Post-Quantum Security of Authenticated Key Establishment Protocols

Abstract

We present a security model for authenticated key establishment that allows for quantum interactions between the adversary and quantum oracles that emulate classical parties, resulting in a truly post-quantum security definition. We then give a generic construction for a secure protocol in the quantum random oracle model by combining a signature scheme which is existentially unforgeable under adaptive quantum chosen message attack in the quantum random oracle model (EUF-qCMA-QRO secure) with an unauthenticated key establishment protocol which is secure against a passive adversary. This construction allows us to give an explicit example of a secure protocol whose security is based on a variant of the Diffie-Hellman problem for isogenies of supersingular elliptic curves; in particular, generic security-strengthening transformations allow us to take a signature scheme which is EUF-CMA-RO secure against a quantum adversary and transform it into an EUF-qCMA-QRO signature scheme, which we combine with a standard secure unauthenticated key establishment protocol to achieve the desired result.