Quantum-Safe Group Key Establishment Protocol from Lattice Trapdoors
Abstract
:1. Introduction
- Smart lighting: A smart building may have its lighting devices grouped according to their location and connected to a switch, which acts as a gateway. It is important that the switch is able so send group messages to the devices to control lighting levels and related functions;
- Software updates: A gateway downloads a software update and simply broadcasts it to the group so that member nodes patch. The alternative is each device downloads the patch independently, which results in generating unnecessary traffic;
- Emergency broadcasts: The control center of some automation may be forced to stop or start many devices in the process with a single command, minimizing time and resource requirements;
- e-Health: A sensor implanted in a patient’s body may broadcast readings to a group of receivers, such as nurses, doctors, and even chat servers.
- A new method of designing a cryptographic group-key management protocol from lattice trapdoors is presented. Lattice trapdoors have been shown to be extremely versatile for designing various cryptographic primitives such as digital signatures and identity-based encryption (IBE) schemes [13]. The work presented here is a new addition to the list of cryptographic objects that can be built from lattice trapdoors. Since the computations involved are inherently lightweight, the protocol can be implemented and deployed in various IoT environments; hence, they contribute towards preparing the IoT for a future where quantum computers are a reality;
- A new mechanism for cryptographic group-key establishment where the group key is not stored in any of the constituent devices, so that an attacker cannot learn the cryptographic group key by physically examining a given device is also presented here. Moreover, we exhibit efficient mechanisms for adding or removing users from and to a secure group, in a manner that maintains standard security requirements, such as forward and backward secrecy.
2. Related Work
3. Preliminaries
3.1. Notation
3.2. Lattice Trapdoors
3.3. Hard Lattice Problems
4. System Model and Security Requirements
- Requirement 1: Any user cannot learn the group key without solving a hard lattice problem;
- Requirement 2: Each session group key is independent from any other session key;
- Requirement 3: A user is added to in a forward- and backward-secrecy-preserving manner.
5. Proposed Scheme
5.1. Setting Up a Lattice Trapdoor
Algorithm 1: A Short-Basis Lattice from a Long-Basis Lattice |
|
Algorithm 2: Trapdoor Setup |
|
5.2. Group Key from a One-Way Function with a Trapdoor
5.3. The Group Key and Group-Message Encryption
Algorithm 3: Group-Message Encryption |
Result: Encrypted group message Input: Encryption algorithm , message m, pseudo-random function f Choose randomly Compute Compute Broadcast c as the encrypted group message |
5.4. Decrypting a Group Message
5.5. Adding a New Node to a Group
Algorithm 4: Adding a Node to |
|
5.6. Removing a Node from a Group
5.7. Generating Session Keys
6. Proof of Correctness and Security
- Requirement 1: An attacker that attempts to recover one of the short bases or generate a new short basis for the lattice has to solve a version of the (approximate) shortest vector problem (SVP) [40], which we conjecture to be computationally hard. An attacker that attempts to directly recover the secret by inverting the one-way function g has to solve a version of the BDD problem, since the two problems are computationally equivalent. The BDD problem is again conjectured to be computationally hard. Therefore, a passive adversary cannot recover without solving either one of the two lattice problems. Since we conjecture the problems to be hard even for quantum computers, we conclude that the protocol is quantum-safe. The confidentiality of a message m encrypted using s follows as a corollary, assuming that the encryption scheme is quantum-safe. The encryption scheme could be a standard protocol, such as the AES, with a proper key length to account for possible quantum-based attacks;
- Requirement 2: This easily follows from the fact that, at each round, a user chooses randomly;
- Requirement 3: By design, the addition of a new node into forces each node to acquire a new that is not related to the previous or a future .
7. Results and Performance Analysis
8. Conclusions and Direction for Future Work
Author Contributions
Funding
Institutional Review Board Statement
Informed Consent Statement
Data Availability Statement
Conflicts of Interest
References
- Stankovic, J.A. Research directions for the internet of things. IEEE Internet Things J. 2014, 1, 3–9. [Google Scholar] [CrossRef]
- Zhang, Z.K.; Cho, M.C.Y.; Wang, C.W.; Hsu, C.W.; Chen, C.K.; Shieh, S. IoT security: Ongoing challenges and research opportunities. In Proceedings of the 2014 IEEE 7th International Conference on Service-Oriented Computing and Applications, Matsue, Japan, 17–19 November 2014; pp. 230–234. [Google Scholar]
- Porambage, P.; Braeken, A.; Schmitt, C.; Gurtov, A.; Ylianttila, M.; Stiller, B. Group key establishment for enabling secure multicast communication in wireless sensor networks deployed for IoT applications. IEEE Access 2015, 3, 1503–1511. [Google Scholar] [CrossRef]
- Tiloca, M.; Nikitin, K.; Raza, S. Axiom: DTLS-based secure IoT group communication. ACM Trans. Embed. Comput. Syst. 2017, 16, 1–29. [Google Scholar] [CrossRef] [Green Version]
- Gebremichael, T.; Jennehag, U.; Gidlund, M. Lightweight iot group key establishment scheme using one-way accumulator. In Proceedings of the 2018 International Symposium on Networks, Computers and Communications (ISNCC), Rome, Italy, 19–21 June 2018; pp. 1–7. [Google Scholar]
- Ferrari, N.; Gebremichael, T.; Jennehag, U.; Gidlund, M. Lightweight group-key establishment protocol for IoT devices: Implementation and performance Analyses. In Proceedings of the 2018 Fifth International Conference on Internet of Things: Systems, Management and Security, Valencia, Spain, 15–18 October 2018; pp. 31–37. [Google Scholar]
- Gisin, N.; Ribordy, G.; Tittel, W.; Zbinden, H. Quantum cryptography. Rev. Mod. Phys. 2002, 74, 145. [Google Scholar] [CrossRef] [Green Version]
- Bernstein, D.J. Introduction to post-quantum cryptography. In Post-Quantum Cryptography; Springer: Berlin/Heidelberg, Germany, 2009; pp. 1–14. [Google Scholar]
- Micciancio, D.; Regev, O. Lattice-based cryptography. In Post-Quantum Cryptography; Springer: Berlin/Heidelberg, Germany, 2009; pp. 147–191. [Google Scholar]
- Gentry, C. Toward basing fully homomorphic encryption on worst-case hardness. In Proceedings of the Annual Cryptology Conference, Santa Barbara, CA, USA, 15–19 August 2010; pp. 116–137. [Google Scholar]
- Shor, P.W. Algorithms for quantum computation: Discrete logarithms and factoring. In Proceedings of the 35th Annual Symposium on Foundations of Computer Science, Santa Fe, NM, USA, 20–22 November 1994; pp. 124–134. [Google Scholar]
- Regev, O. On lattices, learning with errors, random linear codes, and cryptography. J. ACM 2009, 56, 1–40. [Google Scholar] [CrossRef]
- Peikert, C. A decade of lattice cryptography. Found. Trends Theor. Comput. Sci. 2016, 10, 283–424. [Google Scholar] [CrossRef]
- Raza, S.; Seitz, L.; Sitenkov, D.; Selander, G. S3K: Scalable security with symmetric keys—DTLS key establishment for the Internet of Things. IEEE Trans. Autom. Sci. Eng. 2016, 13, 1270–1280. [Google Scholar] [CrossRef] [Green Version]
- Halford, T.R.; Courtade, T.A.; Chugg, K.M. Energy-efficient, secure group key agreement for ad hoc networks. In Proceedings of the 2013 IEEE Conference on Communications and Network Security (CNS), Washington, DC, USA, 14–16 October 2013; pp. 181–188. [Google Scholar]
- Lei, X.; Liao, X. NTRU-KE: A Lattice-based Public Key Exchange Protocol. Cryptol. ePrint Arch. 2013, 2013, 718. [Google Scholar]
- Diffie, W.; Hellman, M. New directions in cryptography. IEEE Trans. Inf. Theory 1976, 22, 644–654. [Google Scholar] [CrossRef] [Green Version]
- Banerjee, U.; Chandrakasan, A.P. Efficient Post-Quantum TLS Handshakes using Identity-Based Key Exchange from Lattices. In Proceedings of the ICC 2020-2020 IEEE International Conference on Communications (ICC), Dublin, Ireland, 7–11 June 2020; pp. 1–6. [Google Scholar]
- Arul, R.; Raja, G.; Almagrabi, A.O.; Alkatheiri, M.S.; Chauhdary, S.H.; Bashir, A.K. A quantum-safe key hierarchy and dynamic security association for LTE/SAE in 5G scenario. IEEE Trans. Ind. Inform. 2019, 16, 681–690. [Google Scholar] [CrossRef]
- Murugan, G. An Efficient Algorithm on Quantum Computing With Quantum Key Distribution for Secure Communication. Int. J. Commun. 2020, 5. [Google Scholar]
- Banupriya, S.; Kottursamy, K.; Bashir, A.K. Privacy-preserving hierarchical deterministic key generation based on a lattice of rings in public blockchain. Peer-to-Peer Netw. Appl. 2021, 14, 2813–2825. [Google Scholar] [CrossRef]
- Yi, H. Secure Social Internet of Things Based on Post-Quantum Blockchain. IEEE Trans. Netw. Sci. Eng. 2021, 9, 950–957. [Google Scholar] [CrossRef]
- Regev, O. The learning with errors problem. Invit. Surv. 2010, 7, 30. [Google Scholar]
- Micciancio, D.; Goldwasser, S. Complexity of Lattice Problems: A Cryptographic Perspective; Springer: Berlin/Heidelberg, Germany, 2012; Volume 671. [Google Scholar]
- Alwen, J.; Peikert, C. Generating shorter bases for hard random lattices. Theory Comput. Syst. 2009, 48, 535–553. [Google Scholar] [CrossRef] [Green Version]
- Hoffstein, J.; Pipher, J.; Silverman, J.H. NTRU: A ring-based public key cryptosystem. In International Algorithmic Number Theory Symposium; Springer: Berlin/Heidelberg, Germany, 1998; pp. 267–288. [Google Scholar]
- Peikert, C. An efficient and parallel Gaussian sampler for lattices. In Proceedings of the Annual Cryptology Conference, Santa Barbara, CA, USA, 15–19 August 2010; pp. 80–97. [Google Scholar]
- Naoui, S.; Elhdhili, M.E.; Saidane, L.A. Security analysis of existing IoT key management protocols. In Proceedings of the 2016 IEEE/ACS 13th International Conference of Computer Systems and Applications (AICCSA), Agadir, Morocco, 29 November–2 December 2016; pp. 1–7. [Google Scholar]
- Lee, E.J.; Lee, S.E.; Yoo, K.Y. A certificateless authenticated group key agreement protocol providing forward secrecy. In Proceedings of the 2008 International Symposium on Ubiquitous Multimedia Computing, Hobart, Australia, 13–15 October 2008; pp. 124–129. [Google Scholar]
- Micciancio, D.; Peikert, C. Trapdoors for lattices: Simpler, tighter, faster, smaller. In Proceedings of the Annual International Conference on the Theory and Applications of Cryptographic Techniques, Cambridge, UK, 15–19 April 2012; pp. 700–718. [Google Scholar]
- Ajtai, M. Generating hard instances of the short basis problem. In International Colloquium on Automata, Languages, and Programming; Springer: Berlin/Heidelberg, Germany, 1999; pp. 1–9. [Google Scholar]
- Ajtai, M. Representing hard lattices with O (n log n) bits. In Proceedings of the Thirty-Seventh Annual ACM Symposium on Theory of Computing, Baltimore, MD, USA, 22–24 May 2005; pp. 94–103. [Google Scholar]
- Peikert, C.; Vaikuntanathan, V.; Waters, B. A framework for efficient and composable oblivious transfer. In Proceedings of the Annual International Cryptology Conference, Santa Barbara, CA, USA, 17–21 August 2008; pp. 554–571. [Google Scholar]
- Tian, Z.; Qiao, S. A complexity analysis of a Jacobi method for lattice basis reduction. In Proceedings of the Fifth International C* Conference on Computer Science and Software Engineering, Montreal, QC, Canada, 27–29 June 2012; pp. 53–60. [Google Scholar]
- MacKay, D.J.; Neal, R.M. Near Shannon limit performance of low density parity check codes. Electron. Lett. 1996, 32, 1645–1646. [Google Scholar] [CrossRef]
- Balenson, D.; McGrew, D.; Sherman, A. Key management for large dynamic groups: One-way function trees and amortized initialization. Mar 1999, 15, 1–14. [Google Scholar]
- Ghanem, S.M.; Abdel-Wahab, H. A secure group key management framework: Design and rekey issues. In Proceedings of the Eighth IEEE Symposium on Computers and Communications, ISCC 2003, Antalya, Turkey, 30 June–3 July 2003; pp. 797–802. [Google Scholar]
- Di Pietro, R.; Mancini, L.V.; Jajodia, S. Providing secrecy in key management protocols for large wireless sensors networks. Ad Hoc Netw. 2003, 1, 455–468. [Google Scholar] [CrossRef]
- Gentry, C.; Peikert, C.; Vaikuntanathan, V. Trapdoors for hard lattices and new cryptographic constructions. In Proceedings of the Fortieth Annual ACM Symposium on Theory of Computing, Victoria, BC, Canada, 17–20 May 2008; pp. 197–206. [Google Scholar]
- Peikert, C. Public-key cryptosystems from the worst-case shortest vector problem. In Proceedings of the Forty-First Annual ACM Symposium on Theory of Computing, Bethesda, MD, USA, 31 May–2 June 2009; pp. 333–342. [Google Scholar]
- Dunkels, A.; Gronvall, B.; Voigt, T. Contiki-a lightweight and flexible operating system for tiny networked sensors. In Proceedings of the 29th Annual IEEE International Conference on Local Computer Networks, Tampa, FL, USA, 16–18 November 2004; pp. 455–462. [Google Scholar]
- Nath, O. Review on raspberry pi 3b+ and its scope. Int. J. Eng. Appl. Sci. Technol. 2020, 4, 157–159. [Google Scholar] [CrossRef]
- Peikert, C. Lattice cryptography for the internet. In International Workshop on Post-Quantum Cryptography; Springer: Berlin/Heidelberg, Germany, 2014; pp. 197–219. [Google Scholar]
- Lyubashevsky, V.; Peikert, C.; Regev, O. A toolkit for ring-LWE cryptography. In Proceedings of the Annual International Conference on the Theory and Applications of Cryptographic Techniques, Athens, Greece, 26–30 May 2013; pp. 35–54. [Google Scholar]
- Micciancio, D. Generalized compact knapsacks, cyclic lattices, and efficient one-way functions. Comput. Complex. 2007, 16, 365–411. [Google Scholar] [CrossRef] [Green Version]
Function | Running Time |
---|---|
Setting up trapdoor | |
Encrypting a group message | |
Decrypting a group message | |
Generating a session key | |
Adding a node | |
Removing a node |
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations. |
© 2022 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Gebremichael, T.; Gidlund, M.; Hancke, G.P.; Jennehag, U. Quantum-Safe Group Key Establishment Protocol from Lattice Trapdoors. Sensors 2022, 22, 4148. https://doi.org/10.3390/s22114148
Gebremichael T, Gidlund M, Hancke GP, Jennehag U. Quantum-Safe Group Key Establishment Protocol from Lattice Trapdoors. Sensors. 2022; 22(11):4148. https://doi.org/10.3390/s22114148
Chicago/Turabian StyleGebremichael, Teklay, Mikael Gidlund, Gerhard P. Hancke, and Ulf Jennehag. 2022. "Quantum-Safe Group Key Establishment Protocol from Lattice Trapdoors" Sensors 22, no. 11: 4148. https://doi.org/10.3390/s22114148
APA StyleGebremichael, T., Gidlund, M., Hancke, G. P., & Jennehag, U. (2022). Quantum-Safe Group Key Establishment Protocol from Lattice Trapdoors. Sensors, 22(11), 4148. https://doi.org/10.3390/s22114148