Skip to main content

Criteria for selection of public-key cryptographic algorithms for quantum-safe hybrid cryptography
draft-whyte-select-pkc-qsh-02

Document Type Expired Internet-Draft (individual)
Expired & archived
Authors John M. Schanck , William Whyte , Zhenfei Zhang
Last updated 2017-04-08 (Latest revision 2016-10-05)
RFC stream (None)
Intended RFC status (None)
Formats
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:

Abstract

Authenticated key exchange mechanisms instantiated with cryptosystems based on integer factorization, finite field discrete log, or elliptic curve discrete log, are believed to be secure now but are vulnerable to a harvest-then-decrypt attack where an attacker who cannot currently break the mechanism records the traffic anyway, then decrypts it at some point in the future when quantum computers become available. The Quantum-safe Hybrid approach is a modular design, allowing any authenticated key exchange mechanism to be protected against the harvest-then-decrypt attack by exchanging additional secret material protected with an ephemeral key for a quantum-safe public key cryptographic algorithm and including that secret material in the Key Derivation Function (KDF) run at the end of the key exchange. This approach has been proposed in TLS as the Quantum-safe Hybrid handshake mechanism for Transport Layer Security protocol (QSH_TLS). This document provides a guideline to criteria for selecting public key encryption algorithms approved for experimental use in the quantum safe hybrid setting.

Authors

John M. Schanck
William Whyte
Zhenfei Zhang

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)