Protocol-Independent Interfaces for Hybrid/Multi-Key Exchange (Q21c)
Institutions like ANSSI and BSI recommend hybrid or multi-key mechanisms for the migration and transition to quantum-safe cryptography. Multi-key mechanisms combine the computation classical cryptographic schemes with quantum-safe schemes to benefit both from the security of both schemes. Several standardization drafts exist for the integration of multi-key exchange to protocols like TLS 1.3 and IPsec.
It is usually deemed the task of cryptographic libraries to perform core cryptographic operations like key exchange, exposed to the client via well-defined and abstracted programming interfaces. Such common abstractions are currently not available for multi-key exchange. Prototype implementations commonly implement multi-key schemes as part of the protocol stack by manually composing key components of the classical and quantum-safe schemes.
With regard to cryptographic agility, we argue that it is preferable to have a common abstraction for multi-key schemes in the core cryptographic library that can be used by different protocol stacks. To address this challenge, we present a common software API as part of a cryptographic library, which is usable for various protocol stacks. The speaker will lay out the scenarios of TLS and IPsec and discuss how to apply the interface while following existing IETF drafts for hybrid key-exchange in the respective protocols. They present a proof-of-concept implementation applied to TLS, which uses an OpenSSL 3 provider making use of the multi-key API. They further give an outlook on extending the interface to multi-key signatures.