Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Versatile Quantum-Safe Hybrid Key Exchange and Its Application to MACsec

Jaime S. Buruaga, Augustine Bugler, Juan P. Brito, Vicente Martin, Christoph Striecks

TL;DR

The work tackles the rise of quantum threats to classical cryptography by proposing a hybrid quantum-safe approach that blends post-quantum cryptography, quantum key distribution, and classical techniques within a HAKE framework. It introduces VMuckle, a versatile HAKE that derives a shared master secret $MS$ and per-session state $SecState$ from classical and post-quantum KEMs plus QKD, with flexible authentication via PSKs or post-quantum signatures. VMuckle is designed to substitute 802.1X authentication in MACsec without changing MACsec or MKA standards, providing crypto-agility and a security proof for HAKE-based root key establishment. A Python prototype with simulations demonstrates practical performance trade-offs and confirms the feasibility of integrating quantum-safe security into MACsec for LAN-scale deployments, enabling long-term confidentiality and integrity in the face of advancing quantum computing.

Abstract

Advancements in quantum computing pose a significant threat to most of the cryptography currently deployed. Fortunately, cryptographic building blocks to mitigate the threat are already available; mostly based on post-quantum and quantum cryptography, but also on symmetric cryptography techniques. Notably, quantum-safe building blocks must be deployed as soon as possible due to the ``harvest-now decrypt-later'' attack scenario, which is already challenging our sensitive and encrypted data today. Following an agile defense-in-depth approach, Hybrid Authenticated Key Exchange (HAKE) protocols have recently been gaining significant attention. Such protocols modularly combine conventional, post-quantum, and quantum cryptography to achieve confidentiality, authenticity, and integrity guarantees for network channels. Unfortunately, only a few protocols have yet been proposed (mainly Muckle and Muckle+) with different flexibility guarantees. Looking at available standards in the network domain (especially at the Media Access Control Security (MACsec) standard), we believe that HAKE protocols could already bring strong security benefits to MACsec today. MACsec is a standard designed to secure communication at the data link layer in Ethernet networks by providing security for all traffic between adjacent entities. In addition, MACsec establishes secure channels within a Local Area Network (LAN), ensuring that data remain protected from eavesdropping, tampering, and unauthorized access, while operating transparently to higher layer protocols. Currently, MACsec does not offer enough protection in the event of cryptographically relevant quantum computers. In this work, we tackle the challenge and propose a new versatile HAKE protocol, dubbed VMuckle, which is sufficiently flexible for the use in MACsec to provide LAN participants with hybrid key material ensuring secure communication.

Versatile Quantum-Safe Hybrid Key Exchange and Its Application to MACsec

TL;DR

The work tackles the rise of quantum threats to classical cryptography by proposing a hybrid quantum-safe approach that blends post-quantum cryptography, quantum key distribution, and classical techniques within a HAKE framework. It introduces VMuckle, a versatile HAKE that derives a shared master secret and per-session state from classical and post-quantum KEMs plus QKD, with flexible authentication via PSKs or post-quantum signatures. VMuckle is designed to substitute 802.1X authentication in MACsec without changing MACsec or MKA standards, providing crypto-agility and a security proof for HAKE-based root key establishment. A Python prototype with simulations demonstrates practical performance trade-offs and confirms the feasibility of integrating quantum-safe security into MACsec for LAN-scale deployments, enabling long-term confidentiality and integrity in the face of advancing quantum computing.

Abstract

Advancements in quantum computing pose a significant threat to most of the cryptography currently deployed. Fortunately, cryptographic building blocks to mitigate the threat are already available; mostly based on post-quantum and quantum cryptography, but also on symmetric cryptography techniques. Notably, quantum-safe building blocks must be deployed as soon as possible due to the ``harvest-now decrypt-later'' attack scenario, which is already challenging our sensitive and encrypted data today. Following an agile defense-in-depth approach, Hybrid Authenticated Key Exchange (HAKE) protocols have recently been gaining significant attention. Such protocols modularly combine conventional, post-quantum, and quantum cryptography to achieve confidentiality, authenticity, and integrity guarantees for network channels. Unfortunately, only a few protocols have yet been proposed (mainly Muckle and Muckle+) with different flexibility guarantees. Looking at available standards in the network domain (especially at the Media Access Control Security (MACsec) standard), we believe that HAKE protocols could already bring strong security benefits to MACsec today. MACsec is a standard designed to secure communication at the data link layer in Ethernet networks by providing security for all traffic between adjacent entities. In addition, MACsec establishes secure channels within a Local Area Network (LAN), ensuring that data remain protected from eavesdropping, tampering, and unauthorized access, while operating transparently to higher layer protocols. Currently, MACsec does not offer enough protection in the event of cryptographically relevant quantum computers. In this work, we tackle the challenge and propose a new versatile HAKE protocol, dubbed VMuckle, which is sufficiently flexible for the use in MACsec to provide LAN participants with hybrid key material ensuring secure communication.

Paper Structure

This paper contains 16 sections, 2 theorems, 19 equations, 7 figures, 4 tables.

Table of Contents

  1. Introduction
  2. Background
  3. MACsec
  4. Main cryptographic protocols
  5. Related Work
  6. $\text{VMuckle}\xspace$: A Versatile Key Exchange Protocol
  7. Evaluation of the $\text{VMuckle}$ Protocol
  8. Quantum-Safe MACsec
  9. Conclusion and Future Work
  10. Mathematical Preliminaries
  11. Notation.
  12. Hybrid Authenticated Key Exchange
  13. Execution environment.
  14. Adversarial Interaction.
  15. Matching sessions.
  16. ...and 1 more sections

Key Result

Theorem 1

Let $\mathcal{F}\colon \mathcal{S} \times D \to \mathsf{R}$ be a post-quantum dual PRF such that $\mathsf{R} \subseteq \mathcal{S},D$. Let ${\mathsf{DSS}}$ be a post quantum $\mathsf{EUF}\text{-}\mathsf{CMA}$ secure signature scheme, $\mathsf{MAC}\xspace$ be a post quantum $\mathsf{EUF}\text{-}\math

Figures (7)

  • Figure 1: MACsec Key Agreement protocol operation in a 3-node scenario with any-to-any Security Associations deployment (see text for further explanation).
  • Figure 2: One stage of the $\text{VMuckle}$ protocol with a classical KEM $\mathsf{KEM}\xspace_c$, a post-quantum KEM $\mathsf{KEM}\xspace_{pq}$, a MAC $\mathsf{MAC}\xspace$ and a PRF $\mathcal{F}$, where $k_q$ is a symmetric QKD key (provided out-of-band via the function ${\mathsf{GetKey}}_{qkd}$), and $\mathsf{psk}\xspace$ is a pre-shared key. $cert_I$ and $cert_R$ are certificates (provided out-of-band) for the public keys $\mathsf{pk}\xspace_I$ and $\mathsf{pk}\xspace_R$, respectively. $CATS$ and $SATS$ are the client and server application traffic secrets, respectively. Messages $\bm{m_i} : \{ m\xspace_{i,1}, \ldots \}_k$ denote that $m\xspace_{i,1}, \ldots$ are encrypted with an authenticated encryption scheme using the secret key $k$. The various contexts and labels are provided in \ref{['tab:contexts', 'tab:labels']}. In the first run, $\mathsf{SecState}$ is initialized as an empty string $\bot$. Changes to $\text{Muckle}+$ are denoted $\boxed{boxed}$.
  • Figure 3: The key schedule of one stage of the $\text{VMuckle}$ protocol, illustrating how the key components are securely combined to create the key values $MS$ and $SecState$.
  • Figure 4: The proposed operation for employing $\text{VMuckle}$ as source of trust for MKA protocol in a two-node scenario.
  • Figure 5: $\mathsf{EUF}\text{-}\mathsf{CMA}$ security experiment for a MAC $\mathsf{MAC}\xspace$.
  • ...and 2 more figures

Theorems & Definitions (14)

  • Definition 1: Pseudo-Random Function
  • Definition 2: Message Authentication Codes
  • Definition 3: $\mathsf{EUF}\text{-}\mathsf{CMA}$ security of $\mathsf{MAC}$
  • Definition 4: Signature Scheme
  • Definition 5: $\mathsf{EUF}\text{-}\mathsf{CMA}$ of $\mathsf{DSS}$
  • Definition 6: Key-Encapsulation Mechanism
  • Definition 7: IND-CPA security of $\mathsf{KEM}$
  • Definition 8: Matching sessions
  • Definition 9: Origin sessions
  • Definition 10: HAKE security
  • ...and 4 more