SYSTEM AND METHODS FOR SECURE COMMUNICATION USING POST-QUANTUM CRYPTOGRAPHY

摘要

A server and a device can conduct a secure session with (i) multiple post-quantum cryptography (PQC) key encapsulation mechanisms (KEM) and (ii) forward secrecy. The device can store a server static public key (PK. server) before establishing a secure session with the server. The device can use PK. server to encrypt a device ephemeral public key (ePK. device) into a first ciphertext. The first ciphertext can also include a device digital signature. The server can receive and decrypt the first ciphertext. The server can use the ePK. device to encrypt a server ephemeral public key (ePK. server) into a second ciphertext. The second ciphertext can also include a server digital signature. The device can receive and decrypt the second ciphertext. The device can encrypt application data into a third ciphertext using both PK. server and ePK. server. PK. server can support a first PQC algorithm and ePK. server can support a different, second PQC algorithm.