Anonymous, Robust Post-quantum Public Key Encryption

We provide the first mechanized post-quantum sound security protocol proofs. We achieve this by developing PQ-BC, a computational first-order logic that is sound with respect to quantum attackers, and corresponding mechanization support in the form of the PQ-Squirrel prover.Our work builds on the classical BC logic [7] and its mechanization in the Squirrel [5] prover. Our development of PQ-BC requires making the BC logic sound for a single interactive quantum attacker. We implement the PQ-Squirrel prover by modifying Squirrel, relying on the soundness results of PQ-BC and enforcing a set of syntactic conditions; additionally, we provide new tactics for the logic that extend the tool's scope.Using PQ-Squirrel, we perform several case studies, thereby giving the first mechanical proofs of their computational post-quantum security. These include two generic constructions of KEM based key exchange, two sub-protocols from IKEv1 and IKEv2, and a proposed post-quantum variant of Signal's X3DH protocol. Additionally, we use PQ-Squirrel to prove that several classical Squirrel case studies are already post-quantum sound.

show abstract

“…Out of these assumptions, the most debatable w.r.t. instantiability is likely ENC-KP, as discussed recently in [40].…”

Section: Cryptographic Assumptions In Pq-bcmentioning

confidence: 88%

A Logic and an Interactive Prover for the Computational Post-Quantum Security of Protocols

Cremers

Fontaine

Jacomme

2022

2022 IEEE Symposium on Security and Privacy (SP)

View full text Add to dashboard Cite

show abstract

“…The KEMTLS-PDK protocol [47], in reducing roundtrips, sends the KEM encapsulation against the server's static key in cleartext. Unless an anonymous KEM [4,27,40] is deployed, this value might leak information about the server's identity.…”

Section: Discussionmentioning

confidence: 99%

KEMTLS with Delayed Forward Identity Protection in (Almost) a Single Round Trip

Günther¹,

Towa²

2022

Applied Cryptography and Network Security

View full text Add to dashboard Cite

The recent KEMTLS protocol (Schwabe, Stebila and Wiggers, CCS'20) is a promising design for a quantum-safe TLS handshake protocol. Focused on the web setting, wherein clients learn server publickey certificates only during connection establishment, a drawback of KEMTLS compared to TLS 1.3 is that it introduces an additional round trip before the server can send data, and an extra one for the client as well in the case of mutual authentication. In many scenarios, including IoT and embedded settings, client devices may however have the targeted server certificate pre-loaded, so that such performance penalty seems unnecessarily restrictive. This work proposes a variant of KEMTLS tailored to such scenarios. Our protocol leverages the fact that clients know the server public keys in advance to decrease handshake latency while protecting client identities. It combines medium-lived with long-term server public keys to enable a delayed form of forward secrecy even from the first data flow on, and full forward secrecy upon the first round trip. The new protocol is proved to achieve strong security guarantees, based on the security of the underlying building blocks, in a new model for multi-stage key exchange with medium-lived keys.

show abstract

“…In addition to these security definitions, there are additional security properties that have been discussed in the literature (see, for example, [171,172]). While not required for submission, such properties may be desirable.…”

Section: Ind-cpa Ind-cca2 and Euf-cma Securitymentioning

confidence: 99%

Status report on the third round of the NIST Post-Quantum Cryptography Standardization process

Moody¹

2022

127

View full text Add to dashboard Cite

The National Institute of Standards and Technology is in the process of selecting public-key cryptographic algorithms through a public, competition-like process. The new public-key cryptography standards will specify additional digital signature, public-key encryption, and key-establishment algorithms to augment Federal Information Processing Standard (FIPS) 186-4, Digital Signature Standard (DSS), as well as NIST Special Publication (SP) 800-56A Revision 3, Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography, and SP 800-56B Revision 2, Recommendation for Pair-Wise Key Establishment Using Integer Factorization Cryptography. It is intended that these algorithms will be capable of protecting sensitive information well into the foreseeable future, including after the advent of quantum computers. The first round of the NIST Post-Quantum Cryptography Standardization Process began in December 2017 with 69 candidate algorithms that met both the minimum acceptance criteria and submission requirements. The first round lasted until January 2019, during which candidate algorithms were evaluated based on their security, performance, and other characteristics. NIST selected 26 algorithms to advance to the second round for more analysis. The second round continued until July 2020, after which seven 'finalist' and eight 'alternate' candidate algorithms were selected to move into the third round. This report describes the evaluation and selection process, based on public feedback and internal review, of the third-round candidates. The report summarizes each of the 15 third-round candidate algorithms and identifies those selected for standardization, as well as those that will continue to be evaluated in a fourth round of analysis. The public-key encryption and key-establishment algorithm that will be standardized is CRYSTALS-Kyber. The digital signatures that will be standardized are CRYSTALS-Dilithium, Falcon, and SPHINCS+. While there are multiple signature algorithms selected, NIST recommends CRYSTALS-Dilithium as the primary algorithm to be implemented. In addition, four of the alternate key-establishment candidate algorithms will advance to a fourth round of evaluation: BIKE, Classic McEliece, HQC, and SIKE. These candidates are still being considered for future standardization. NIST will also issue a new Call for Proposals for public-key digital signature algorithms to augment and diversify its signature portfolio.

show abstract

Anonymous, Robust Post-quantum Public Key Encryption

Cited by 17 publications

References 32 publications

A Logic and an Interactive Prover for the Computational Post-Quantum Security of Protocols

A Logic and an Interactive Prover for the Computational Post-Quantum Security of Protocols

KEMTLS with Delayed Forward Identity Protection in (Almost) a Single Round Trip

Status report on the third round of the NIST Post-Quantum Cryptography Standardization process

Contact Info

Product

Resources

About