Security

Let's harden Internet crypto so quantum computers can't crack it

Draft blends asymmetric public/private key encryption and one-time pad analogs


In case someone manages to make a general purpose quantum computer one day, a group of IETF authors have put forward a proposal to harden Internet key exchange.

It's a handy reminder that in spite of a stream of headlines telling us that quantum computers will break cryptography, there's a substantial amount of research going into “post quantum” crypto – and also a sign that standards authors think there's enough work out there to justify an Internet Draft.

While only an “informational” document at this stage, what the authors describe is how to extend Internet Key Exchange v2 (RFC 7296*, IKEv2) to support a quantum-safe key exchange.

The work-in-progress suggests an optional IKEv2 payload “used in conjunction with the existing Diffie-Hellman key exchange to establish a quantum-safe shared secret between an initiator and a responder,” and it supports a number of suitable key exchange schemes.

One way keys can be quantum-safe, the draft explains, is for them to be randomly generated and ephemeral – in other words, it's an attempt to blend two cryptographic concepts, asymmetric public/private key encryption and something akin to a one-time pad.

The brief explanation of such a key encapsulation mechanism (KEM) is: “the initiator randomly generates a random, ephemeral public and private key pair, and sends the public key to the responder in QSKEi payload. The responder generates a random entity, encrypts it using the received public key, and sends the encrypted quantity to the initiator in QSKEr payload. The initiator decrypts the encrypted payload using the private key. After this point of the exchange, both initiator and responder have the same random entity from which the quantum-safe shared secret (QSSS) is derived.”

Naturally, a quantum-safe key exchange can only take place if both ends of the conversation support it; if not, the draft says, the transaction has to fall back to an ordinary IKEv2 exchange.

We don't yet have a general purpose quantum computer, so why bother? – Because if we do reach a point where Shor's algorithm is solvable by general purpose quantum computers, there'll be a lot of stored traffic it could be applied to.

Research into quantum-safe ciphers has yielded a couple of schemes the paper's authors consider serious enough to be name-checked in the paper: two variants of what's called Ring Learning With Errors; and two approaches to NTRU Lattices. ®

Bootnote: This article originally referenced the original IKEv2 RFC, RFC 5996. Our thanks to co-author of the standard, Graham Bartlett, who contacted us to note that the RFC's been updated via RFC 7296. ®

Send us news
41 Comments

Farewell .NET 7, support ends in May - we hardly knew you

Standard Term Support means only 18 months before retirement

Amazon fined in Europe for screwing shoppers with underhand dark patterns

E-commerce titan to appeal sanction amounting to three hours of annual profit

Do not touch that computer. Not even while wearing gloves. It is a biohazard

PLUS: Dodging rats the size of cats while repairing chewed-through cabling

Microsoft rolls out safety tools for Azure AI. Hint: More models

Defenses against prompt injection, hallucination arrive as Feds eye ML risks

Hillary Clinton: 2024 will be 'ground zero' for AI election manipulation

2016 meddling was 'primitive' compared to what's ahead

Cloud server host Vultr rips user data ownership clause from ToS after web outrage

We know the average customer doesn't have a law degree, CEO tells us

HPE bakes LLMs into Aruba as AI inches closer to network takeover

But don't worry, the models are here to help summarize technical docs and answer your questions ... for now

Pressuring allies not to fulfill chip kit service contracts with China now official US policy

Xi Jinping warns 'no force' can stop country's science and tech progress

JetBrains keeps mum on 26 'security problems' fixed after Rapid7 spat

Vendor takes hardline approach to patch disclosure to new levels

University of Washington's Workday woes leave research grants in limbo

$340M finance upgrade still working out the kinks

FTX crypto-crook Sam Bankman-Fried gets 25 years in prison

Could have been worse: Prosecutors wanted decades more

Nvidia's newborn ChatRTX bot patched for security bugs

Flaws enable privilege escalation and remote code execution