Paper 2019/858
Prototyping post-quantum and hybrid key exchange and authentication in TLS and SSH
Eric Crockett, Christian Paquin, and Douglas Stebila
Abstract
Once algorithms for quantum-resistant key exchange and digital signature schemes are selected by standards bodies, adoption of post-quantum cryptography will depend on progress in integrating those algorithms into standards for communication protocols and other parts of the IT infrastructure. In this paper, we explore how two major Internet security protocols, the Transport Layer Security (TLS) and Secure Shell (SSH) protocols, can be adapted to use post-quantum cryptography. First, we examine various design considerations for integrating post-quantum and hybrid key exchange and authentication into communications protocols generally, and in TLS and SSH specifically. These include issues such as how to negotiate the use of multiple algorithms for hybrid cryptography, how to combine multiple keys, and more. Subsequently, we report on several implementations of post-quantum and hybrid key exchange in TLS 1.2, TLS 1.3, and SSHv2. We also report on work to add hybrid authentication in TLS 1.3 and SSHv2. These integrations are in Amazon s2n and forks of OpenSSL and OpenSSH; the latter two rely on the liboqs library from the Open Quantum Safe project.
Metadata
- Available format(s)
-
PDF
- Category
- Implementation
- Publication info
- Published elsewhere. NIST 2nd PQC Standardization Conference, Santa Barbara, California, August 2019
- Keywords
- post-quantum cryptographyTLSSSH
- Contact author(s)
- dstebila @ uwaterloo ca
- History
- 2019-07-24: received
- Short URL
- https://ia.cr/2019/858
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2019/858,
author = {Eric Crockett and Christian Paquin and Douglas Stebila},
title = {Prototyping post-quantum and hybrid key exchange and authentication in {TLS} and {SSH}},
howpublished = {Cryptology {ePrint} Archive, Paper 2019/858},
year = {2019},
url = {https://eprint.iacr.org/2019/858}
}
