Mathematical Mesh 3.0 Part X: Considerations for Quantum Cryptanalysis Resistance
phill@hallambaker.com
The Mathematical Mesh 'The Mesh' is an infrastructure that facilitates the exchange of configuration and credential data between multiple user devices and provides end-to-end security. This document describes.
[Note to Readers]
Discussion of this draft takes place on the MATHMESH mailing list (mathmesh@ietf.org), which is archived at https://mailarchive.ietf.org/arch/search/?email_list=mathmesh.
This document is also available online at .
One of the core goals of the Mesh is to move the state of the art in commercial cryptography beyond that achieved in the 1990s when PKIX, S/MIME and OpenPGP were first developed. While each of these infrastructures and protocols has been subject to incremental improvement, none has seen widespread adoption of new cryptographic approaches.
- Quantum Resistant Signatures.
This section presents the related specifications and standard, the terms that are used as terms of art within the documents and the terms used as requirements language.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in .
The terms of art used in this document are described in the Mesh Architecture Guide .
The architecture of the Mathematical Mesh is described in the Mesh Architecture Guide . The Mesh documentation set and related specifications are described in this document.
The implementation status of the reference code base is described in the companion document .
Quantum computing has made considerable advances over the past decade and the field has now reached the point where a machine weighing many tons can apply Shor's algorithm to factor numbers as large as 35 before decoherence occurs.
Should construction of a large-scale device prove practical, it will in principle be possible to break all of the public key cryptosystems currently in use. While public key cryptosystems that resist quantum cryptanalysis are currently in development, none has yet reached a sufficient state of maturity for the field to reach consensus that they are resistant to ordinary cryptanalysis, let alone offer a replacement.
The consequence of successful quantum cryptanalysis for encryption systems is that all material encrypted under existing public key systems could be decrypted by a quantum capable attacker. Nor is mitigation of this consequence practical since it is not the adoption of new cryptographic algorithms that make a system more secure, it is the elimination of weak options that provides improvement.
The Mesh does not currently provide an infrastructure that is Quantum Resistant but could in principle be used as the basis for deploying a Needham-Schroeder style symmetric key infrastructure or a future PKI based on an as yet undecided quantum cryptanalysis resistant public key algorithm.
Mesh profiles MAY include a Quantum Resistant Signature Fingerprint (QRSF). This contains the UDF fingerprint of an XMSS signature public key together with the parameters used to derive the private key set for the public key from a 256 bit master secret.
Should it ever become necessary to make use of the QRSF, the user first recovers the master secret from whatever archival mechanism was used to protect it. The use of secret sharing to protect the secret is RECOMMENDED. The master secret is then used to reconstruct the set of private keys from which the public key set is reconstructed. The profile owner can now authenticate themselves by means of their XMSS public key.
Alice decides to add a QRSF to her Mesh Profile. She creates a 256 bit master secret.
TBS:
To enable recovery of the master key, Alice creates five keyshares with a quorum of three:
TBS:
Alice uses the master secret to derrive her private key values:
TBS:
These values are used to generate the public key value:
TBS:
The QRSF contains the UDF fingerprint of the public key value plus the XMSS parameters:
TBS:
Alice adds the QRSF to her profile and publishes it to a Mesh Service that is enrolled in at least one multi-party notary scheme.
The security considerations for use and implementation of Mesh services and applications are described in the Mesh Security Considerations guide .
All the IANA considerations for the Mesh documents are specified in this document
A list of people who have contributed to the design of the Mesh is presented in .
Key words for use in RFCs to Indicate Requirement Levels
Mathematical Mesh 3.0 Part I: Architecture Guide
Mathematical Mesh 3.0 Part VII: Security Considerations
XMSS: eXtended Merkle Signature Scheme
Mathematical Mesh: Reference Implementation