Quantum-Safe Hybrid (QSH) Key Exchange for Transport Layer Security (TLS) version 1.3
draft-whyte-qsh-tls13-04

Document Type Active Internet-Draft (individual)
Last updated 2017-04-03
Stream (None)
Intended RFC status (None)
Formats plain text pdf html bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state I-D Exists
Telechat date
Responsible AD (None)
Send notices to (None)
INTERNET-DRAFT                                                  W. Whyte
Intended Status: Experimental                        Security Innovation
Expires: 2017-XX-YY                                             Z. Zhang
                                                     Security Innovation
                                                              S. Fluhrer
                                                           Cisco Systems
                                                       O. Garcia-Morchon
                                                                 Philips
                                                              2017-03-31

                 Quantum-Safe Hybrid (QSH) Key Exchange
             for Transport Layer Security (TLS) version 1.3
                      draft-whyte-qsh-tls13-04.txt

Abstract

   This document describes the Quantum-Safe Hybrid Key Exchange, a
   mechanism for providing modular design for quantum-safe cryptography
   to be adopted in the handshake for the Transport Layer Security (TLS)
   protocol version 1.3.  

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/1id-abstracts.html.  

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on 2017-XX-YY.

   Update from last version: redesign of the approach to suite latest
   TLS1.3 draft 18.
 

Whyte et al.               Expires 2017-XX-YY                   [Page 1]
INTERNET DRAFT     Quantum-safe handshake for TLS 1.3         2017-01-23

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
   2.  Design Criteria  . . . . . . . . . . . . . . . . . . . . . . .  4
   3.  Modular design for quantum-safe key exchange . . . . . . . . .  5
     3.1.  Additional Quantum-Safe Key Exchanges  . . . . . . . . . .  6
     3.2.  Hybrid Key Exchanges . . . . . . . . . . . . . . . . . . .  8
       3.2.1.  Hybrid Key Exchange within ClientHello . . . . . . . .  8
         3.2.1.1.  Hybrid Key Exchange within the supported_groups 
                   extension  . . . . . . . . . . . . . . . . . . . .  8
         3.2.1.1.  Hybrid Key Exchange within the key_share
                   extension  . . . . . . . . . . . . . . . . . . . .  9
       3.2.2.  Hybrid Key Exchange within ServerHello . . . . . . . . 10
       3.2.3.  Hybrid Key Exchange within HelloRetryRequest . . . . . 10
       3.2.4.  Hybrid extension . . . . . . . . . . . . . . . . . . . 10
       3.2.5.  Generating the shared secret . . . . . . . . . . . . . 11
   4.  Specific information for Quantum-Safe Scheme . . . . . . . . . 11
     4.1.  NTRUEncrypt  . . . . . . . . . . . . . . . . . . . . . . . 11
     4.2.  LWE  . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
     4.3.  HFE  . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
     4.4.  McEliece/McBits  . . . . . . . . . . . . . . . . . . . . . 12
     4.5.  Pre-Shared Keys  . . . . . . . . . . . . . . . . . . . . . 12
   5.  Design Rationale . . . . . . . . . . . . . . . . . . . . . . . 13
   6. Alternative Designs . . . . . . . . . . . . . . . . . . . . . . 14
     6.1.  Smart encoding of hybrid groups  . . . . . . . . . . . . . 15
     6.2.  No usage of "supported_groups" . . . . . . . . . . . . . . 15
     6.3.  No usage of "supported_groups", encoding supported
           hybrid groups in "key_share" . . . . . . . . . . . . . . . 16
   7.  Security Considerations  . . . . . . . . . . . . . . . . . . . 16
     7.1.  Security, Authenticity and Forward Secrecy . . . . . . . . 16
     7.2.  Quantum Security and Quantum Forward Secrecy . . . . . . . 16
     7.3.  Quantum Authenticity . . . . . . . . . . . . . . . . . . . 17
   8.  Compatibility with TLS 1.2 and earlier version . . . . . . . . 17
   9.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 17
   10.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . . 17
   11.  References  . . . . . . . . . . . . . . . . . . . . . . . . . 17
     11.1.  Normative References  . . . . . . . . . . . . . . . . . . 17
     11.2.  Informative References  . . . . . . . . . . . . . . . . . 19
   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 19
Show full document text