Reliable PQC Alternatives Achieve Secure Key Encapsulation and Digital Signatures for TLS 1_3

The looming threat of quantum computing necessitates the development of post-quantum cryptography, a field dedicated to creating public-key systems resistant to attacks from both classical and quantum adversaries. Juan Pedro Hecht and Hugo Daniel Scolnik, from the University of Buenos Aires, present new protocols designed to address this challenge, detailing a key encapsulation mechanism and a digital signature scheme with specific defences against linear cryptanalysis. This research is significant because it proposes viable alternatives to current cryptographic standards, offering compact and efficient methods for key exchange and digital signatures. By focusing on compatibility with the widely used TLS 1.3 protocol, the authors aim to facilitate a smooth transition towards quantum-resistant security, protecting existing internet traffic from future decryption attempts.

Post-quantum cryptography (PQC) aims to develop public-key primitives secure against both classical and quantum computing technologies. This study introduces novel protocols, including a key encapsulation mechanism and a digital signature scheme, with specific protection against linear attacks. The research focuses on creating reliable alternatives to current cryptographic standards, seeking compact, fast and secure replacements for key interchange and digital signatures, intended for use within the TLS 1.3 protocol. The ultimate goal is to provide a practical and robust solution for long-term data security in a world increasingly vulnerable to quantum computing advancements.

RDMPF-Based Post-Quantum Cryptographic Construction

The KEM and Digital Signature Algorithm (DSA) were parameterised with R=1, a matrix dimension of 5, operating within the GF(997) finite prime field, with an exponent maximum of 9 and k=64, alongside a sigma value of 3. This configuration allowed for rigorous testing of the algorithms’ performance and correctness under defined conditions. The study meticulously measured execution times for key generation, encapsulation, and decapsulation, including a detailed analysis of the Implicit Rejection (IR) mechanism, a decryption method designed to silently reject invalid ciphertexts and prevent side-channel leakage. Ten runs were conducted to assess performance consistency, yielding mean times of 0.0859316 seconds for key generation, 0.0803832 seconds for encapsulation, and 0.0332455 seconds for decapsulation, with a mean total time of 0.1979977 seconds across all operations.

A crucial innovation lies in the implementation of Implicit Rejection, where the research demonstrates that, in practical applications, the time taken for implicit rejection should equal the decapsulation time to effectively mitigate potential side-channel attacks. Successful completion of a tampering test, alongside matching session keys during encapsulation and decapsulation, confirms the protocol’s functionality and integrity, paving the way for secure post-quantum communication within protocols like TLS 1.3. The availability of source code and full output data further supports reproducibility and validation of these findings.

RDMPF KEM and DSA for Post-Quantum Security

Scientists have developed new protocols for post-quantum cryptography, introducing a key encapsulation mechanism (KEM) and a digital signature algorithm (DSA) designed to withstand attacks from both classical and quantum computing technologies. The research centres around the Rank-Deficient Matrix Power Function (RDMPF), a novel approach to constructing these cryptographic primitives, with a focus on creating compact and efficient replacements for existing standards like TLS 1.3. This work aims to proactively safeguard internet traffic against future decryption threats posed by advancements in computing power. The team meticulously defined the KEM and DSA algorithms using a stepwise pseudocode format, adhering to the conventions established in FIPS 203 and FIPS 204.

Initial steps in the KEM involve generating a secret key (SK) and corresponding public key (PK) utilising the RDMPF function. Experiments with the RDMPF-KEM protocol demonstrate the encapsulation process begins by selecting a random message, m, from a {0,1}^κ set, and mapping it to X and Y coordinates. The resulting matrices, TA_r and S_r, are then encoded and used with a Key Derivation Function (KDF) to generate a final key, K, ensuring secure key exchange. Measurements confirm the decapsulation process successfully recovers the original key, K, provided the correct secret key is used. Should the decapsulation fail, a fallback mechanism utilising a secret value and KDF generates an alternative key, maintaining security.

The correctness of the RDMPF-KEM is formally proven, assuming the underlying RDMPF-PKE primitive is IND-CPA-secure, establishing IND-CCA2 security within the Random Oracle Model. This delivers a robust and verifiable key exchange protocol. Further research focused on the FO-DSA signature scheme, employing the Fujisaki, Okamoto transform with implicit rejection. The signing process begins with deriving a random value, r, using a hash function, H1, based on the message and public key. The signature, σ, consists of σ0 and a tag, t, generated through further hashing. Verification involves checking both the validity of σ0 and the consistency of the generated tag, t’, with the original tag, t. If either check fails, the verification process returns a pseudorandom placeholder, ensuring security against forgery attacks and establishing UF-CMA security assuming the underlying signature scheme is secure.

FO-RDMPF Schemes for Post-Quantum Security

This work presents new protocols for post-quantum cryptography, specifically a key encapsulation mechanism, FO-RDMPF-KEM, and a digital signature scheme, FO-RDMPF-DSA. These protocols are designed to offer alternatives to existing public-key primitives in the face of potential attacks from quantum computers, focusing on algebraic simplicity combined with modern cryptographic transformations. The researchers demonstrate the soundness of their designs through symbolic implementations, suggesting they are viable candidates for replacing current standards like ML-KEM and ML-DSA within protocols such as TLS 1.3. The resulting protocols are characterised as reasonably fast, reliable, and semantically secure, offering a potential pathway to protect internet traffic against the ‘harvest now, decrypt later’ threat.

While the designs demonstrate promise, the authors acknowledge the need for further rigorous analysis, particularly concerning resistance to side-channel and fault-injection attacks. They also recommend scaling parameter sets to meet established NIST security levels and developing implementations in languages like C or Rust to facilitate fair performance comparisons with existing lattice-based standards. Future work will concentrate on these crucial implementation and security evaluations. Obtaining these results is essential to fully assess the practicality and robustness of FO-RDMPF-KEM and FO-RDMPF-DSA.