Scalable Authenticated Group Key Establishment in Quantum and Post-Quantum Networks
Volume 36, Issue 2 (2025), pp. 315–335
Pub. online: 4 June 2025
Type: Research Article
Open Access
Open Access
Received
1 November 2024
1 November 2024
Accepted
1 May 2025
1 May 2025
Published
4 June 2025
4 June 2025
Abstract
Establishing secure keys over untrusted networks is one of the most fundamental cryptographic tasks. While two-party key establishment protocols are available for many scenarios, even offering resistance to potential adversaries equipped with quantum computing resources, the multi-party scenario is not as well understood. In particular, there is a need to find designs that can make the most of the technologies available to each party involved in a cooperative n-party key establishment.
We propose an authenticated key establishment protocol involving $n\geqslant 2$ parties, assuming that some—possibly all—network nodes have the potential to implement quantum key distribution (in pairs), while others only have access to standard technology. The protocol allows for the cooperative construction of a shared secret key from partial keys established by quantum and post-quantum solutions, which in turn can be implemented by different building blocks. We give a formal security analysis of our proposal using a hybrid security model simultaneously capturing quantum and classical actions and capabilities.
References
Abdalla, M., Bohli, J.-M., González Vasco, M.I., Steinwandt, R. (2007). (Password) Authenticated key establishment: from 2-party to group. In: Vadhan, S.P. (Ed.), Theory of Cryptography. Springer, Berlin, Heidelberg, pp. 499–514. https://doi.org/10.1007/978-3-540-70936-7_27.
Alagic, G., Cooper, D., Dang, Q., Dang, T., Kelsey, J.M., Lichtinger, J., Liu, Y.-K., Miller, C.A., Moody, D., Peralta, R., Perlner, R., Robinson, A., Smith-Tone, D., Apon, D. (2022). Status Report on the Third Round of the NIST Post-Quantum Cryptography Standardization Process. NIST Interagency/Internal Report (NISTIR). National Institute of Standards and Technology, Gaithersburg, MD. https://doi.org/10.6028/NIST.IR.8413.
Apon, D., Dachman-Soled, D., Gong, H., Katz, J. (2019). Constant-round group key exchange from the ring-LWE assumption. In: Post-Quantum Cryptography – 10th International Conference, PQCrypto 2019, Chongqing, China, May 8–10, 2019 Revised Selected Papers, pp. 189–205. https://doi.org/10.1007/978-3-030-25510-7_11.
Bohli, J.-M., Gonzalez Vasco, M.I., Steinwandt, R. (2007). Secure group key establishment revisited. International Journal of Information Security, 6, 243–254. https://doi.org/10.1007/s10207-007-0018-x.
Brauer, M., Vicente, R.J., Buruaga, J.S., Mendez, R.B., Braun, R.-P., Geitz, M., Rydlichkowski, P., Brunner, H.H., Fung, F., Peev, M., Pastor, A., Lopez, D.R., Martin, V., Brito, J.P. (2024). Linking QKD testbeds across Europe. Entropy, 26(2), 123. https://doi.org/10.3390/e26020123.
Braun, R.-P., Geitz, M. (2021). The OpenQKD Testbed in Berlin. In: 2021 Asia Communications and Photonics Conference (ACP), pp. 1–3. https://doi.org/10.1364/ACPC.2021.M4C.2.
Bruckner, S., Ramacher, S., Striecks, C. (2023). Muckle+: end-to-end hybrid authenticated key exchanges. In: Johansson, T., Smith-Tone, D. (Eds.), Post-Quantum Cryptography – 14th International Workshop, PQCrypto 2023, College Park, MD, USA, August 16–18, 2023, Proceedings. Lecture Notes in Computer Science, Vol. 14154. Springer, pp. 601–633. https://doi.org/0.1007/978-3-031-40003-2_22.
Cid, M.I.G., Martín, L.O., Ayuso, V.M. (2021). Madrid Quantum Network: a first step to quantum internet. In: Reinhardt, D., Müller, T. (Eds.), ARES 2021: The 16th International Conference on Availability, Reliability and Security, Vienna, Austria, August 17–20, 2021. ACM, pp. 102–11027. https://doi.org/10.1145/3465481.3470056.
Dowling, B., Hansen, T.B., Paterson, K.G. (2020). Many a mickle makes a muckle: a framework for provably quantum-secure hybrid key exchange. In: Ding, J., Tillich, J. (Eds.), Post-Quantum Cryptography – 11th International Conference, PQCrypto 2020, Paris, France, April 15–17, 2020, Proceedings. Lecture Notes in Computer Science, Vol. 12100. Springer, pp. 483–502. https://doi.org/10.1007/978-3-030-44223-1_26.
Escribano Pablos, J.I., Marriaga, M.E., del Pozo, A.L.P. (2022). Design and implementation of a post-quantum group authenticated key exchange protocol with the LibOQS Library: a comparative performance analysis from classic McEliece, Kyber, NTRU, and Saber. IEEE Access, 10, 120951–120983. https://doi.org/10.1109/access.2022.3222389.
Escribano Pablos, J.I., Gonzalez Vasco, M.I., Marriaga, M.E., Perez del Pozo, A.L. (2020). Compiled constructions towards post-quantum group key exchange: a design from kyber. Mathematics, 8(10). https://doi.org/10.3390/math8101853.
Geitz, M., Doering, R., Braun, R.-P. (2023). Hybrid QKD and PQC protocols implemented in the Berlin OpenQKD testbed. In: 2023 8th International Conference on Frontiers of Signal Processing (ICFSP), pp. 69–74. https://doi.org/10.1109/icfsp59764.2023.10372894.
Hövelmanns, K., Kiltz, E., Schäge, S., Unruh, D. (2020). Generic authenticated key exchange in the quantum random oracle model. In: Kiayias, A., Kohlweiss, M., Wallden, P., Zikas, V. (Eds.), Public-Key Cryptography – PKC 2020. Springer International Publishing, Cham, pp. 389–422. 978-3-030-45388-6. https://doi.org/10.1007/978-3-030-45388-6_14.
James, P., Laschet, S., Ramacher, S., Torresetti, L. (2023). Key management systems for large-scale quantum key distribution networks. In: Proceedings of the 18th International Conference on Availability, Reliability and Security, ARES 2023, Benevento, Italy, 29 August 2023–1 September 2023. ACM, pp. 126–11269. https://doi.org/10.1145/3600160.3605050.
Kozlovics, S., Petrucena, K., Larins, D., Viksna, J. (2023). Quantum key distribution as a service and its injection into TLS. In: Meng, W., Yan, Z., Piuri, V. (Eds.), Information Security Practice and Experience – 18th International Conference, ISPEC 2023, Copenhagen, Denmark, August 24–25, 2023, Proceedings. Lecture Notes in Computer Science, Vol. 14341. Springer, pp. 527–545. https://doi.org/10.1007/978-981-99-7032-2_31.
Mosca, M., Stebila, D., Ustaoğlu, B. (2013). Quantum key distribution in the classical authenticated key exchange framework. In: Gaborit, P. (Ed.), Post-Quantum Cryptography. Springer, Berlin, Heidelberg, pp. 136–154. https://doi.org/10.1007/978-3-642-38616-9_9.
Müller-Quade, J., Unruh, D. (2010). Long-term security and universal composability. Journal of Cryptology, 23(4), 594–671. https://doi.org/10.1007/978-3-540-70936-7_3.
Nam, J., Paik, J., Won, D. (2011). A security weakness in Abdalla et als generic construction of a group key exchange protocol. Information Sciences, 181(1), 234–238. https://doi.org/10.1016/j.ins.2010.09.011.
Pass, R. (2004). Alternative Variants of Zero-Knowledge Proofs. Licentiate thesis. KTH Numerical Analysis and Computer Science, Stockholm. Available at http://www.cs.cornell.edu/~rafael/papers/raf-lic.pdf.
Unruh, D. (2022). Computationally binding quantum commitments. Cryptology ePrint Archive, Paper 2015/361. Recition 2. Available at https://eprint.iacr.org/2015/361. Major revision of an IACR publication in EUROCRYPT 2016.
Viksna, J., Kozlovics, S., Rencis, E. (2023). Integrating quantum key distribution into hybrid quantum-classical networks. In: Applied Cryptography and Network Security Workshops – ACNS 2023. Lecture Notes in Computer Science, Vol. 13907. Springer, pp. 695–699. https://doi.org/10.1007/978-3-031-41181-6_42.
Wu, W., Chung, J., Kanter, G., Lauk, N., Valivarthi, R., Ceballos, R.R., Pena, C., Sinclair, N., Thomas, J.M., Eastman, E.M., Xie, S., Kettimuthu, R., Kumar, P., Spentzouris, P., Spiropulu, M. (2021). Illinois express quantum network for distributing and controlling entanglement on metro-scale. In: 2021 IEEE/ACM Second International Workshop on Quantum Computing Software (QCS), pp. 35–42. https://doi.org/10.1109/QCS54837.2021.00008.
Zhandry, M. (2015). A note on the quantum collision and set equality problems. Quantum Information & Computation, 15(7–8), 0557–0567. Preprint available as arXiv:1312.1027v3. https://doi.org/10.5555/2871411.2871413.
Biographies
González Vasco Maria Isabel
M.I. González Vasco is a full professor of Applied Mathematics at Universidad Carlos III de Madrid, specializing in mathematical cryptography. She holds a PhD in mathematics from the University of Oviedo and focuses on provable security and quantum-resistant cryptography. She has co-directed NATO-funded projects and collaborates with international institutions. González Vasco is currently vicepresident of the Real Sociedad Matemática Española.
Steinwandt Rainer
R. Steinwandt is currently dean of the College of Science at the University of Alabama in Huntsville (UAH). Previously, he chaired the Department of Mathematical Sciences and directed the Center for Cryptology and Information Security at Florida Atlantic University (FAU). He earned his MS and PhD in computer science from the University of Karlsruhe, Germany, specializing in computer algebra. His research focuses on cryptology, including quantum cryptanalysis and quantum-safe cryptography, with funding from agencies such as the National Science Foundation, the National Institute of Standards and Technology, and NATO SPS.
