SECURE COMMUNICATION WITH TWO POST-QUANTUM CRYPTOGRAPHY KEY ENCAPSULATIONS AND AUTHENTICATION

摘要

A server and a device can support secure sessions with both (i) a post-quantum cryptography (PQC) key encapsulation mechanism (KEM) and (ii) forward secrecy. The device can generate (i) an ephemeral public key (ePK. device) and private key (eSK. device) and (ii) send ePK.device to the server. The server can (i) conduct a first KEM with ePK.device to derive a first shared secret, and (ii) generate a plaintext comprising ePK. server, a digital signature over at least ePK. server, and a server certificate. The server can encrypt the plaintext using the first shared secret, which the device can decrypt using eSK. device. The device can verify the digital signature and certificate. The device can (i) conduct a second KEM with ePK. server to derive a second shared secret, and (ii) generate a ciphertext using the second shared secret. The device and server can generate symmetric ciphering keys using the first and second shared secrets.