Hi, Post-quantum computing cryptographic algorithms are designed and available for use. Considering that the Kyber algorithm is going to be mandated by US authorities in the future as a complete replacement for asymmetric key exchange and agreement, a proposal integrating Kyber into TLS is specified with [1].
This proposal, however, has one central shortcoming: only the TLS server contributes to the security strength of the shared secret generated by Kyber. This shortcoming can be solved with a slightly improved approach where the client and the server both independent of each other contribute to the security of the communication channel where the channel even retains its security when one side has insufficient entropy. The entire analysis and the suggested proposal to address the outlined issue is provided with [2]. I would like to share this proposal to contribute to the discussion how Kyber can be applied to TLS. [1] https://www.ietf.org/archive/id/draft-ietf-tls-hybrid-design-06.txt [2] http://www.chronox.de/papers/TLS_and_Kyber_analysis.pdf Ciao Stephan _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
