Extensible Post Quantum Cryptography Based Authentication

TL;DR

This work addresses the threat of scalable quantum attacks on machine-to-machine authentication in healthcare by introducing an extensible, quantum-safe protocol that uses lattice-based DSAs and KEMs to establish forward-secure tokens over insecure channels. The protocol combines registration, key cycling, and token stamping to produce compact 74-byte tokens, with formal verification via the Tamarin prover and a Rust implementation that emphasizes portability and performance. Key contributions include a modular, cryptographically flexible design, a formal security analysis under a Dolev-Yao model, and practical performance measurements showing low per-operation costs even on resource-constrained devices. The approach enables scalable, future-proof identity infrastructures for health data and other regulated settings, offering audit-friendly, least-privilege token semantics while supporting standardization and potential broader adoption beyond devices to user-authentication scenarios.

Abstract

Cryptography underpins the security of modern digital infrastructure, from cloud services to health data. However, many widely deployed systems will become vulnerable after the advent of scalable quantum computing. Although quantum-safe cryptographic primitives have been developed, such as lattice-based digital signature algorithms (DSAs) and key encapsulation mechanisms (KEMs), their unique structural and performance characteristics make them unsuitable for existing protocols. In this work, we introduce a quantum-safe single-shot protocol for machine-to-machine authentication and authorization that is specifically designed to leverage the strengths of lattice-based DSAs and KEMs. Operating entirely over insecure channels, this protocol enables the forward-secure establishment of tokens in constrained environments. By demonstrating how new quantum-safe cryptographic primitives can be incorporated into secure systems, this study lays the groundwork for scalable, resilient, and future-proof identity infrastructures in a quantum-enabled world.

Figures (6)

• Figure 1: A key encapsulation mechanism (KEM). The client starts with the decapsulation key DK and the encapsulation key EK, sends the EK to the server, which the server uses to encapsulate the shared secret $\texttt{SEC}$ which can be decpasulated by the client.
• Figure 2: A simplified overview of the protocol. The protocol begins with the administrator (1) generating client credentials (3) and sending them to the server for approval (3). The server approves the credentials (4), and the administrator installs them securely on the client machine (5). To initiate a key cycle, the client generates a new key pair (6) signed with both old and new keys, and sends it to the server (7). The server verifies and approves the key cycle (8). For token stamping, the client generates a preview token (9), attaches a KEM public key and encapsulation key, and transmits this to the server (10). The server uses a private value (11) to generate a ciphertext which is sent to the server (12). Both parties derive the shared secret and compute the final token (13). Cycles and token stamping may take place an arbitrary number of times and in any order.
• Figure 3: The layout of the token byte structure in big endian. Each rectangle specifies the contents of the field as well as the amount of bytes the field takes up. Bytes are ordered from top-down, i.e., protocol comes before device type.
• Figure 4: Protocol Flow. The protocol specification without signatures showing the messages exchanged between the administrator and server and then subsequently between the client and server. To ensure the text was legible, the signatures have been left out of this diagram, but they are described in detail in the Procedure section.
• Figure 5: Server state machine in the quath implementation. The recv function processes an input and advances the internal state. The poll_transmit emits a message if external work is required (i.e., I/O or database interaction), and poll_result returns either a result or an error.