Post-quantum key exchange for the TLS protocol from the ring learning with errors problem
2016-02-26 00:33
513 查看
原文地址:https://www.douglas.stebila.ca/research/papers/SP-BCNS15/
Lattice-based cryptographic primitives are believed to offer resilience against attacks by quantum computers. We demonstrate the practicality of post-quantum key exchange by constructing ciphersuites for the Transport Layer Security (TLS) protocol that provide
key exchange based on the ring learning with errors (R-LWE) problem; we accompany these ciphersuites with a rigorous proof of security. Our approach ties lattice-based key exchange together with traditional authentication using RSA or elliptic curve digital
signatures: the post-quantum key exchange provides forward secrecy against future quantum attackers, while authentication can be provided using RSA keys that are issued by today's commercial certificate authorities, smoothing the path to adoption.
Our cryptographically secure implementation, aimed at the 128-bit security level, reveals that the performance price when switching from non-quantum-safe key exchange is not too high. With our R-LWE ciphersuites integrated into the OpenSSL library and using
the Apache web server on a 2-core desktop computer, we could serve 506 RLWE-ECDSA-AES128-GCM-SHA256 HTTPS connections per second for a 10 KiB payload. Compared to elliptic curve Diffie--Hellman, this means an 8 KiB increased handshake size and a reduction
in throughput of only 21%. This demonstrates that post-quantum key-exchange can already be considered practical.
Keywords: cryptographic protocols, post-quantum, learning with errors, Transport Layer Security (TLS), key exchange
Joppe W. Bos, Craig Costello, Michael Naerhig, Douglas Stebila. Post-quantum key exchange for the TLS protocol from the ring learning with errors problem. In Proc. IEEE Symposium on Security and Privacy (S&P)
2015, pp. 553-570. IEEE, May 2015. © IEEE.
C implementation of the core ring learning with errors key exchange protocol: https://github.com/dstebila/rlwekex
Integration into OpenSSL 1.0.1: GitHub (be sure to
use OpenSSL_1_0_1_stable branch)https://github.com/dstebila/openssl-rlwekex/tree/OpenSSL_1_0_1-stable
Abstract
Lattice-based cryptographic primitives are believed to offer resilience against attacks by quantum computers. We demonstrate the practicality of post-quantum key exchange by constructing ciphersuites for the Transport Layer Security (TLS) protocol that providekey exchange based on the ring learning with errors (R-LWE) problem; we accompany these ciphersuites with a rigorous proof of security. Our approach ties lattice-based key exchange together with traditional authentication using RSA or elliptic curve digital
signatures: the post-quantum key exchange provides forward secrecy against future quantum attackers, while authentication can be provided using RSA keys that are issued by today's commercial certificate authorities, smoothing the path to adoption.
Our cryptographically secure implementation, aimed at the 128-bit security level, reveals that the performance price when switching from non-quantum-safe key exchange is not too high. With our R-LWE ciphersuites integrated into the OpenSSL library and using
the Apache web server on a 2-core desktop computer, we could serve 506 RLWE-ECDSA-AES128-GCM-SHA256 HTTPS connections per second for a 10 KiB payload. Compared to elliptic curve Diffie--Hellman, this means an 8 KiB increased handshake size and a reduction
in throughput of only 21%. This demonstrates that post-quantum key-exchange can already be considered practical.
Keywords: cryptographic protocols, post-quantum, learning with errors, Transport Layer Security (TLS), key exchange
Reference
Joppe W. Bos, Craig Costello, Michael Naerhig, Douglas Stebila. Post-quantum key exchange for the TLS protocol from the ring learning with errors problem. In Proc. IEEE Symposium on Security and Privacy (S&P)2015, pp. 553-570. IEEE, May 2015. © IEEE.
Code
C implementation of the core ring learning with errors key exchange protocol: https://github.com/dstebila/rlwekexIntegration into OpenSSL 1.0.1: GitHub (be sure to
use OpenSSL_1_0_1_stable branch)https://github.com/dstebila/openssl-rlwekex/tree/OpenSSL_1_0_1-stable
相关文章推荐
- Android LayoutInflater原理分析,带你一步步深入了解View(一)
- PIC18F
- Manifest.xml文件中主要包括哪些信息?
- 字符串包含问题
- 设计模式学习笔记——策略模式
- Window Event 2008
- 如何下载一些网站本身不希望你下载的文件呢
- math数学部分
- 制作系统安装U盘
- 【慕课笔记】第四章 JAVA中的集合框架(上) 第11节 通过Set集合管理课程
- leetcode 5. Longest Palindromic Substring
- GenyMotion不能启动的问题,Unable to start the virtual device.VirtualBox cannot start the virtual device
- Android Volley完全解析(四),带你从源码的角度理解Volley
- Android Volley完全解析(三),定制自己的Request
- 创业全攻略:从零到开具第一张发票
- Heap和stack有什么区别?
- Leetcode 160:Intersection of Two Linked Lists
- Android Volley完全解析(二),使用Volley加载网络图片
- Disjoint-Set并查集
- Android Volley完全解析(一),初识Volley的基本用法