Paper 2014/599

Post-quantum key exchange for the TLS protocol from the ring learning with errors problem

Joppe W. Bos, Craig Costello, Michael Naehrig, and Douglas Stebila

Abstract

Lattice-based cryptographic primitives are believed to offer resilience against attacks by quantum computers. We demonstrate the practicality of post-quantum key exchange by constructing ciphersuites for the Transport Layer Security (TLS) protocol that provide key exchange based on the ring learning with errors (R-LWE) problem; we accompany these ciphersuites with a rigorous proof of security. Our approach ties lattice-based key exchange together with traditional authentication using RSA or elliptic curve digital signatures: the post-quantum key exchange provides forward secrecy against future quantum attackers, while authentication can be provided using RSA keys that are issued by today's commercial certificate authorities, smoothing the path to adoption. Our cryptographically secure implementation, aimed at the 128-bit security level, reveals that the performance price when switching from non-quantum-safe key exchange is not too high. With our R-LWE ciphersuites integrated into the OpenSSL library and using the Apache web server on a 2-core desktop computer, we could serve 506 RLWE-ECDSA-AES128-GCM-SHA256 HTTPS connections per second for a 10 KiB payload. Compared to elliptic curve Diffie--Hellman, this means an 8 KiB increased handshake size and a reduction in throughput of only 21%. This demonstrates that provably secure post-quantum key-exchange can already be considered practical.

Note: Revise literature/related work

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. Major revision. IEEE Security & Privacy 2015
Keywords
post-quantumlearning with errorsTransport Layer Security (TLS)key exchange
Contact author(s)
dstebila @ uwaterloo ca
History
2018-08-15: last of 3 revisions
2014-08-05: received
See all versions
Short URL
https://ia.cr/2014/599
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2014/599,
      author = {Joppe W.  Bos and Craig Costello and Michael Naehrig and Douglas Stebila},
      title = {Post-quantum key exchange for the {TLS} protocol from the ring learning with errors problem},
      howpublished = {Cryptology {ePrint} Archive, Paper 2014/599},
      year = {2014},
      url = {https://eprint.iacr.org/2014/599}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.