Secure post‐quantum group key exchange: Implementing a solution based on Kyber

Abstract

AbstractQuantum computing poses fascinating challenges for current cryptography, threatening the security of many schemes and protocols widely used today. To adapt to this reality, the U.S. National Institute for Standards and Technology (NIST) is currently running a standardization process in search of post‐quantum (classical, yet resistant to quantum attacks) cryptographic tools, focusing on signature schemes and key encapsulation mechanisms. Many of the competing proposals also include designs for two‐party key exchange, which can be combined in different ways to fit scenarios involving parties, that is, yielding group key exchange protocols. However, very few implementations of such group protocols are available to practitioners, which face a non‐trivial challenge when deciding how to implement a protocol for establishing secure group sessions in this new post‐quantum scenario. With this in mind, the authors report on the implementation of a secure post‐quantum group key exchange protocol in the so‐called Quantum Random Oracle Model. The protocol decided to implement is based on a KEM called Kyber, which is one of the finalists of the NIST competition. Not only this group construction is the only one available in the literature using a NIST finalist, but also, among all post‐quantum designs the authors are aware of, it uses this strongest security model (as, e.g. in other proposals, the adversarial interaction with the hash functions of the system is assumed to be exclusively classical). Furthermore, experimental evidence is provided supporting this choice in terms of performance, even if the number of involved entities is large (up to 2000). All data and code are publicly available.