Hi Ray,

Scott's https://datatracker.ietf.org/doc/draft-fluhrer-qr-ikev2/ is the first 
take of QC resistant IKEv2. It is still in its early stages and has not been 
adopted as any WG's item yet.

Feedback is welcome.

Rgs,
Panos



From: IPsec [mailto:ipsec-boun...@ietf.org] On Behalf Of Perlner, Ray
Sent: Wednesday, January 06, 2016 3:33 PM
To: ipsec@ietf.org
Cc: Liu, Yi-Kai <yi-kai....@nist.gov>; Moody, Dustin <dustin.mo...@nist.gov>; 
Frankel, Sheila E. <sheila.fran...@nist.gov>; Waltermire, David A. 
<david.walterm...@nist.gov>
Subject: [IPsec] NIST question concerning IKEv2 and quantum resistance

Hi all.

NIST is investigating quantum-resistant alternatives to presently standardized 
public-key algorithms. We are reaching out to the IPSec working group to 
determine if there are any unique needs associated with trying to add 
quantum-resistance to IKEv2, which currently only uses variants of the 
Diffie-Hellman key exchange.

We believe a number of the properties of the Diffie-Hellman construction (such 
as perfect forward secrecy) can be met using generic constructions based on 
standard cryptographic primitives and security models (such as IND-CCA2 
encryption and EUF-CMA signature) as long as key generation times are fast. If 
IKEv2 can accommodate such generic constructions, there are likely to be many 
proposals to choose from. However, there are some additional properties of the 
Diffie-Hellman exchange which may be difficult to duplicate (such as the 
property that the responder can compute his key exchange message without seeing 
the initiator's key-exchange message) and it's not as clear to us what the 
security model for a key exchange replacing DH should be.

So in summary, we would like to answers to the following questions:

1)      Can IKEv2 can be modified to replace the Diffie-Hellman exchange with a 
generic construction based on standard encryption, signature, and PRF 
primitives?

2)       If not, what specific security and correctness requirements should we 
target to meet the need?

Thanks,
Ray





_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec

Reply via email to