CryptoDB
Making Signal Post-quantum Secure: Post-quantum Asynchronous Deniable Key Exchange from Key Encapsulation and Designated Verifier Signatures
| Authors: | |
|---|---|
| Download: | |
| Presentation: | Slides |
| Abstract: | The Signal protocol for end-to-end encrypted messaging provides a range of desirable security properties: asynchronicity, offline deniability, mutual implicit authentication, forward secrecy, and post-compromise security. Transitioning Signal to a post-quantum secure version with the same guarantees proves tricky, however. This is due to the fact that post-quantum key encapsulation mechanisms cannot be used as a drop-in replacement for the clever use of the Diffie--Hellman protocol in Signal's initial key exchange X3DH. In this talk, we elaborate on this obstacle, which may arise in further high-level protocols with subtle security guarantees, and show how to achieve asynchronous deniable key exchange from key encapsulation mechanisms and designated verifier signatures. In particular, we present a provably-secure construction for the post-quantum Signal initial key agreement which achieves the same security guarantees as the currently used X3DH. |
BibTeX
@misc{rwc-2022-35498,
title={Making Signal Post-quantum Secure: Post-quantum Asynchronous Deniable Key Exchange from Key Encapsulation and Designated Verifier Signatures},
note={Presentation at \url{https://iacr.org/submit/files/slides/2022/rwc/rwc2022/56/slides.pdf}},
howpublished={Talk given at RWC 2022},
author={Jacqueline Brendel and Rune Fiedler and Felix Günther and Christian Janson and Douglas Stebila},
year=2022
}