Authors:
Hiroki Okada
1
;
Shinsaku Kiyomoto
1
and
Carlos Cid
2
;
3
Affiliations:
1
KDDI Research, Inc., Saitama, Japan
;
2
Royal Holloway, University of London, Egham, U.K.
;
3
Simula UiB, Norway
Keyword(s):
Group Key Establishment, Post-quantum Cryptography, Isogeny-based Cryptography, SIDH.
Abstract:
End-to-end encryption enables secure communication without releasing the contents of messages to the system server. This is a crucial security technology, in particular to cloud services. Group Key Establishment (GKE) protocols are often needed to implement efficient group end-to-end encryption systems. Perhaps the most famous GKE protocol is the Broadcast Protocol, proposed by Burmester and Desmedt. In addition, they also proposed the Star-based Protocol, Tree-based Protocol, and Cyclic-based Protocol. These protocols are based on the Diffie-Hellman key exchange protocol, and therefor are not secure against attacks based on quantum computers. Recently, Furukawa et al. proposed an efficient GKE protocol by modifying the original Broadcast Protocol into a post-quantum GKE protocol based on the Supersingular Isogeny Diffie-Hellman key exchange (SIDH). In this paper, we extend their work by considering the remaining DH-based GKE protocols by Burmester and Desmedt post-quantum versions b
ased on SIDH, and compare their efficiency. As a result, we confirm that the Broadcast Protocol is indeed the most efficient protocol in this post-quantum setting, in terms of both communication rounds and computation time.
(More)