We’d like IPSECME WG to consider the following Internet Draft as a less-expensive (and formally-proven 😉) candidate Post-Quantum authenticated exchange within IKEv2. In our opinion, it is “better” than the current approach of “explicit” signatures – we follow the MQV/HMQV design. Basically, PQuAKE is a Hybrid PQ Authenticated Key Exchange – it uses IKE_INIT ECC step to provide Classic protection.
(As you can see, I’m also “shopping” it to the LAKE WG, because their very title says “ Lightweight Authenticated Key Exchange – exactly what our protocol offers.) Here are the details – would love to have it discussed, and (hopefully!) accepted here: Name: draft-uri-lake-pquake Revision: 00 Title: PQuAKE - Post-Quantum Authenticated Key Exchange Date: 2025-04-22 Group: Individual Submission Pages: 17 URL: https://www.ietf.org/archive/id/draft-uri-lake-pquake-00.txt <https://www.ietf.org/archive/id/draft-uri-lake-pquake-00.txt> Status: https://datatracker.ietf.org/doc/draft-uri-lake-pquake/ <https://datatracker.ietf.org/doc/draft-uri-lake-pquake/> HTML: https://www.ietf.org/archive/id/draft-uri-lake-pquake-00.html <https://www.ietf.org/archive/id/draft-uri-lake-pquake-00.html> HTMLized: https://datatracker.ietf.org/doc/html/draft-uri-lake-pquake <https://datatracker.ietf.org/doc/html/draft-uri-lake-pquake> Abstract: This document defines the Post-Quantum Authenticated Key Exchange (PQuAKE) protocol that addresses the needs of bandwidth- and/or power-constrained environments, while maintaining strong security guarantees. It accomplishes that by minimizing the number of bits that need to be exchanged and by utilizing an implicit peer authentication approach similar to Menezes-Qu-Vanstone (MQV) design. This protocol is suitable for integration into protocols that establish dynamic secure sessions, such as Extensible Authentication Protocol (EAP), Internet Key Exchange Version 2 (IKEv2), or Secure Communications Interoperability Protocol (SCIP). This protocol has proofs in the verifiers Verifpal and CryptoVerif for security properties such as secrecy of the session key, mutual authentication, identity hiding with a pre-shared secret, and forward secrecy of the session key. The authors are in the process of publishing the proofs. Thank you! -- V/R, Uri Blumenthal
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ IPsec mailing list -- ipsec@ietf.org To unsubscribe send an email to ipsec-le...@ietf.org
