[Cryptography] Quantum proofing Mesh Crypto

[Phillip Hallam-Baker]

I am close to release, but getting a lot of pushback from people who demand
'Quantum resistant' crypto. And none of the candidates for the NIST PQC
competition do threshold. So here is my plan.

At the option of the user, documents MAY be encrypted under a combination
of threshold key release and Ford-Weiner key release.

I assume that anyone who is concerned about Quantum Crypto is going to run
their own key service. So I am not going to be overly worried about the
risk of the key service holding the data owner to ransom etc. But I am
still going to worry about the possibility that the key server admin might
be an insider threat.

The goal is a system in which the key service is not a point of compromise
for confidentiality unless they have access to a quantum computer.


The technical implementation is straightforward and does not depend on any
PQC algorithm (but these could be useful for later editions.)

I add two new cryptography options to the key service 'encrypt to secret
key' and 'decrypt to secret key'.


To encrypt a document to a quantum hardened group Alice

Requests a symmetric encryption token k_s with identifier i_s from the
service
Performs a Key Exchange to the Group public key to obtain k_g
Uses k_s || k_g as the input to the KDF.

So decrypting the document requires the use of BOTH the symmetric token and
the group decryption..

To decrypt, Bob:

Requests the decryption token k_s
Requests the Group decryption contribution k_gs
Performs its own Group decryption against its own share k_g0

use k_s || (k_gs + k_go) as the input to the KDF.


[Russ Housley proposed something to LAMPS that got me thinking on this.]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20211114/d0473429/attachment.htm>