Jürgens, M. (2021):
Quantum-safe Signature Scheme for IKEv2 based on Isogenies
A quantum-safe Signature Scheme for IKEv2 based on Isogenies
With the field of quantum computing emerging fast and as a result of technology enhancements, it only seems to be a matter of time, until quantum computers will be able to break a large number of cryptographic algorithms that secure the internet of today. Although quantum computers are currently not powerful enough to actually execute attacks on those cryptographic algorithms, now is the right time to think about how to prevent this potential future threat. Post-quantum cryptography is the field of research which deals with that kind of threat.
The IPSec protocol-suite is one of the protocols securing the internet and it is prone to be broken with the rise of sufficiently powerful quantum computers. Ongoing work exists to secure the initial key exchange of IPSec done by the IKEv2, from which all keys for further encrypted communication are derived. This prevents attackers to capture IPSec-packets in transit and use a quantum computer to decrypt those packages later. The authentication mechanism of IKEv2 nevertheless can be attacked by exploiting the incorporated non-quantum-resistant signature scheme. This enables an attacker to to claim a false identity when establishing an IPSec-connection.
This work aims to provide a version of IKEv2 extended by a signature scheme that is resistant to attacks driven by quantum computers. This signature scheme relies on the problem of finding isogenies between supersingular elliptic curves and is assumed to be quantum-resistant.
We give an introduction to isogeny based cryptography, including a brief explanation of the mathematical foundations it is based on. Further we discuss signature schemes based on isogenies which evolve from Unruh's transformation of non-interactive zero knowledge proofs.
The work contributes a detailed analysis of requirements for PQ-Signature IKEv2, to comply with constraints that exist within the IKEv2-protocol and also to ensure interoperability and backwards compatibility. The resulting protocol specification reflects the elaborated requirements and allows two peers that try to communicate via IPSec to authenticate in a quantum-safe manner. A proof-of-concept implementation based on the aforementioned protocol is proposed. Finally an extensive evaluation of the protocol design as well as of the implementation is given, discussing the advantages and limitations of the new approach.