research-article

Open access

Post-Quantum TLS Without Handshake Signatures

Authors:

Douglas Stebila, and

Thom WiggersAuthors Info & Claims

CCS '20: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security

October 2020

Pages 1461 - 1480

https://doi.org/10.1145/3372297.3423350

Published: 02 November 2020 Publication History

Abstract

We present KEMTLS, an alternative to the TLS 1.3 handshake that uses key-encapsulation mechanisms (KEMs) instead of signatures for server authentication. Among existing post-quantum candidates, signature schemes generally have larger public key/signature sizes compared to the public key/ciphertext sizes of KEMs: by using an IND-CCA-secure KEM for server authentication in post-quantum TLS, we obtain multiple benefits. A size-optimized post-quantum instantiation of KEMTLS requires less than half the bandwidth of a size-optimized post-quantum instantiation of TLS 1.3. In a speed-optimized instantiation, KEMTLS reduces the amount of server CPU cycles by almost 90% compared to TLS 1.3, while at the same time reducing communication size, reducing the time until the client can start sending encrypted application data, and eliminating code for signatures from the server's trusted code base.

Supplementary Material

MOV File (Copy of CCS2020_fpe253_ThomWiggers - Pat Weeden.mov)

Presentation video

Download
631.96 MB

References

[1]

David Adrian, Karthikeyan Bhargavan, Zakir Durumeric, Pierrick Gaudry, Matthew Green, J. Alex Halderman, Nadia Heninger, Drew Springall, Emmanuel Thomé, Luke Valenta, Benjamin VanderSloot, Eric Wustrow, Santiago Zanella-Béguelin, and Paul Zimmermann. 2015. Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice. In ACM CCS 2015, Indrajit Ray, Ninghui Li, and Christopher Kruegel (Eds.). ACM Press, 5--17. https://doi.org/10.1145/2810103.2813707

Digital Library

[2]

Erdem Alkim, Léo Ducas, Thomas Pöppelmann, and Peter Schwabe. 2016. Post-quantum Key Exchange - A New Hope. In USENIX Security 2016, Thorsten Holz and Stefan Savage (Eds.). USENIX Association, 327--343.

[3]

Nicolas Aragon, Paulo Barreto, Slim Bettaieb, Loic Bidoux, Olivier Blazy, Jean-Christophe Deneuville, Phillipe Gaborit, Shay Gueron, Tim Guneysu, Carlos Aguilar Melchor, Rafael Misoczki, Edoardo Persichetti, Nicolas Sendrier, Jean-Pierre Tillich, Gilles Zémor, and Valentin Vasseur. 2019. BIKE. Technical Report. National Institute of Standards and Technology. available at https://csrc.nist.gov/projects/post-quantum-cryptography/round-2-submissions.

[4]

Mihir Bellare. 2006. New Proofs for NMAC and HMAC: Security without Collision-Resistance. In CRYPTO 2006 (LNCS, Vol. 4117), Cynthia Dwork (Ed.). Springer, Heidelberg, 602--619. https://doi.org/10.1007/11818175_36

Digital Library

[5]

Mihir Bellare, Ran Canetti, and Hugo Krawczyk. 1998. A Modular Approach to the Design and Analysis of Authentication and Key Exchange Protocols (Extended Abstract). In 30th ACM STOC. ACM Press, 419--428. https://doi.org/10.1145/276698.276854

[6]

Mihir Bellare and Phillip Rogaway. 1994. Entity Authentication and Key Distribution. In CRYPTO'93 (LNCS, Vol. 773), Douglas R. Stinson (Ed.). Springer, Heidelberg, 232--249. https://doi.org/10.1007/3--540--48329--2_21

[7]

Naomi Benger, Joop van de Pol, Nigel P. Smart, and Yuval Yarom. 2014. “Ooh Aah... Just a Little Bit”: A Small Amount of Side Channel Can Go a Long Way. In CHES 2014 (LNCS, Vol. 8731), Lejla Batina and Matthew Robshaw (Eds.). Springer, Heidelberg, 75--92. https://doi.org/10.1007/978--3--662--44709--3_5

[8]

Daniel J. Bernstein. 2006. Curve25519: New Diffie-Hellman Speed Records. In PKC 2006 (LNCS, Vol. 3958), Moti Yung, Yevgeniy Dodis, Aggelos Kiayias, and Tal Malkin (Eds.). Springer, Heidelberg, 207--228. https://doi.org/10.1007/11745853_14

Digital Library

[9]

Daniel J. Bernstein. 2019. Re: [pqc-forum] new quantum cryptanalysis of CSIDH. Posting to the NIST pqc-forum mailing list. https://groups.google.com/a/list.nist.gov/forum/#!original/pqc-forum/svm1kDy6c54/0gFOLitbAgAJ.

[10]

Daniel J. Bernstein, Tanja Lange, Chloe Martindale, and Lorenz Panny. 2019. Quantum Circuits for the CSIDH: Optimizing Quantum Evaluation of Isogenies. In EUROCRYPT 2019, Part II (LNCS, Vol. 11477), Yuval Ishai and Vincent Rijmen (Eds.). Springer, Heidelberg, 409--441. https://doi.org/10.1007/978--3-030--17656--3_15

Digital Library

[11]

Karthikeyan Bhargavan, Christina Brzuska, Cédric Fournet, Matthew Green, Markulf Kohlweiss, and Santiago Zanella-Béguelin. 2016. Downgrade Resilience in Key-Exchange Protocols. In 2016 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, 506--525. https://doi.org/10.1109/SP.2016.37

[12]

Jean-Franc cois Biasse, Annamaria Iezzi, and Michael J. Jacobson Jr. 2018. A Note on the Security of CSIDH. In INDOCRYPT 2018 (LNCS, Vol. 11356), Debrup Chakraborty and Tetsu Iwata (Eds.). Springer, Heidelberg, 153--168. https://doi.org/10.1007/978--3-030-05378--9_9

[13]

Eric W. Biederman and Nicolas Dichtel. 2013. https://man7.org/linux/man-pages/man8/ip-netns.8.html textttman ip netns.

[14]

Nina Bindel, Jacqueline Brendel, Marc Fischlin, Brian Goncalves, and Douglas Stebila. 2019. Hybrid Key Encapsulation Mechanisms and Authenticated Key Exchange. In Post-Quantum Cryptography - 10th International Conference, PQCrypto 2019, Jintai Ding and Rainer Steinwandt (Eds.). Springer, Heidelberg, 206--226. https://doi.org/10.1007/978--3-030--25510--7_12

[15]

Joseph Birr-Pixton. [n.d.]. A modern TLS library in Rust. https://github.com/ctz/rustls (accessed 2020-04--23).

[16]

Joseph Birr-Pixton. 2019. TLS performance: rustls versus OpenSSL. https://jbp.io/2019/07/01/rustls-vs-openssl-performance.html

[17]

Ethan Blanton, Vern Paxson, and Mark Allman. 2009. TCP Congestion Control. RFC 5681. https://doi.org/10.17487/RFC5681

[18]

Xavier Bonnetain and André Schrottenloher. 2020. Quantum Security Analysis of CSIDH. In Advances in Cryptology -- EUROCRYPT 2020 (LNCS, Vol. 12106), Anne Canteaut and Yuval Ishai (Eds.). Springer, 493--522. https://eprint.iacr.org/2018/537.

[19]

Joppe Bos, Léo Ducas, Eike Kiltz, Tancrède Lepoint, Vadim Lyubashevsky, John M. Schanck, Peter Schwabe, and Damien Stehlé. 2018. CRYSTALS -- Kyber: a CCA-secure module-lattice-based KEM. In 2018 IEEE European Symposium on Security and Privacy, EuroS&P 2018. IEEE, 353--367. https://cryptojedi.org/papers/#kyber.

[20]

Joppe W. Bos, Craig Costello, Michael Naehrig, and Douglas Stebila. 2015. Post-Quantum Key Exchange for the TLS Protocol from the Ring Learning with Errors Problem. In 2015 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, 553--570. https://doi.org/10.1109/SP.2015.40

Digital Library

[21]

Colin Boyd, Yvonne Cliff, Juan Manuel Gonzalez Nieto, and Kenneth G. Paterson. 2009. One-round key exchange in the standard model. IJACT, Vol. 1 (2009), 181--199. Issue 3.

[22]

Robert T. Braden. 1989. Requirements for Internet Hosts - Communication Layers. RFC 1122. https://doi.org/10.17487/RFC1122

[23]

Billy Bob Brumley and Nicola Tuveri. 2011. Remote Timing Attacks Are Still Practical. In ESORICS 2011 (LNCS, Vol. 6879), Vijay Atluri and Claudia D'iaz (Eds.). Springer, Heidelberg, 355--371. https://doi.org/10.1007/978--3--642--23822--2_20

[24]

Christina Brzuska. 2013. On the foundations of key exchange. Ph.D. Dissertation. Technische Universität Darmstadt, Darmstadt, Germany. https://tuprints.ulb.tu-darmstadt.de/3414/.

[25]

Christina Brzuska, Marc Fischlin, Bogdan Warinschi, and Stephen C. Williams. 2011. Composability of Bellare-Rogaway key exchange protocols. In ACM CCS 2011, Yan Chen, George Danezis, and Vitaly Shmatikov (Eds.). ACM Press, 51--62. https://doi.org/10.1145/2046707.2046716

[26]

A. Casanova, J.-C. Faugère, G. Macario-Rat, J. Patarin, L. Perret, and J. Ryckeghem. 2019. GeMSS. Technical Report. National Institute of Standards and Technology. available at https://csrc.nist.gov/projects/post-quantum-cryptography/round-2-submissions.

[27]

Wouter Castryck, Tanja Lange, Chloe Martindale, Lorenz Panny, and Joost Renes. 2018. CSIDH: An Efficient Post-Quantum Commutative Group Action. In ASIACRYPT 2018, Part III (LNCS, Vol. 11274), Thomas Peyrin and Steven Galbraith (Eds.). Springer, Heidelberg, 395--427. https://doi.org/10.1007/978--3-030-03332--3_15

[28]

Shan Chen, Samuel Jero, Matthew Jagielski, Alexandra Boldyreva, and Cristina Nita-Rotaru. 2019. Secure Communication Channel Establishment: TLS 1.3 (over TCP Fast Open) vs. QUIC. In ESORICS 2019, Part I (LNCS, Vol. 11735), Kazue Sako, Steve Schneider, and Peter Y. A. Ryan (Eds.). Springer, Heidelberg, 404--426. https://doi.org/10.1007/978--3-030--29959-0_20

[29]

Yuchung Cheng, Jerry Chu, Sivasankar Radhakrishnan, and Arvind Jain. 2014. TCP Fast Open. RFC 7413. https://doi.org/10.17487/RFC7413

[30]

David Cooper, Daniel Apon, Quynh Dang, Michael Davidson, Morris Dworkin, and Carl Miller. 2019. SP 800--208 (Draft) -- Recommendation for Stateful Hash-Based Signature Schemes. Technical Report. NIST. https://csrc.nist.gov/publications/detail/sp/800--208/draft.

[31]

Eric Crockett, Christian Paquin, and Douglas Stebila. 2019. Prototyping post-quantum and hybrid key exchange and authentication in TLS and SSH. Workshop Record of the Second PQC Standardization Conference. https://csrc.nist.gov/CSRC/media/Events/Second-PQC-Standardization-Conference/documents/accepted-papers/stebila-prototyping-post-quantum.pdf.

[32]

Mario Di Raimondo, Rosario Gennaro, and Hugo Krawczyk. 2006. Deniable authentication and key exchange. In ACM CCS 2006, Ari Juels, Rebecca N. Wright, and Sabrina De Capitani di Vimercati (Eds.). ACM Press, 400--409. https://doi.org/10.1145/1180405.1180454

Digital Library

[33]

Denis Diemert and Tibor Jager. 2020. On the Tight Security of TLS 1.3: Theoretically-Sound Cryptographic Parameters for Real-World Deployments. Journal of Cryptology (2020). https://eprint.iacr.org/2020/726 To appear.

[34]

Jintai Ding, Ming-Shing Chen, Albrecht Petzoldt, Dieter Schmidt, and Bo-Yin Yang. 2019. Rainbow. Technical Report. National Institute of Standards and Technology. available at https://csrc.nist.gov/projects/post-quantum-cryptography/round-2-submissions.

[35]

Yevgeniy Dodis, Jonathan Katz, Adam Smith, and Shabsi Walfish. 2009. Composability and On-Line Deniability of Authentication. In TCC 2009 (LNCS, Vol. 5444), Omer Reingold (Ed.). Springer, Heidelberg, 146--162. https://doi.org/10.1007/978--3--642-00457--5_10

[36]

Jason A. Donenfeld. 2017. WireGuard: Next Generation Kernel Network Tunnel. In NDSS 2017. The Internet Society.

[37]

Benjamin Dowling, Marc Fischlin, Felix Günther, and Douglas Stebila. 2015. A Cryptographic Analysis of the TLS 1.3 Handshake Protocol Candidates. In ACM CCS 2015, Indrajit Ray, Ninghui Li, and Christopher Kruegel (Eds.). ACM Press, 1197--1210. https://doi.org/10.1145/2810103.2813653

Digital Library

[38]

Benjamin Dowling, Marc Fischlin, Felix Günther, and Douglas Stebila. 2016. A Cryptographic Analysis of the TLS 1.3 draft-10 Full and Pre-shared Key Handshake Protocol. Cryptology ePrint Archive, Report 2016/081. http://eprint.iacr.org/2016/081.

[39]

Benjamin Dowling and Douglas Stebila. 2015. Modelling Ciphersuite and Version Negotiation in the TLS Protocol. In ACISP 15 (LNCS, Vol. 9144), Ernest Foo and Douglas Stebila (Eds.). Springer, Heidelberg, 270--288. https://doi.org/10.1007/978--3--319--19962--7_16

[40]

Marc Fischlin and Felix Günther. 2014. Multi-Stage Key Exchange and the Case of Google's QUIC Protocol. In ACM CCS 2014, Gail-Joon Ahn, Moti Yung, and Ninghui Li (Eds.). ACM Press, 1193--1204. https://doi.org/10.1145/2660267.2660308

Digital Library

[41]

Scott Fluhrer. 2016. Cryptanalysis of ring-LWE based key exchange with key share reuse. Cryptology ePrint Archive, Report 2016/085. https://eprint.iacr.org/2016/085.

[42]

National Institute for Standards and Technology. 2016. Submission Requirements and Evaluation Criteria for the Post-Quantum Cryptography Standardization Process. https://csrc.nist.gov/CSRC/media/Projects/Post-Quantum-Cryptography/documents/call-for-proposals-final-dec-2016.pdf.

[43]

Atsushi Fujioka, Koutarou Suzuki, Keita Xagawa, and Kazuki Yoneyama. 2012. Strongly Secure Authenticated Key Exchange from Factoring, Codes, and Lattices. In PKC 2012 (LNCS, Vol. 7293), Marc Fischlin, Johannes Buchmann, and Mark Manulis (Eds.). Springer, Heidelberg, 467--484. https://doi.org/10.1007/978--3--642--30057--8_28

Digital Library

[44]

Eiichiro Fujisaki and Tatsuaki Okamoto. 1999. Secure Integration of Asymmetric and Symmetric Encryption Schemes. In CRYPTO'99 (LNCS, Vol. 1666), Michael J. Wiener (Ed.). Springer, Heidelberg, 537--554. https://doi.org/10.1007/3--540--48405--1_34

[45]

Steven D. Galbraith, Christophe Petit, Barak Shani, and Yan Bo Ti. 2016. On the Security of Supersingular Isogeny Cryptosystems. In ASIACRYPT 2016, Part I (LNCS, Vol. 10031), Jung Hee Cheon and Tsuyoshi Takagi (Eds.). Springer, Heidelberg, 63--91. https://doi.org/10.1007/978--3--662--53887--6_3

[46]

Xinwei Gao, Jintai Ding, Lin Li, Saraswathy RV, and Jiqiang Liu. 2018. Efficient Implementation of Password-based Authenticated Key Exchange from RLWE and Post-Quantum TLS. Int. J. Netw. Secur., Vol. 20, 5 (2018), 923--930.

[47]

Cesar Pereida Garc'ia, Billy Bob Brumley, and Yuval Yarom. 2016. “Make Sure DSA Signing Exponentiations Really are Constant-Time”. In ACM CCS 2016, Edgar R. Weippl, Stefan Katzenbeisser, Christopher Kruegel, Andrew C. Myers, and Shai Halevi (Eds.). ACM Press, 1639--1650. https://doi.org/10.1145/2976749.2978420

[48]

Google. [n.d.]. BoringSSL. https://boringssl.googlesource.com/boringssl/

[49]

Felix Günther. 2018. Modeling Advanced Security Aspects of Key Exchange and Secure Channel Protocols. Ph.D. Dissertation. Technische Universität Darmstadt, Darmstadt, Germany. https://tuprints.ulb.tu-darmstadt.de/7162

[50]

Stephen Hemminger, Fabio Ludovici, and Hagen Paul Pfeiffer. 2011. https://man7.org/linux/man-pages/man8/tc-netem.8.html textttman ip netem.

[51]

Paul E. Hoffman. 2002. SMTP Service Extension for Secure SMTP over Transport Layer Security. IETF RFC 3207. https://rfc-editor.org/rfc/rfc3207.txt.

[52]

Dennis Hofheinz, Kathrin Hövelmanns, and Eike Kiltz. 2017. A Modular Analysis of the Fujisaki-Okamoto Transformation. In TCC 2017, Part I (LNCS, Vol. 10677), Yael Kalai and Leonid Reyzin (Eds.). Springer, Heidelberg, 341--371. https://doi.org/10.1007/978--3--319--70500--2_12

Digital Library

[53]

Andreas Hülsing, Joost Rijneveld, John M. Schanck, and Peter Schwabe. 2017a. High-Speed Key Encapsulation from NTRU. In CHES 2017 (LNCS, Vol. 10529), Wieland Fischer and Naofumi Homma (Eds.). Springer, Heidelberg, 232--252. https://doi.org/10.1007/978--3--319--66787--4_12

[54]

Andreas Hülsing, Joost Rijneveld, John M. Schanck, and Peter Schwabe. 2017b. NTRU-KEM-HRSS17: Algorithm Specification and Supporting Documentation. Submission to the NIST Post-Quantum Cryptography Standardization Project. https://cryptojedi.org/papers/#ntrukemnist.

[55]

Andreas Hülsing, Denis Butin, Stefan-Lukas Gazdag, Joost Rijneveld, and Aziz Mohaisen. 2018. XMSS: eXtended Merkle Signature Scheme. IETF RFC 8391. https://rfc-editor.org/rfc/rfc8391.txt.

[56]

Andreas Hülsing, Kai-Chun Ning, Peter Schwabe, Florian Weber, and Philip R. Zimmermann. 2021 (to appear). Post-quantum WireGuard. In 2021 IEEE Symposium on Security and Privacy". IEEE Computer Society Press. http://eprint.iacr.org/2020/379.

[57]

Jana Iyengar and Martin Thomson. 2020. QUIC: A UDP-Based Multiplexed and Secure Transport. Internet-Draft draft-ietf-quic-transport-29. Internet Engineering Task Force. https://datatracker.ietf.org/doc/html/draft-ietf-quic-transport-29

[58]

Tibor Jager, Florian Kohlar, Sven Sch"age, and Jörg Schwenk. 2012. On the Security of TLS-DHE in the Standard Model. In CRYPTO 2012 (LNCS, Vol. 7417), Reihaneh Safavi-Naini and Ran Canetti (Eds.). Springer, Heidelberg, 273--293. https://doi.org/10.1007/978--3--642--32009--5_17

[59]

Jan Jancar, Petr Svenda, and Vladimir Sedlacek. 2019. Minerva: Lattice attacks strike again. https://minerva.crocs.fi.muni.cz/ (accessed 2020-04--30).

[60]

David Jao, Reza Azarderakhsh, Matthew Campagna, Craig Costello, Luca De Feo, Basil Hess, Amir Jalali, Brian Koziel, Brian LaMacchia, Patrick Longa, Michael Naehrig, Joost Renes, Vladimir Soukharev, David Urbanik, and Geovandro Pereira. 2019. SIKE. Technical Report. National Institute of Standards and Technology. available at https://csrc.nist.gov/projects/post-quantum-cryptography/round-2-submissions.

[61]

Simon Josefsson. 2006. Storing Certificates in the Domain Name System (DNS). IETF RFC 4398. https://rfc-editor.org/rfc/rfc4398.txt.

[62]

Matthias Kannwischer, Joost Rijneveld, Peter Schwabe, Douglas Stebila, and Thom Wiggers. [n.d.]. PQClean: clean, portable, tested implementations of post-quantum cryptography. https://github.com/pqclean/pqclean

[63]

Charlie Kaufmann, Paul E. Hoffman, Yoav Nir, and Pasi Eronen. 2014. Internet Key Exchange Protocol Version 2 (IKEv2). IETF RFC 7296. https://rfc-editor.org/rfc/rfc7296.txt.

[64]

Franziskus Kiefer and Krzysztof Kwiatkowski. 2018. Hybrid ECDHE-SIDH Key Exchange for TLS. Internet-Draft draft-kiefer-tls-ecdhe-sidh-00. Internet Engineering Task Force. https://datatracker.ietf.org/doc/html/draft-kiefer-tls-ecdhe-sidh-00 Work in Progress.

[65]

Hugo Krawczyk. 1996. SKEME: A Versatile Secure Key Exchange for Internet. In Proceedings of Internet Society Symposium on Network and Distributed Systems Security. IEEE, 114--127. https://www.di-srv.unisa.it/ ads/corso-security/www/CORSO-9900/oracle/skeme.pdf.

[66]

Hugo Krawczyk. 2003. SIGMA: The “SIGn-and-MAc” Approach to Authenticated Diffie-Hellman and Its Use in the IKE Protocols. In CRYPTO 2003 (LNCS, Vol. 2729), Dan Boneh (Ed.). Springer, Heidelberg, 400--425. https://doi.org/10.1007/978--3--540--45146--4_24

[67]

Hugo Krawczyk. 2005 a. HMQV: A High-Performance Secure Diffie-Hellman Protocol. In CRYPTO 2005 (LNCS, Vol. 3621), Victor Shoup (Ed.). Springer, Heidelberg, 546--566. https://doi.org/10.1007/11535218_33

[68]

Hugo Krawczyk. 2005 b. HMQV: A High-Performance Secure Diffie-Hellman Protocol. Cryptology ePrint Archive, Report 2005/176. http://eprint.iacr.org/2005/176.

[69]

Hugo Krawczyk. 2010. Cryptographic Extraction and Key Derivation: The HKDF Scheme. In CRYPTO 2010 (LNCS, Vol. 6223), Tal Rabin (Ed.). Springer, Heidelberg, 631--648. https://doi.org/10.1007/978--3--642--14623--7_34

[70]

Hugo Krawczyk, Kenneth G. Paterson, and Hoeteck Wee. 2013. On the Security of the TLS Protocol: A Systematic Analysis. In CRYPTO 2013, Part I (LNCS, Vol. 8042), Ran Canetti and Juan A. Garay (Eds.). Springer, Heidelberg, 429--448. https://doi.org/10.1007/978--3--642--40041--4_24

[71]

Hugo Krawczyk and Hoeteck Wee. 2017. The OPTLS Protocol and TLS 1.3. In Proc. IEEE European Symposium on Security and Privacy (EuroS&P) 2016. IEEE. https://eprint.iacr.org/2015/978.pdf.

[72]

Wouter Kuhnen. 2018. OPTLS revisited. Master's thesis. Radboud University. https://www.ru.nl/publish/pages/769526/thesis-final.pdf.

[73]

Krzysztof Kwiatkowski, Nick Sullivan, Adam Langley, Dave Levin, and Alan Mislove. 2019. Measuring TLS key exchange with post-quantum KEM. Workshop Record of the Second PQC Standardization Conference. https://csrc.nist.gov/CSRC/media/Events/Second-PQC-Standardization-Conference/documents/accepted-papers/kwiatkowski-measuring-tls.pdf.

[74]

Kris Kwiatkowski and Luke Valenta. 2019. The TLS Post-Quantum Experiment. Post on the Cloudflare blog. https://blog.cloudflare.com/the-tls-post-quantum-experiment/.

[75]

Adam Langley. 2016. CECPQ1 results. Blog post. https://www.imperialviolet.org/2016/11/28/cecpq1.html.

[76]

Adam Langley. 2018. CECPQ2. Blog post. https://www.imperialviolet.org/2018/12/12/cecpq2.html.

[77]

Linux textttman-pages project. [n.d.]. tcp - TCP protocol. https://man7.org/linux/man-pages/man7/tcp.7.html

[78]

Vadim Lyubashevsky, Léo Ducas, Eike Kiltz, Tancrède Lepoint, Peter Schwabe, Gregor Seiler, and Damien Stehlé. 2019. CRYSTALS-DILITHIUM. Technical Report. National Institute of Standards and Technology. available at https://csrc.nist.gov/projects/post-quantum-cryptography/round-2-submissions.

[79]

David McGrew, Panos Kampanakis, Scott Fluhrer, Stefan-Lukas Gazdag, Denis Butin, and Johannes Buchmann. 2016. State Management for Hash-Based Signatures. In Security Standardisation Research (LNCS, Vol. 10074), Lidong Chen, David McGrew, and Chris Mitchell (Eds.). Springer, 244--260. https://eprint.iacr.org/2016/357.pdf.

[80]

Dustin Moody. 2019. The 2nd Round of the NIST PQC Standardization Process -- Opening Remarks. In NIST Second PQC Standardization Conference. https://csrc.nist.gov/Presentations/2019/the-2nd-round-of-the-nist-pqc-standardization-proc

[81]

John Nagle. 1984. Congestion Control in IP/TCP Internetworks. RFC 896. https://doi.org/10.17487/RFC0896

[82]

Chris Newman. 1999. Using TLS with IMAP, POP3 and ACAP. IETF RFC 2595. https://rfc-editor.org/rfc/rfc2595.txt.

[83]

OpenSSL. [n.d.]. OpenSSL: The Open Source toolkit for SSL/TLS. https://www.openssl.org/ (accessed 2020-04--23).

[84]

Christian Paquin, Douglas Stebila, and Goutam Tamvada. 2020. Benchmarking Post-quantum Cryptography in TLS. In Post-Quantum Cryptography - 11th International Conference, PQCrypto 2020, Jintai Ding and Jean-Pierre Tillich (Eds.). Springer, Heidelberg, 72--91. https://doi.org/10.1007/978--3-030--44223--1_5

[85]

Chris Peikert. 2020. He Gives C-Sieves on the CSIDH. In Advances in Cryptology -- EUROCRYPT 2020 (LNCS, Vol. 12106), Anne Canteaut and Yuval Ishai (Eds.). Springer, 463--492. https://eprint.iacr.org/2018/537.

[86]

Trevor Perrin. 2018. Noise Protocol Framework. https://noiseprotocol.org/noise.html (accessed 2020-05-01).

[87]

Trevor Perrin and Moxie Marlinspike. 2016. The Double Ratchet Algorithm. https://signal.org/docs/specifications/doubleratchet/doubleratchet.pdf.

[88]

Thomas Prest, Pierre-Alain Fouque, Jeffrey Hoffstein, Paul Kirchner, Vadim Lyubashevsky, Thomas Pornin, Thomas Ricosset, Gregor Seiler, William Whyte, and Zhenfei Zhang. 2019. FALCON. Technical Report. National Institute of Standards and Technology. available at https://csrc.nist.gov/projects/post-quantum-cryptography/round-2-submissions.

[89]

Eric Rescorla. 2000. HTTP over TLS. IETF RFC 2818. https://rfc-editor.org/rfc/rfc2818.txt.

[90]

Eric Rescorla. 2018. The Transport Layer Security (TLS) Protocol Version 1.3. IETF RFC 8446. https://rfc-editor.org/rfc/rfc8446.txt.

[91]

Eric Rescorla, Kazuho Oku, Nick Sullivan, and Christopher A. Wood. 2020 a. TLS Encrypted Client Hello. Internet-Draft draft-ietf-tls-esni-07. Internet Engineering Task Force. https://datatracker.ietf.org/doc/html/draft-ietf-tls-esni-07 Work in Progress.

[92]

Eric Rescorla and Nick Sullivan. 2018. Semi-Static Diffie-Hellman Key Establishment for TLS 1.3. Internet-Draft. Internet Engineering Task Force. https://tools.ietf.org/html/draft-rescorla-tls13-semistatic-dh-00.

[93]

Eric Rescorla, Nick Sullivan, and Christopher A. Wood. 2020 b. Semi-Static Diffie-Hellman Key Establishment for TLS 1.3. Internet-Draft. Internet Engineering Task Force. https://tools.ietf.org/html/draft-rescorla-tls-semistatic-dh-02.

[94]

R. L. Rivest, A. Shamir, and L. Adleman. 1978. A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM, Vol. 21 (1978), 120--126.

Digital Library

[95]

Stefan Santesson and Hannes Tschofenig. 2016. Transport Layer Security (TLS) Cached Information Extension. IETF RFC 7924. https://rfc-editor.org/rfc/rfc7924.txt.

[96]

Peter Schwabe, Roberto Avanzi, Joppe Bos, Léo Ducas, Eike Kiltz, Tancrède Lepoint, Vadim Lyubashevsky, John M. Schanck, Gregor Seiler, and Damien Stehlé. 2019. CRYSTALS-KYBER. Technical Report. National Institute of Standards and Technology. available at https://csrc.nist.gov/projects/post-quantum-cryptography/round-2-submissions.

[97]

Dimitrios Sikeridis, Panos Kampanakis, and Michael Devetsikiotis. 2020 a. Post-Quantum Authentication in TLS 1.3: A Performance Study. In NDSS 2020. The Internet Society.

[98]

Dimitrios Sikeridis, Panos Kampanakis, and Michael Devetsikiotis. 2020 b. Post-Quantum Authentication in TLS 1.3: A Performance Study. Cryptology ePrint Archive, Report 2020/071. https://eprint.iacr.org/2020/071, updated version of citeNDSS:SikKamDev20.

[99]

Brian Smith. [n.d.] a. Ring. https://github.com/briansmith/ring

[100]

Brian Smith. [n.d.] b. WebPKI. https://github.com/briansmith/webpki

[101]

Fang Song. 2014. A Note on Quantum Security for Post-Quantum Cryptography. In Post-Quantum Cryptography - 6th International Workshop, PQCrypto 2014, Michele Mosca (Ed.). Springer, Heidelberg, 246--265. https://doi.org/10.1007/978--3--319--11659--4_15

[102]

Douglas Stebila and Michele Mosca. 2016. Post-quantum Key Exchange for the Internet and the Open Quantum Safe Project. In SAC 2016 (LNCS, Vol. 10532), Roberto Avanzi and Howard M. Heys (Eds.). Springer, Heidelberg, 14--37. https://doi.org/10.1007/978--3--319--69453--5_2

[103]

Douglas Steblia, Scott Fluhrer, and Shay Gueron. 2020. Hybrid key exchange in TLS 1.3. Internet-Draft draft-ietf-tls-hybrid-design-00. Internet Engineering Task Force. https://datatracker.ietf.org/doc/html/draft-ietf-tls-hybrid-design-00 Work in Progress.

[104]

the Open Quantum Safe project. [n.d.]. Open Quantum Safe. https://openquantumsafe.org

[105]

William Whyte, Zhenfei Zhang, Scott Fluhrer, and Oscar Garcia-Morchon. 2017. Quantum-Safe Hybrid (QSH) Key Exchange for Transport Layer Security (TLS) version 1.3. Internet-Draft draft-whyte-qsh-tls13-06. Internet Engineering Task Force. https://datatracker.ietf.org/doc/html/draft-whyte-qsh-tls13-06 Work in Progress.

[106]

Yuval Yarom, Daniel Genkin, and Nadia Heninger. 2017. CacheBleed: a timing attack on OpenSSL constant-time RSA. Journal of Cryptographic Engineering, Vol. 7, 2 (June 2017), 99--112. https://doi.org/10.1007/s13389-017-0152-y

[107]

Zhenfei Zhang, Cong Chen, Jeffrey Hoffstein, William Whyte, John M. Schanck, Andreas Hulsing, Joost Rijneveld, Peter Schwabe, and Oussama Danba. 2019 a. NTRUEncrypt. Technical Report. National Institute of Standards and Technology. available at https://csrc.nist.gov/projects/post-quantum-cryptography/round-2-submissions.

[108]

Zhengyu Zhang, Puwen Wei, and Haiyang Xue. 2019 b. Tighter Security Proofs for Post-quantum Key Encapsulation Mechanism in the Multi-challenge Setting. In CANS 19 (LNCS, Vol. 11829), Yi Mu, Robert H. Deng, and Xinyi Huang (Eds.). Springer, Heidelberg, 141--160. https://doi.org/10.1007/978--3-030--31578--8_8

Cited By

Giron ASchardong FPerin LCustódio RValle VMateu V(2024)Automated Issuance of Post-Quantum Certificates: A New ChallengeApplied Cryptography and Network Security10.1007/978-3-031-54773-7_1(3-23)Online publication date: 5-Mar-2024
https://dl.acm.org/doi/10.1007/978-3-031-54773-7_1
Lee SSon T(2023)Feasibility Study of Post Quantum Cryptography in TLS 1.3Journal of Digital Contents Society10.9728/dcs.2023.24.1.16724:1(167-175)Online publication date: 31-Jan-2023
https://doi.org/10.9728/dcs.2023.24.1.167
Döberl CEibner WGärtner SKos MKutschera FRamacher S(2023)Quantum-resistant End-to-End Secure Messaging and Email CommunicationProceedings of the 18th International Conference on Availability, Reliability and Security10.1145/3600160.3605049(1-8)Online publication date: 29-Aug-2023
https://dl.acm.org/doi/10.1145/3600160.3605049
Show More Cited By

Index Terms

Post-Quantum TLS Without Handshake Signatures
1. Security and privacy
  1. Network security
    1. Security protocols
    2. Web protocol security

Recommendations

Mixed Certificate Chains for the Transition to Post-Quantum Authentication in TLS 1.3
ASIA CCS '22: Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security

Large-scale quantum computers will be able to efficiently solve the underlying mathematical problems of widely deployed public key cryptosystems in the near future. This threat has sparked increased interest in the field of Post-Quantum Cryptography (...
Read More
Practical and post-quantum authenticated key exchange from one-way secure key encapsulation mechanism
ASIA CCS '13: Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security

This paper discusses how to realize practical post-quantum authenticated key exchange (AKE) with strong security, i.e., CK⁺ security (Krawczyk, CRYPTO 2005). It is known that strongly secure post-quantum AKE protocols exist on a generic construction ...
Read More
Compact Ring Signatures with Post-Quantum Security in Standard Model
Information Security and Cryptology
Abstract
Ring signatures allow a ring member to produce signatures on behalf of all ring users but remain anonymous. At PKC 2022, Chatterjee et al. defined post-quantum ring signatures with post-quantum anonymity and post-quantum blind-unforgeability. ...
Read More

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '20: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security

October 2020

2180 pages

ISBN:9781450370899

DOI:10.1145/3372297

General Chairs:
Jay Ligatti
University of South Florida, USA
,
Xinming Ou
University of South Florida, USA
,
Program Chairs:
Jonathan Katz
University of Maryland, USA
,
Giovanni Vigna
University of California-Santa Barbara, USA

Copyright © 2020 Owner/Author.

This work is licensed under a Creative Commons Attribution International 4.0 License.

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 November 2020

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Conference

CCS '20

Sponsor:

SIGSAC

CCS '20: 2020 ACM SIGSAC Conference on Computer and Communications Security

November 9 - 13, 2020

Virtual Event, USA

Acceptance Rates

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '24

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

43
Total Citations
View Citations
2,490
Total Downloads

Downloads (Last 12 months)789
Downloads (Last 6 weeks)80

Other Metrics

View Author Metrics

Citations

Cited By

Giron ASchardong FPerin LCustódio RValle VMateu V(2024)Automated Issuance of Post-Quantum Certificates: A New ChallengeApplied Cryptography and Network Security10.1007/978-3-031-54773-7_1(3-23)Online publication date: 5-Mar-2024
https://dl.acm.org/doi/10.1007/978-3-031-54773-7_1
Lee SSon T(2023)Feasibility Study of Post Quantum Cryptography in TLS 1.3Journal of Digital Contents Society10.9728/dcs.2023.24.1.16724:1(167-175)Online publication date: 31-Jan-2023
https://doi.org/10.9728/dcs.2023.24.1.167
Döberl CEibner WGärtner SKos MKutschera FRamacher S(2023)Quantum-resistant End-to-End Secure Messaging and Email CommunicationProceedings of the 18th International Conference on Availability, Reliability and Security10.1145/3600160.3605049(1-8)Online publication date: 29-Aug-2023
https://dl.acm.org/doi/10.1145/3600160.3605049
Malina LDobias PHajny JChoo K(2023)On Deploying Quantum-Resistant Cybersecurity in Intelligent InfrastructuresProceedings of the 18th International Conference on Availability, Reliability and Security10.1145/3600160.3605038(1-10)Online publication date: 29-Aug-2023
https://dl.acm.org/doi/10.1145/3600160.3605038
Henrich JHeinemann AStiemerling MSeidl F(2023)Crypto-agile Design and Testbed for QKD-NetworksProceedings of the 2023 European Interdisciplinary Cybersecurity Conference10.1145/3590777.3590806(191-192)Online publication date: 14-Jun-2023
https://dl.acm.org/doi/10.1145/3590777.3590806
Jiang HMa ZZhang Z(2023)Post-quantum Security of Key Encapsulation Mechanism Against CCA Attacks with a Single Decapsulation QueryAdvances in Cryptology – ASIACRYPT 202310.1007/978-981-99-8730-6_14(434-468)Online publication date: 4-Dec-2023
https://dl.acm.org/doi/10.1007/978-981-99-8730-6_14
Lyu YLiu S(2023)Two-Message Authenticated Key Exchange from Public-Key EncryptionComputer Security – ESORICS 202310.1007/978-3-031-50594-2_21(414-434)Online publication date: 25-Sep-2023
https://dl.acm.org/doi/10.1007/978-3-031-50594-2_21
Henrich JHeinemann AWiesmaier ASchmitt N(2023)Performance Impact of PQC KEMs on TLS 1.3 Under Varying Network CharacteristicsInformation Security10.1007/978-3-031-49187-0_14(267-287)Online publication date: 15-Nov-2023
https://dl.acm.org/doi/10.1007/978-3-031-49187-0_14
Giron Ado Nascimento JCustódio RPerin LMateu V(2023)Post-quantum Hybrid KEMTLS Performance in Simulated and Real Network EnvironmentsProgress in Cryptology – LATINCRYPT 202310.1007/978-3-031-44469-2_15(293-312)Online publication date: 3-Oct-2023
https://dl.acm.org/doi/10.1007/978-3-031-44469-2_15
Backendal MBellare MGünther FScarlata M(2023)When Messages Are Keys: Is HMAC a Dual-PRF?Advances in Cryptology – CRYPTO 202310.1007/978-3-031-38548-3_22(661-693)Online publication date: 20-Aug-2023
https://dl.acm.org/doi/10.1007/978-3-031-38548-3_22
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents