Jaime S. Buruaga, Augustine Bugler, Juan P. Brito, Vicente Martin, Christoph Striecks
{"title":"Versatile quantum-safe hybrid key exchange and its application to MACsec","authors":"Jaime S. Buruaga, Augustine Bugler, Juan P. Brito, Vicente Martin, Christoph Striecks","doi":"10.1140/epjqt/s40507-025-00382-x","DOIUrl":null,"url":null,"abstract":"<div><p>Advancements in quantum computing pose a significant threat to most of the cryptography currently deployed in our communication networks. Fortunately, cryptographic building blocks to mitigate this threat are already available; mostly based on Post-Quantum Cryptography (PQC) and Quantum Key Distribution (QKD), but also on symmetric cryptography techniques. Notably, those building blocks must be deployed as soon as possible in communication networks due to the “harvest-now decrypt-later” attack scenario, which is already challenging our sensitive and encrypted data today.</p><p>Following an agile and defense-in-depth approach, Hybrid Authenticated Key-Exchange (HAKE) protocols have recently been gaining significant attention. Such protocols have the benefit of modularly combining classical (symmetric) cryptography, PQC, and QKD to achieve strong confidentiality, authenticity, and integrity guarantees for network channels. Unfortunately, only a few protocols have yet been proposed (mainly Muckle and Muckle+) with different flexibility guarantees.</p><p>Looking at available standards in the network domain – especially at the Media Access Control Security (MACsec) standard – we believe that HAKE protocols could already bring strong security benefits to MACsec today. MACsec is a standard designed to secure communication at the data link layer in Ethernet networks by providing confidentiality, authenticity, and integrity for all traffic between trusted nodes. In addition, it establishes secure channels within a Local Area Network (LAN), ensuring that data remain protected from eavesdropping, tampering, and unauthorized access, while operating transparently to higher layer protocols. Currently, MACsec does not offer enough protection against the aforementioned threats.</p><p>In this work, we tackle the challenge and propose a new versatile HAKE protocol, dubbed VMuckle, which is sufficiently flexible for use in MACsec. The use of VMuckle in MACsec provides LAN participants with quantum-safe hybrid key material to ensure secure communication even in the event of cryptographically relevant quantum computers.</p></div>","PeriodicalId":547,"journal":{"name":"EPJ Quantum Technology","volume":"12 1","pages":""},"PeriodicalIF":5.6000,"publicationDate":"2025-07-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://epjquantumtechnology.springeropen.com/counter/pdf/10.1140/epjqt/s40507-025-00382-x","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"EPJ Quantum Technology","FirstCategoryId":"101","ListUrlMain":"https://link.springer.com/article/10.1140/epjqt/s40507-025-00382-x","RegionNum":2,"RegionCategory":"物理与天体物理","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"OPTICS","Score":null,"Total":0}
引用次数: 0
Abstract
Advancements in quantum computing pose a significant threat to most of the cryptography currently deployed in our communication networks. Fortunately, cryptographic building blocks to mitigate this threat are already available; mostly based on Post-Quantum Cryptography (PQC) and Quantum Key Distribution (QKD), but also on symmetric cryptography techniques. Notably, those building blocks must be deployed as soon as possible in communication networks due to the “harvest-now decrypt-later” attack scenario, which is already challenging our sensitive and encrypted data today.
Following an agile and defense-in-depth approach, Hybrid Authenticated Key-Exchange (HAKE) protocols have recently been gaining significant attention. Such protocols have the benefit of modularly combining classical (symmetric) cryptography, PQC, and QKD to achieve strong confidentiality, authenticity, and integrity guarantees for network channels. Unfortunately, only a few protocols have yet been proposed (mainly Muckle and Muckle+) with different flexibility guarantees.
Looking at available standards in the network domain – especially at the Media Access Control Security (MACsec) standard – we believe that HAKE protocols could already bring strong security benefits to MACsec today. MACsec is a standard designed to secure communication at the data link layer in Ethernet networks by providing confidentiality, authenticity, and integrity for all traffic between trusted nodes. In addition, it establishes secure channels within a Local Area Network (LAN), ensuring that data remain protected from eavesdropping, tampering, and unauthorized access, while operating transparently to higher layer protocols. Currently, MACsec does not offer enough protection against the aforementioned threats.
In this work, we tackle the challenge and propose a new versatile HAKE protocol, dubbed VMuckle, which is sufficiently flexible for use in MACsec. The use of VMuckle in MACsec provides LAN participants with quantum-safe hybrid key material to ensure secure communication even in the event of cryptographically relevant quantum computers.
期刊介绍:
Driven by advances in technology and experimental capability, the last decade has seen the emergence of quantum technology: a new praxis for controlling the quantum world. It is now possible to engineer complex, multi-component systems that merge the once distinct fields of quantum optics and condensed matter physics.
EPJ Quantum Technology covers theoretical and experimental advances in subjects including but not limited to the following:
Quantum measurement, metrology and lithography
Quantum complex systems, networks and cellular automata
Quantum electromechanical systems
Quantum optomechanical systems
Quantum machines, engineering and nanorobotics
Quantum control theory
Quantum information, communication and computation
Quantum thermodynamics
Quantum metamaterials
The effect of Casimir forces on micro- and nano-electromechanical systems
Quantum biology
Quantum sensing
Hybrid quantum systems
Quantum simulations.