocols (extended abstract) , 1998, STOC '98.

[45]  Dominique Unruh,et al.  Post-Quantum Security of the Fujisaki-Okamoto and OAEP Transforms , 2016, TCC.

[46]  Tatsuaki Okamoto,et al.  Secure Integration of Asymmetric and Symmetric Encryption Schemes , 1999, Journal of Cryptology.

[47]  Paul Hoffman The Transition from Classical to Post-Quantum Cryptography , 2019 .

[48]  Bogdan Warinschi,et al.  Generic Forward-Secure Key Agreement Without Signatures , 2017, ISC.

[49]  Gilles Brassard,et al.  Strengths and Weaknesses of Quantum Computing , 1997, SIAM J. Comput..

[50]  Craig Costello,et al.  Post-Quantum Key Exchange for the TLS Protocol from the Ring Learning with Errors Problem , 2015, 2015 IEEE Symposium on Security and Privacy.