Post-Quantum Security Overview of the Public Key Infrastructure
DOI:
https://doi.org/10.52846/stccj.2023.3.2.55Keywords:
cryptography, quantum computing, post-quantum cryptography, public key infrastructure, cybersecurityAbstract
Recently, there has been an increasing focus on the investigation of quantum-safe solutions for a variety of applications. One of the pressing issues that needs to be made quantum secure is the TLS (Transport Layer Security) protocol. Proposals for its implementation have been discussed in several articles. The TLS protocol is based on PKI (Public Key Infrastructure). In addition, there are many other PKI applications that are used every day in both private and enterprise environments, so securing their use is essential. The methods currently developed to ensure adequate security will become obsolete with the advent of quantum computers. According to the Cloud Security Alliance, by around 2030, the performance of quantum computers will increase to the point where the risk of vulnerability of traditionally encrypted data will be very high. It is therefore important to make the right preparations in time to ensure that we can transform our solutions into quantum secure solutions by the time quantum computing becomes a real threat. In this paper, we present an analysis to this end, presenting quantum-safe solutions already in use and, in comparison, proposing new, well-performing solutions for a quantum-resistant PKI.
References
Yunakovsky, Sergey E., et al. ”Towards security recommendations for public-key infrastructures for production environments in the postquantum era.” EPJ Quantum Technology 8.1 (2021): 14.
Raavi, Manohar, et al. ”Performance characterization of post-quantum digital certificates.” 2021 International Conference on Computer Communications and Networks (ICCCN). IEEE, 2021.
Bindel, Nina, et al. ”Transitioning to a quantum-resistant public key infrastructure.” Post-Quantum Cryptography: 8th International Workshop, PQCrypto 2017, Utrecht, The Netherlands, June 26-28, 2017, Proceedings 8. Springer International Publishing, 2017.
Alkim, Erdem, et al. ”Post-quantum key Exchange — A new hope.” 25th USENIX Security Symposium (USENIX Security 16), 2016.
Alagic, Gorjan, et al. ”Status report on the third round of the NIST post-quantum cryptography standardization process.” US Department of Commerce, NIST, 2022.
Grote, Olaf, Andreas Ahrens, and C´esar Benavente-Peces, ”A review of post-quantum cryptography and crypto-agility strategies.” 2019 International Interdisciplinary PhD Workshop (IIPhDW). IEEE, 2019.
Bindel, Nina, et al. ”Transitioning to a quantum-resistant public key infrastructure.” Post-Quantum Cryptography: 8th International Workshop, PQCrypto 2017, Utrecht, The Netherlands, June 26-28, 2017, Proceedings 8. Springer International Publishing, 2017.
Butin, Denis, Julian W¨alde, and Johannes Buchmann, ”Post-quantum authentication in OpenSSL with hash-based signatures.” 2017 Tenth International Conference on Mobile Computing and Ubiquitous Network (ICMU). IEEE, 2017.
Hunt, Ray, ”PKI and digital certification infrastructure.” Proceedings. Ninth IEEE International Conference on Networks, ICON 2001. IEEE, 2001.
Davies, Joshua, ”Implementing SSL/TLS using cryptography and PKI” John Wiley and Sons, 2011.
Adams, Carlisle, and Steve Lloyd, ”Understanding PKI: concepts, standards, and deployment considerations” Addison-Wesley Professional, 2003.
Diffie, W. and Hellman, M. E., ”New Directions in Cryptography” IEEE Transactions on Information Theory, 22 (1976), pp. 644-654.
Rivest, Ronald L., Adi Shamir, and Leonard Adleman, ”A method for obtaining digital signatures and public-key cryptosystems.” Communications of the ACM 21.2 (1978): 120-126.
Koblitz, Neal, Alfred Menezes, and Scott Vanstone, ”The state of elliptic curve cryptography.” Designs, codes and cryptography 19.2 (2000): 173- 193.
Johnson, Don, Alfred Menezes, and Scott Vanstone, ”The elliptic curve digital signature algorithm (ECDSA).” International journal of information security 1 (2001): 36-63.
Shor, Peter W, ”Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer.” SIAM review 41.2 (1999): 303-332.
Lyubashevsky, Vadim, Chris Peikert, and Oded Regev, ”On ideal lattices and learning with errors over rings.” Advances in Cryptology– EUROCRYPT 2010: 29th Annual International Conference on the Theory and Applications of Cryptographic Techniques, French Riviera, May 30–June 3, 2010. Proceedings 29. Springer Berlin Heidelberg, 2010.
J. Buchmann, E. Dahmen, and A. H¨ulsing, “XMSS — A Practical Forward Secure Signature Scheme Based on Minimal Security Assumptions,” PQCrypto, ser. LNCS, vol. 7071. Springer, pp. 117–129., 2011.
Stebila, Douglas, and Michele Mosca, ”Post-quantum key exchange for the internet and the open quantum safe project.” International Conference on Selected Areas in Cryptography. Cham: Springer International Publishing, 2016.
Aragon, Nicolas, et al. ”BIKE: bit flipping key encapsulation”, 2017.
Aragon, Nicolas, et al. ”BIKE: bit flipping key encapsulation - Round 4 Submission”, 2022.
Chou, Tung, et al. ”Classic McEliece: conservative code-based cryptography”, 2020.
Melchor, Carlos Aguilar, et al. ”Hamming quasi-cyclic (HQC)” NIST PQC Round, 2022.
J. Bos et al. ”CRYSTALS - Kyber: A CCA-Secure Module-Lattice- Based KEM,” 2018 IEEE European Symposium on Security and Privacy (EuroS&P), London, UK, pp. 353-367, doi: 10.1109/EuroSP. 2018.00032., 2018.
J. Bos et al. ”CRYSTALS-Kyber - Algorithm Specifications And Supporting Documentation (version 3.0)”, 2020.
Chen, Cong, et al. ”NTRU-Algorithm specifications and supporting documentation (Round 3 Submission)” Tech. Rep. 2020.[Online]. Available: https://csrc.nist.gov/Projects/post-quantum-cryptography/round-3-submissions, 2020.
Fouque, Pierre-Alain, et al. ”Falcon: Fast-Fourier lattice-based compact signatures over NTRU.” Submission to the NIST’s post-quantum cryptography standardization process, 2020.
Jean-Philippe Aumasson, Daniel J. Bernstein, et al. ”SPHINCS+” Submission to the NIST post-quantum project, v.3.1, 2022.
Lyubashevsky, Vadim, et al. ”CRYSTALS-Dilithium: algorithm specifications and supporting documentation.” NIST Post-Quantum Cryptography Standardization Round 3, 2020.
NIST, ”Submission Requirements and Evaluation Criteria for the Post-Quantum Cryptography Standardization Process.”, 2016.
Maurer, Ueli, ”Abstract models of computation in cryptography.” Cryptography and Coding: 10th IMA International Conference, Cirencester, UK, December 19-21, 2005. Proceedings 10. Springer Berlin Heidelberg, 2005.
Aumasson, Jean-Philippe, ”The impact of quantum computing on cryptography.” Computer Fraud & Security 2017.6 (2017): 8-11., 2017.
Regev, O., ”Lattice-based cryptography” In Advances in cryptology (CRYPTO), pages 131–141, 2006.
Bene Fruzsina, and Attila Kiss, ”Public Key Infrastructure in the Post-Quantum Era.” 2023 IEEE 17th International Symposium on Applied Computational Intelligence and Informatics (SACI). IEEE, 2023.
Mavroeidis, Vasileios, et al. ”The impact of quantum computing on present cryptography.” arXiv preprint arXiv:1804.00200, 2018.
Grover, Lov K, ”A fast quantum mechanical algorithm for database search.” Proceedings of the twenty-eighth annual ACM symposium on Theory of computing, 1996.
Campagna, Matthew, et al. ”Supersingular isogeny key encapsulation.” 2019.
Damien Robert, ”Breaking SIDH in polynomial time” Cryptology ePrint Archive, Report 2022/1038, 2022.
Luciano Maino and Chloe Martindale, ”An attack on SIDH with arbitrary starting curve” Cryptology ePrint Archive, Report 2022/1026, 2022.
Tomoki Moriya, ”Masked-degree SIDH” Cryptology ePrint Archive, Report 2022/1019, 2022.
Harald Niederreiter, ”Knapsack-type cryptosystems and algebraic coding theory” Problems of Control and Information Theory, 15(2):159–166, 1986.
Dennis Hofheinz, Kathrin H¨ovelmanns, and Eike Kiltz, ”A modular analysis of the Fujisaki-Okamoto transformation” Theory of Cryptography Conference, pages 341–371. Springer, 2017.
Dam, Duc-Thuan, et al. ”A Survey of Post-Quantum Cryptography: Start of a New Race.” Cryptography 7.3 (2023): 40.
Buchmann, J., Dahmen, E., and A. Huelsing, ”XMSS - A Practical Forward Secure Signature Scheme Based on Minimal Security Assumptions” Lecture Notes in Computer Science, Volume 7071, Post-Quantum Cryptography, 8, 2011.