Paper 2022/1049
Post Quantum Design in SPDM for Device Authentication and Key Establishment
Abstract
The Security Protocol and Data Model (SPDM) defines flows to authenticate hardware identity of a computing device. It also allows for establishing a secure session for confidential and integrity protected data communication between two devices. The present version of SPDM, namely version 1.2, relies on traditional asymmetric cryptographic algorithms that are known to be vulnerable to quantum attacks. This paper describes the means by which support for post-quantum (PQ) cryptography can be added to the SPDM protocol in order to enable SPDM for the upcoming world of quantum computing. We examine SPDM 1.2 protocol and discuss how to negotiate the use of post-quantum cryptography algorithms (PQC), how to support device identity reporting, means to authenticate the device, and how to establish a secure session when using PQC algorithms. We consider so called hybrid modes where both classical and PQC algorithms are used to achieve security properties as these modes are important during the transition period. We also share our experience with implementing PQ-SPDM and provide benchmarks for some of the winning NIST PQC algorithms.
Metadata
- Available format(s)
- Category
- Applications
- Publication info
- Published elsewhere. Cryptography. 2022; 6(4):48
- DOI
- 10.3390/cryptography6040048
- Keywords
- PQ digital signature PQ key establishment post quantum SPDM device authentication device secure session
- Contact author(s)
-
jiewen yao @ intel com
krystian matusiewicz @ intel com
vincent zimmer @ intel com - History
- 2022-10-04: revised
- 2022-08-12: received
- See all versions
- Short URL
- https://ia.cr/2022/1049
- License
-
CC0
BibTeX
@misc{cryptoeprint:2022/1049, author = {Jiewen Yao and Krystian Matusiewicz and Vincent Zimmer}, title = {Post Quantum Design in {SPDM} for Device Authentication and Key Establishment}, howpublished = {Cryptology {ePrint} Archive, Paper 2022/1049}, year = {2022}, doi = {10.3390/cryptography6040048}, url = {https://eprint.iacr.org/2022/1049} }