Article

Post-Quantum Key Exchange for the TLS Protocol from the Ring Learning with Errors Problem

Authors:

Joppe W. Bos,

Craig Costello,

Michael Naehrig,

Douglas StebilaAuthors Info & Claims

SP '15: Proceedings of the 2015 IEEE Symposium on Security and Privacy

Pages 553 - 570

https://doi.org/10.1109/SP.2015.40

Published: 17 May 2015 Publication History

Abstract

Lattice-based cryptographic primitives are believed to offer resilience against attacks by quantum computers. We demonstrate the practicality of post-quantum key exchange by constructing cipher suites for the Transport Layer Security (TLS) protocol that provide key exchange based on the ring learning with errors (R-LWE) problem, we accompany these cipher suites with a rigorous proof of security. Our approach ties lattice-based key exchange together with traditional authentication using RSA or elliptic curve digital signatures: the post-quantum key exchange provides forward secrecy against future quantum attackers, while authentication can be provided using RSA keys that are issued by today's commercial certificate authorities, smoothing the path to adoption. Our cryptographically secure implementation, aimed at the 128-bit security level, reveals that the performance price when switching from non-quantum-safe key exchange is not too high. With our R-LWE cipher suites integrated into the Open SSL library and using the Apache web server on a 2-core desktop computer, we could serve 506 RLWE-ECDSA-AES128-GCM-SHA256 HTTPS connections per second for a 10 KiB payload. Compared to elliptic curve Diffie-Hellman, this means an 8 KiB increased handshake size and a reduction in throughput of only 21%. This demonstrates that provably secure post-quantum key-exchange can already be considered practical.

Cited By

View all

Du SLi JSun CXiao PHong QZhang J(2024)Analog In-memory Circuit Design of Polynomial Multiplication for Lattice Cipher Acceleration ApplicationACM Transactions on Embedded Computing Systems10.1145/360589123:6(1-24)Online publication date: 11-Sep-2024
https://dl.acm.org/doi/10.1145/3605891
Katz JRosenberg M(2024)LATKE: A Framework for Constructing Identity-Binding PAKEsAdvances in Cryptology – CRYPTO 202410.1007/978-3-031-68379-4_7(218-250)Online publication date: 18-Aug-2024
https://dl.acm.org/doi/10.1007/978-3-031-68379-4_7
Wang HLi YWang L(2022)Post-Quantum Secure Password-Authenticated Key Exchange Based on OuroborosSecurity and Communication Networks10.1155/2022/92574432022Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.1155/2022/9257443
Show More Cited By

Post-Quantum Key Exchange for the TLS Protocol from the Ring Learning with Errors Problem

Recommendations

A Practical Post-Quantum Public-Key Cryptosystem Based on $$\textsf {spLWE}$$
ICISC 2016: Proceedings of the 19th International Conference on Information Security and Cryptology - Volume 10157

The Learning with Errors $$\textsf {LWE}$$ problem has been widely used as a hardness assumption to construct public-key primitives. In this paper, we propose an efficient instantiation of a PKE scheme based on LWE with a sparse secret, named as $$\...
Practical and post-quantum authenticated key exchange from one-way secure key encapsulation mechanism
ASIA CCS '13: Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security

This paper discusses how to realize practical post-quantum authenticated key exchange (AKE) with strong security, i.e., CK⁺ security (Krawczyk, CRYPTO 2005). It is known that strongly secure post-quantum AKE protocols exist on a generic construction ...
Post-quantum Asynchronous Deniable Key Exchange and the Signal Handshake
Public-Key Cryptography – PKC 2022
Abstract
The key exchange protocol that establishes initial shared secrets in the handshake of the Signal end-to-end encrypted messaging protocol has several important characteristics: (1) it runs asynchronously (without both parties needing to be ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

SP '15: Proceedings of the 2015 IEEE Symposium on Security and Privacy

May 2015

923 pages

ISBN:9781467369497

Publisher

IEEE Computer Society

United States

Publication History

Published: 17 May 2015

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

37
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 28 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Du SLi JSun CXiao PHong QZhang J(2024)Analog In-memory Circuit Design of Polynomial Multiplication for Lattice Cipher Acceleration ApplicationACM Transactions on Embedded Computing Systems10.1145/360589123:6(1-24)Online publication date: 11-Sep-2024
https://dl.acm.org/doi/10.1145/3605891
Katz JRosenberg M(2024)LATKE: A Framework for Constructing Identity-Binding PAKEsAdvances in Cryptology – CRYPTO 202410.1007/978-3-031-68379-4_7(218-250)Online publication date: 18-Aug-2024
https://dl.acm.org/doi/10.1007/978-3-031-68379-4_7
Wang HLi YWang L(2022)Post-Quantum Secure Password-Authenticated Key Exchange Based on OuroborosSecurity and Communication Networks10.1155/2022/92574432022Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.1155/2022/9257443
Jia WXue GWang BHu Y(2022)Module-LWE-Based Key Exchange Protocol Using Error Reconciliation MechanismSecurity and Communication Networks10.1155/2022/82992322022Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.1155/2022/8299232
Devadas SLangowski SSamardzic NServan-Schreiber SSanchez DYin HStavrou ACremers CShi E(2022)Designing Hardware for Cryptography and Cryptography for HardwareProceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security10.1145/3548606.3559393(1-4)Online publication date: 7-Nov-2022
https://dl.acm.org/doi/10.1145/3548606.3559393
Marzougui SWisiol NGersch PKrämer JSeifert J(2022)Machine-Learning Side-Channel Attacks on the GALACTICS Constant-Time Implementation of BLISSProceedings of the 17th International Conference on Availability, Reliability and Security10.1145/3538969.3538980(1-11)Online publication date: 23-Aug-2022
https://dl.acm.org/doi/10.1145/3538969.3538980
Paul SKuzovkova YLahr NNiederhagen RSuga YSakurai KDing XSako K(2022)Mixed Certificate Chains for the Transition to Post-Quantum Authentication in TLS 1.3Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security10.1145/3488932.3497755(727-740)Online publication date: 30-May-2022
https://dl.acm.org/doi/10.1145/3488932.3497755
Mera JKarmakar AMarc TSoleimanian A(2022)Efficient Lattice-Based Inner-Product Functional EncryptionPublic-Key Cryptography – PKC 202210.1007/978-3-030-97131-1_6(163-193)Online publication date: 8-Mar-2022
https://dl.acm.org/doi/10.1007/978-3-030-97131-1_6
Ravi PHowe JChattopadhyay ABhasin S(2021)Lattice-based Key-sharing SchemesACM Computing Surveys10.1145/342217854:1(1-39)Online publication date: 2-Jan-2021
https://dl.acm.org/doi/10.1145/3422178
Zhou YWang L(2020)A Lattice-Based Authentication Scheme for Roaming Service in Ubiquitous Networks with AnonymitySecurity and Communication Networks10.1155/2020/26379162020Online publication date: 1-Jan-2020
https://dl.acm.org/doi/10.1155/2020/2637916
Show More Cited By

Abstract

Cited By

Recommendations

A Practical Post-Quantum Public-Key Cryptosystem Based on $$\textsf {spLWE}$$

Practical and post-quantum authenticated key exchange from one-way secure key encapsulation mechanism

Post-quantum Asynchronous Deniable Key Exchange and the Signal Handshake

Comments

Information

Published In

Publisher

Publication History

Author Tags

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations