Abstract
The Extended Access Control (EAC) protocol for authenticated key agreement is mainly used to secure connections between machine-readable travel documents (MRTDs) and inspection terminals, but it can also be adopted as a universal solution for attribute-based access control with smart cards. The security of EAC is currently based on the Diffie-Hellman problem, which may not be hard when considering quantum computers.
In this work we present PQ-EAC, a quantum-resistant version of the EAC protocol. We show how to achieve post-quantum confidentiality and authentication without sacrificing real-world usability on smart cards. To ease adoption, we present two main versions of PQ-EAC: One that uses signatures for authentication and one where authentication is facilitated using long-term KEM keys. Both versions can be adapted to achieve forward secrecy and to reduce round complexity. To ensure backwards-compatibility, PQ-EAC can be implemented using only Application Protocol Data Units (APDUs) specified for EAC in standard BSI TR-03110. Merely the protocol messages needed to achieve forward secrecy require an additional APDU not specified in TR-03110. We prove security of all versions in the real-or-random model of Bellare and Rogaway.
To show real-world practicality of PQ-EAC we have implemented a version using signatures on an ARM SC300 security controller, which is typically deployed in MRTDs. We also implemented PQ-EAC on a VISOCORE® terminal for border control. We then conducted several experiments to evaluate the performance of PQ-EAC executed between chip and terminal under various real-world conditions. Our results strongly suggest that PQ-EAC is efficient enough for use in border control.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
This is usually performed during Passive Authentication but to simplify the presentation, we show it as part of the CA.
- 2.
- 3.
- 4.
The ISO/IEC 14443 overhead is between 23% for very big APDUs and 72% for very small APDUs. Since most of the EAC protocols’ runtime is spent on big commands, we stick to an approximation near that of bigger commands.
References
Abdalla, M., Eisenhofer, T., Kiltz, E., Kunzweiler, S., Riepel, D.: Password-authenticated key exchange from group actions. Cryptology ePrint Archive (2022). https://eprint.iacr.org/2022/770
Alagic, G., et al.: Status report on the third round of the NIST post-quantum cryptography standardization process, NIST IR 8413. Technical report, National Institute for Standards and Technology (NIST) (2022)
Angel, Y., Dowling, B., Hülsing, A., Schwabe, P., Weber, F.: Post quantum noise. In: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, CCS 2022, pp. 97–109. ACM (2022)
Arute, F., et al.: Quantum supremacy using a programmable superconducting processor. Nature 574(7779), 505–510 (2019)
Avoine, G., Kalach, K., Quisquater, J.-J.: ePassport: securing international contacts with contactless chips. In: Tsudik, G. (ed.) FC 2008. LNCS, vol. 5143, pp. 141–155. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85230-8_11
Bache, F., Paglialonga, C., Oder, T., Schneider, T., Güneysu, T.: High-speed masking for polynomial comparison in lattice-based KEMs. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2020(3), 483–507 (2020)
Bellare, M., Lysyanskaya, A.: Symmetric and dual PRFs from standard assumptions: A generic validation of an HMAC assumption. IACR Cryptology ePrint Archive, p. 1198 (2015). http://eprint.iacr.org/2015/1198
Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: Proceedings of the 1st ACM Conference on Computer and Communications Security, CCS 1993, pp. 62–73. Association for Computing Machinery (1993)
Bender, J., Dagdelen, Ö., Fischlin, M., Kügler, D.: The PACE\(\vert \)AA protocol for machine readable travel documents, and its security. In: Keromytis, A.D. (ed.) FC 2012. LNCS, vol. 7397, pp. 344–358. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32946-3_25
Bender, J., Fischlin, M., Kügler, D.: Security analysis of the PACE key-agreement protocol. In: Samarati, P., Yung, M., Martinelli, F., Ardagna, C.A. (eds.) ISC 2009. LNCS, vol. 5735, pp. 33–48. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04474-8_3
Bernstein, D.J.: Introduction to post-quantum cryptography. In: Bernstein, D.J., Buchmann, J., Dahmen, E. (eds.) Post-Quantum Cryptography, pp. 1–14. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-540-88702-7_1
Bindel, N., Brendel, J., Fischlin, M., Goncalves, B., Stebila, D.: Hybrid key encapsulation mechanisms and authenticated key exchange. In: Ding, J., Steinwandt, R. (eds.) PQCrypto 2019. LNCS, vol. 11505, pp. 206–226. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-25510-7_12
Bindel, N., Herath, U., McKague, M., Stebila, D.: Transitioning to a quantum-resistant public key infrastructure. In: Lange, T., Takagi, T. (eds.) PQCrypto 2017. LNCS, vol. 10346, pp. 384–405. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-59879-6_22
Botros, L., Kannwischer, M.J., Schwabe, P.: Memory-efficient high-speed implementation of Kyber on Cortex-M4. In: Buchmann, J., Nitaj, A., Rachidi, T. (eds.) AFRICACRYPT 2019. LNCS, vol. 11627, pp. 209–228. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-23696-0_11
Boyd, C., Gellert, K.: A modern view on forward security. Comput. J. 64(1), 639–652 (2019)
Brendel, J., Fischlin, M., Günther, F., Janson, C., Stebila, D.: Towards post-quantum security for signal’s X3DH handshake. In: Dunkelman, O., Jacobson, Jr., M.J., O’Flynn, C. (eds.) SAC 2020. LNCS, vol. 12804, pp. 404–430. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-81652-0_16
Bundesamt für Sicherheit in der Informationstechnik: BSI TR-03110. Standard (2016)
Bundesamt für Sicherheit in der Informationstechnik: Migration to Post Quantum Cryptography: Recommendations for action by the BSI (2020). https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Crypto/Migration_to_Post_Quantum_Cryptography.pdf?__blob=publicationFile &v=2
Byszio, F., Wirth, K.D., Nguyen, K.: Intelligent composed algorithms. Cryptology ePrint Archive, Paper 2021/813 (2021). https://eprint.iacr.org/2021/813
Castryck, W., Decru, T.: An efficient key recovery attack on SIDH (preliminary version). Cryptology ePrint Archive (2022)
Castryck, W., Lange, T., Martindale, C., Panny, L., Renes, J.: CSIDH: an efficient post-quantum commutative group action. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018, Part III. LNCS, vol. 11274, pp. 395–427. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03332-3_15
Dagdelen, Ö., Fischlin, M.: Security analysis of the extended access control protocol for machine readable travel documents. In: Burmester, M., Tsudik, G., Magliveras, S., Ilić, I. (eds.) ISC 2010. LNCS, vol. 6531, pp. 54–68. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-18178-8_6
Filimonov, I., Horne, R., Mauw, S., Smith, Z.: Breaking unlinkability of the ICAO 9303 standard for e-passports using bisimilarity. In: Sako, K., Schneider, S., Ryan, P.Y.A. (eds.) ESORICS 2019, Part I. LNCS, vol. 11735, pp. 577–594. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-29959-0_28
Fischlin, M., Günther, F., Schmidt, B., Warinschi, B.: Key confirmation in key exchange: a formal treatment and implications for TLS 1.3. In: IEEE Symposium on Security and Privacy, SP 2016, pp. 452–469. IEEE Computer Society (2016)
Giacon, F., Heuer, F., Poettering, B.: KEM combiners. In: Abdalla, M., Dahab, R. (eds.) PKC 2018. LNCS, vol. 10769, pp. 190–218. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-76578-5_7
Groce, A., Katz, J.: A new framework for efficient password-based authenticated key exchange. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, pp. 516–525. Association for Computing Machinery (2010)
Heinz, D., Pöppelmann, T.: Combined fault and DPA protection for lattice-based cryptography. IACR Cryptology ePrint Archive, p. 101 (2021). https://eprint.iacr.org/2021/101
Hülsing, A., Butin, D., Gazdag, S., Rijneveld, J., Mohaisen, A.: XMSS: eXtended merkle signature scheme (2018)
Hülsing, A., et al.: SPHINCS+. Technical report, National Institute of Standards and Technology (2022). https://csrc.nist.gov/Projects/post-quantum-cryptography/selected-algorithms-2022
Hülsing, A., Ning, K., Schwabe, P., Weber, F., Zimmermann, P.R.: Post-quantum wireguard. In: 42nd IEEE Symposium on Security and Privacy, SP 2021, pp. 304–321. IEEE (2021)
International Civil Aviation Organization: ICAO doc 9303. Standard (2021). https://www.icao.int/publications/pages/publication.aspx?docnum=9303. 8th Edition
International Organization for Standardization/International Electrotechnical Commission: ISO/IEC 14443–4: Identification cards - contactless integrated circuit cards - proximity cards. Standard (2018)
International Organization for Standardization/International Electrotechnical Commission: ISO/IEC 7816–4: Identification cards - integrated circuit cards. Technical report (2020)
Kannwischer, M.J., et al.: Pqm4 (2022). https://github.com/mupq/pqm4/blob/master/benchmarks.md
Katz, J., Lindell, Y.: Introduction to Modern Cryptography, 2nd edn. CRC Press, Boca Raton (2014)
Katz, J., Vaikuntanathan, V.: Smooth projective hashing and password-based authenticated key exchange from lattices. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 636–652. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-10366-7_37
Krawczyk, H.: SIGMA: the ‘SIGn-and-MAc’ approach to authenticated Diffie-Hellman and its use in the IKE protocols. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 400–425. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-45146-4_24
Krawczyk, H.: Cryptographic extraction and key derivation: the HKDF scheme. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 631–648. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14623-7_34
Lamport, L.: Constructing digital signatures from a one-way function. Technical Report SRI-CSL-98, SRI International Computer Science Laboratory (1979)
Liu, Y., Kasper, T., Lemke-Rust, K., Paar, C.: E-passport: cracking basic access control Keys. In: Meersman, R., Tari, Z. (eds.) OTM 2007. LNCS, vol. 4804, pp. 1531–1547. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-76843-2_30
Lyubashevsky, V., et al.: CRYSTALS-DILITHIUM. Technical report, National Institute of Standards and Technology (2022). https://csrc.nist.gov/Projects/post-quantum-cryptography/selected-algorithms-2022
MATZOV: Report on the Security of LWE: Improved Dual Lattice Attack (2022)
McGrew, D., Curcio, M., Fluhrer, S.: Leighton-Micali hash-based signatures. https://doi.org/10.17487/RFC8554
Merkle, R.C.: Secrecy, authentication and public key systems. Ph.D. thesis (1979). https://www.merkle.com/papers/Thesis1979.pdf
Morgner, F., von der Heyden, J.: Analyzing requirements for post quantum secure machine readable travel documents. In: Open Identity Summit 2021, pp. 205–210. Gesellschaft für Informatik e.V. (2021)
Mosca, M.: Cybersecurity in an era with quantum computers: will we be ready? Cryptology ePrint Archive, Paper 2015/1075 (2015). https://eprint.iacr.org/2015/1075
National Institute of Standards and Technology (NIST): Recommendation for stateful hash-based signature schemes, SP 800-208. Standard (2020)
Oder, T., Schneider, T., Pöppelmann, T., Güneysu, T.: Practical cca2-secure and masked ring-LWE implementation. IACR TCHES 2018(1), 142–174 (2018)
Pradel, G., Mitchell, C.: Post-quantum certificates for electronic travel documents. In: Boureanu, I., et al. (eds.) ESORICS 2020. LNCS, vol. 12580, pp. 56–73. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-66504-3_4
Prest, T., et al.: FALCON. Technical report, National Institute of Standards and Technology (2022). https://csrc.nist.gov/Projects/post-quantum-cryptography/selected-algorithms-2022
Ravi, P., Poussier, R., Bhasin, S., Chattopadhyay, A.: On configurable SCA countermeasures against single trace attacks for the NTT - a performance evaluationstudy over Kyber and Dilithium on the ARM Cortex-M4. In: Batina, L., Picek, S., Mondal, M. (eds.) SPACE 2020. LNCS, vol. 12586, pp. 123–146. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-66626-2_7
Saarinen, M.O.: Arithmetic coding and blinding countermeasures for lattice signatures - engineering a side-channel resistant post-quantum signature scheme with compact signatures. J. Cryptogr. Eng. 8(1), 71–84 (2018)
Schanck, J.M., Stebila, D.: A transport layer security (TLS) extension for establishing an additional shared secret. Internet-Draft draft-schanck-tls-additional-keyshare-00, Internet Engineering Task Force (2017). https://datatracker.ietf.org/doc/draft-schanck-tls-additional-keyshare/00/. Work in Progress
Schwabe, P., et al.: CRYSTALS-KYBER. Technical report, National Institute of Standards and Technology (2022). https://csrc.nist.gov/Projects/post-quantum-cryptography/selected-algorithms-2022
Schwabe, P., Stebila, D., Wiggers, T.: Post-quantum TLS without handshake signatures. In: CCS 2020: 2020 ACM SIGSAC Conference on Computer and Communications Security, Virtual Event, USA, 9–13 November 2020, pp. 1461–1480. ACM (2020)
Shor, P.W.: Algorithms for quantum computation: discrete logarithms and factoring. In: 35th Annual Symposium on Foundations of Computer Science, pp. 124–134. IEEE Computer Society Press (1994)
Vogt, S., Funke, H.: How quantum computers threat security of PKIs and thus EIDs. In: Open Identity Summit 2021, pp. 83–94. Gesellschaft für Informatik e.V. (2021)
Wegman, M.N., Carter, J.L.: New hash functions and their use in authentication and set equality. J. Comput. Syst. Sci. 22(3), 265–279 (1981)
Wenger, E., Chen, M., Charton, F., Lauter, K.: SALSA: attacking lattice cryptography with transformers. Cryptology ePrint Archive, Paper 2022/935 (2022). https://eprint.iacr.org/2022/935
Acknowledgements
This work was funded through the project PoQuID (WIPANO project 03TNK011A-C). WIPANO projects are financed by the German Federal Ministry for Economic Affairs and Energy and managed by Forschungszentrum Jülich. The authors thank all PoQuID project partners for the discussions and support.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendices
A Security Definitions
In this section we introduce the underlying primitives and their security notions for building the key exchange protocols as defined in, for example, [35].
1.1 A.1 Key Encapsulation
Definition 1 (Key Encapsulation Mechanism)
A key encapsulation mechanism \({\textsf{KEM}}=(\textsf{KeyGen},{\textsf{Encaps}}, {\textsf{Decaps}})\) consists of three efficient algorithms where:
-
Key Generation: Algorithm \(\textsf{KeyGen}\) on input the security parameter \(1^n\) (in unary) outputs a key pair, \((\textsf{sk},\textsf{pk})\leftarrow \textsf{KeyGen}(1^n)\). We assume that \(1^n\) is recoverable from either key.
-
Encapsulation: The encapsulation algorithm takes as input a public key \(\textsf{pk}\) and returns a ciphertext and a key, \((c,\textsf{k})\leftarrow {\textsf{Encaps}}(\textsf{pk})\). We assume usually that the key is of bit length \(n\).
-
Decapsulation: The decapsulation algorithm takes as input a secret key \(\textsf{sk}\) and a ciphertext c, and returns a key or an error symbol, \(\textsf{k}\leftarrow {\textsf{Decaps}}(\textsf{sk},c)\), where \(\textsf{k}\) is either of size \(n\) or equals \(\bot \). Usually decapsulation is deterministic.
We require that decapsulation merely has a negligible error. That is, we denote by \(\textrm{Pr}\big [{{\textbf {Exp}}^{\text {decErr}}_{{\textsf{KEM}}}(n)=1}\big ]\) the probability of an encryption error for \({\textsf{KEM}}=(\textsf{KeyGen},{\textsf{Encaps}},{\textsf{Decaps}})\), where \({\textsf{Decaps}}(\textsf{sk},c)\ne \textsf{k}\) for \((\textsf{sk},\textsf{pk})\leftarrow \textsf{KeyGen}(n)\) and \((c,\textsf{k})\leftarrow {\textsf{Encaps}}(\textsf{pk})\).
We next define CPA- and CCA-security for key encapsulation mechanism in one go:
Definition 2 (IND-CPA and IND-CCA security of KEM)
For a key encapsulation mechanism \({\textsf{KEM}}=(\textsf{KeyGen},{\textsf{Encaps}},{\textsf{Decaps}})\) and adversary \(\mathcal {A}\) define experiment \({\textbf {Exp}}^{\text {IND-att}}_{{\textsf{KEM}},\mathcal {A}}(n)\) as in Fig. 6. We say that \({\textsf{KEM}}\) is IND-att secure (for att = CPA or CCA) if for any efficient adversary \(\mathcal {A}\) we have that
is negligible.
For our key exchange protocol KemPQEAC we also use a symmetric encryption scheme (for keys \(\textsf{k}\) from \(\{0,1\}^n\)) where \(c\leftarrow \textsf{Enc}(\textsf{k},m)\) creates a ciphertext, and \(m\leftarrow \textsf{Dec}(\textsf{k},c)\) always recovers the encrypted message m. In the protocol this encryption step provides extra privacy for the chip by encrypting its identity. We do not discuss this privacy property formally here and thus neither the security notions for the encryption scheme.
1.2 A.2 Message Authentication, Signature Schemes, and Certificate Schemes
We define message authentication schemes, signature schemes, and certificate schemes with a single definition. All schemes serve the purpose of authenticating data. The only difference between the private-key message authentication codes (MACs) and the public-key signature and certificate schemes lies in the verification key \(\textsf{vk}\): MACs use the key \(\textsf{vk}=\textsf{sk}\) to verify authenticity, whereas signatures and certificates are verified against the public key \(\textsf{vk}=\textsf{pk}\). In the descriptions and security games we thus set \(\textsf{vk}\) accordingly, and the public key for MACs to be empty and for signatures and certificates equal to \(\textsf{vk}\). We call the primitive abstractly an authentication scheme:
Definition 3 (Authenticaton Scheme)
An authentication scheme \({\mathcal{A}\mathcal{S}}=({\textsf{AKGen}},{\textsf{AAuth}},{\textsf{AVf}})\) consists of three efficient algorithms such that:
-
Key Generation: Algorithm \({\textsf{AKGen}}\) on input \(1^n\) returns a key triple \((\textsf{sk},\textsf{pk},\textsf{vk})\leftarrow {\textsf{SKGen}}(1^n)\). We assume that \(n\) is recoverable from either key.
-
Authentication: On input the secret key \(\textsf{sk}\) and a message \(m\in \{0,1\}^*\), the authentication algorithm outputs an authenticator, \(\sigma \leftarrow {\textsf{AAuth}}(\textsf{sk},m)\).
-
Verification: On input a verification key \(\textsf{vk}\), a message m, an authenticator \(\sigma \), the verification algorithm outputs a decision bit, \(d\leftarrow {\textsf{AVf}}(\textsf{vk},m,\sigma )\). Usually, \({\textsf{AVf}}\) is deterministic.
We require that verification always succeeds. That is, it never happens that \({\textsf{AVf}}(\textsf{sk},m,\sigma )=0\) for any \((\textsf{sk},\textsf{pk},\textsf{vk})\leftarrow {\textsf{SKGen}}(1^n)\), any \(m\in \{0,1\}^*\), and any \(\sigma \leftarrow {\textsf{AAuth}}(\textsf{sk},m)\).
Unlike key encapsulation we define authentication schemes with perfect correctness since all known schemes in practice achieve this.
Definition 4 (EUF-CMA of Authentication Schemes)
For an authentication scheme \({\mathcal{A}\mathcal{S}}=({\textsf{AKGen}},{\textsf{AAuth}},{\textsf{AVf}})\) and adversary \(\mathcal {A}\) define experiment \({\textbf {Exp}}^{\text {EUF-CMA}}_{{\mathcal{A}\mathcal{S}},\mathcal {A}}(n)\) as in Fig. 7. We say that \({\mathcal{A}\mathcal{S}}\) is EUF-CMA if for any efficient adversary \(\mathcal {A}\) we have that \(\textrm{Pr}\big [{{\textbf {Exp}}^{\text {EUF-CMA}}_{{\mathcal{A}\mathcal{S}},\mathcal {A}}(n)=1}\big ]\) is negligible.
A signature scheme \({\mathcal {S}}=({\textsf{SKGen}},{\textsf{Sig}},{\textsf{SVf}})\) is an authenticator scheme where \((\textsf{sk},\textsf{pk},\textsf{vk})\leftarrow {\textsf{AKGen}}(1^n)\) for \((\textsf{sk},\textsf{pk})\leftarrow {\textsf{SKGen}}(1^n)\) and \(\textsf{vk}\leftarrow \textsf{pk}\). A certificate scheme \(\mathcal {C}=(\textsf{CKGen},\textsf{CSign},\textsf{CVf})\) is an authenticator scheme where \((\textsf{sk},\textsf{pk},\textsf{vk})\leftarrow {\textsf{AKGen}}(1^n)\) for \((\textsf{sk},\textsf{pk})\leftarrow \textsf{CKGen}(1^n)\) and \(\textsf{vk}\leftarrow \textsf{pk}\). A message authentication code \({\mathcal {M}}=({\textsf{MKGen}},\textsf{MAC},{\textsf{MVf}})\) is an authenticator scheme where \((\textsf{sk},\textsf{pk},\textsf{vk})\leftarrow {\textsf{AKGen}}(1^n)\) for \(\textsf{sk}\leftarrow {\textsf{MKGen}}(1^n)\) and \(\textsf{vk}\leftarrow \textsf{sk}\) and \(\textsf{pk}\leftarrow \bot \). EUF-CMA security now follows from the general definition. We usually assume that the key generation algorithm simply generates a uniformly distributed key of \(n\) bits.
1.3 A.3 Key Derivation Functions
We assume that key derivation functions act as pseudorandom functions, as long as the keying material contains enough (min-)entropy. The latter is captured by considering arbitrary distributions \(\mathcal {D}\) which take the seucurity parameter \(1^n\) as input and output \(\textsf {IKM}\) with min-entropy \(H_\infty (\textsf {IKM})\ge n\). We call such distributions non-trivial. We follow here the presentation of Krawczyk [38].
Definition 5 (Key Derivation Function)
A key derivation function \({\textsf{KDF}}\) takes as input keying material \(\textsf {IKM}\), context information \(\textsf {ctxt}\), and an integer \(\ell \), and outputs a string of length \(\ell \). We assume that the length of \(\textsf {IKM}\) determines the security parameter \(n\).
Security now requires that the key derivation function’s output for \(\textsf {IKM}\) looks random, even if the adversary sees actual derived keys at other inputs \((\textsf {ctxt},\ell )\):
Definition 6 (Pseudorandomness of Key Derivation Function)
For a key derivation function \({\textsf{KDF}}\), adversary \(\mathcal {A}\), and distribution \(\mathcal {D}\) define experiment \({\textbf {Exp}}^{\text {PRF}}_{{\textsf{KDF}},\mathcal {A},\mathcal {D}}(n)\) as in Fig. 8. We say that \({\textsf{KDF}}\) is pseudorandom if for any efficient adversary \(\mathcal {A}\) and any non-trivial distribution (with min-entropy \(n\)), we have that
is negligible.
1.4 A.4 Key Combiners
For the forward-secure version of the PQEAC protocols we use a static KEM and an ephemeral KEM to share keys \(\textsf{k}\) and \(\textsf{k}^e\). In this case the parties need to derive a single key from the two keys. This has been discussed more broadly in the context of KEM combiners in [25] and for quantum adversaries in [12], but since we have already embedded the KEM mechanism in the key exchange protocol, we focus here on the pure key combining part. We note that we cannot immediately rely on the KEM combiner in [12], since it assumes faithfully created but potentially weak encapsulations, whereas in our setting the adversary may choose the encapsulations maliciously. While Bindel et al. [12] argue that such genuine encapsulations are sufficient to build hybrid authenticated key exchange protocols via Krawczyk’s SIGMA compiler [37], the EAC protocol does not perfectly comply to the SIGMA standard.
Definition 7 (Key Combiner)
A key combiner \({\textsf{KComb}}\) takes as input keying material \(\textsf {IKM}_0,\textsf {IKM}_1\), both of length n, and outputs a string of length n.
Security demands that \({\textsf{KComb}}\) is a dual pseudorandom function, meaning that both \({\textsf{KComb}}(\textsf {IKM}_0,\cdot )\) and \({\textsf{KComb}}(\cdot ,\textsf {IKM}_1)\) are pseudorandom functions. It follows that we can reasonably assume that HKDF resp. HMAC [7, 38] or the TLS-based nested key derivation function in [53] is an appropriate instantiation for a key combiner.
Definition 8 (Dual Pseudorandomness of Key Combiner)
For a key combiner \({\textsf{KComb}}\) and adversary \(\mathcal {A}\) define experiment \({\textbf {Exp}}^{\text {dPRF}-\beta }_{{\textsf{KComb}},\mathcal {A}}(n)\) as in Fig. 9. We say that \({\textsf{KComb}}\) is (dual) pseudorandom if for any efficient adversary \(\mathcal {A}\) we have that
is negligible.
B Hybrid Schemes
KEM Combiner. To achieve hybrid security, we make use of combiner schemes as proposed by Bindel et al. [12]. In the following, let \({\textsf{KEM}}_1= (\textsf{KeyGen}_1, {\textsf{Encaps}}_1,{\textsf{Decaps}}_1)\) and \({\textsf{KEM}}_2= (\textsf{KeyGen}_2,{\textsf{Encaps}}_2,{\textsf{Decaps}}_2)\) be two KEMs and let \(\mathcal {C}[{\textsf{KEM}}_1,{\textsf{KEM}}_2] = (\textsf{KeyGen}_{\mathcal {C}},{\textsf{Encaps}}_{\mathcal {C}},{\textsf{Decaps}}_{\mathcal {C}})\) be the hybrid KEM constructed by combiner mechanism \(\mathcal {C}\) from \({\textsf{KEM}}_1\) and \({\textsf{KEM}}_2\). For all combiners, the key generation of the combined scheme will simply be the concatenation of the two scheme’s keys as shown in Fig. 10.
A combiner is called robust if it combines two or more algorithms of the same kind such that the combined scheme provides security as long as one of the components provides security.
The XOR-Combiner. A naive method to combine two KEMs would be to take the XOR of their keys \(k=k_1 \oplus k_2\) as shown in Fig. 11. As noticed by Giacon et al. [25] this results in a KEM that is IND-CPA, but not IND-CCA secure. Assuming that the challenger combines two IND-CCA secure KEMs by taking the XOR of their keys as described, then an adversary in the IND-CCA experiment can proceed as follows: Given a challenge \(({\textsf{c}}_1^*,c_2^*)\), the adversary makes two decapsulation requests for \((c_1^*,c_2)\) and \((c_1,c_2^*)\) with randomly chosen ciphertexts \(c_1=c_2\). This information then allows the adversary to compute the decapsulation of the challenge ciphertext by taking the xor: \(k = k_1^* \oplus k_2 \oplus k_1 \oplus k_2^*=k_1^* \oplus k_2^*\).
The XOR-then-MAC Combiner. A better way to combine two KEMs is the XOR-then-MAC combiner as specified in Fig. 12. This approach prevents the mix-and-match attack. The construction requires a strongly robust MAC combiner \(\mathcal {C}[{\textsf{MAC}}_1,{\textsf{MAC}}_2]\) that provides one-time unforgeability even if one of the keys are chosen adversarially. Such a MAC combiner can be instantiated based on the Carter-Wegman paradigm [58] using universal hash functions. The XOR-then-MAC combiner is shown by Bindel et al. [12] to be robust. One drawback of this construction is that the resulting key-length is only half of that of the underlying KEMs.
Signature Combiner. As with KEMs there are also combiners that provide hybrid security for signature schemes. One might be tempted to avoid the use of signature combiners and instead deploy hash-based signature schemes, which are well-known to provide post-quantum security based on very weak assumptions. Such kinds of schemes have been around since the 1980s, which means that the usual concerns over the maturity of post-quantum cryptography do not apply here. However, even when using hash-based signatures it might be wise to combine them with a classical scheme as a fallback. This is because hash-based signatures require careful state management that is often difficult to assure.
Let \(\varPi _1= (\textsf{KeyGen}_1,\textsf{Sig}_1,\textsf{Vf}_1)\) and \(\varPi _2= (\textsf{KeyGen}_2,\textsf{Sig}_2,\textsf{Vf}_2)\) be two signature schemes. Then denote as \(\mathcal {C}[\varPi _1,\varPi _2]=(\textsf{KeyGen}_\mathcal {C},\textsf{Sig}_\mathcal {C},\textsf{Vf}_\mathcal {C})\) the hybrid signature scheme constructed from \(\varPi _1\) and \(\varPi _2\) using combiner mechanism \(\mathcal {C}\). For all combiners, the key generation of the combined scheme will simply be the concatenation of the two scheme’s keys as shown in Fig. 10. A signature combiner is called robust if it combines two or more algorithms of the same kind such that the combined scheme provides security as long as one of its components provides security.
\(\mathcal {C}_{||}\) Combiner. This trivial combiner concatenates independent signatures from the two schemes side-by-side, as defined in Fig. 13. Even though very simple, the construction is shown to be robust by Bindel et al. [13].
\(\mathcal {C}_{\text {str-nest}}\)-Combiner. One problem with the \(\mathcal {C}_{||}\)-Combiner is that due to downgrade attacks, separability of signatures is usually considered a liability in signature combiners. In downgrade attacks an adversary queries a signing oracle for a combined signature and later pretends to know only one of the schemes – this makes it possible for the adversary to separate a signature from a combined signature and pass it as a forgery. If downgrade attacks are to be expected – as it might be the case with an international protocol like EAC with multiple versions in concurrent use – it is recommended to use a \(\mathcal {C}_{\text {str-nest}}\)-Combiner. Here, the second signature scheme signs both the message and the signature from the first signature scheme, as defined in Fig. 14. Bindel et al. [13] show that the \(\mathcal {C}_{\text {str-nest}}\)-Combiner is robust and inseparable.
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Fischlin, M., von der Heyden, J., Margraf, M., Morgner, F., Wallner, A., Bock, H. (2023). Post-quantum Security for the Extended Access Control Protocol. In: Günther, F., Hesse, J. (eds) Security Standardisation Research. SSR 2023. Lecture Notes in Computer Science, vol 13895. Springer, Cham. https://doi.org/10.1007/978-3-031-30731-7_2
Download citation
DOI: https://doi.org/10.1007/978-3-031-30731-7_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-30730-0
Online ISBN: 978-3-031-30731-7
eBook Packages: Computer ScienceComputer Science (R0)