Paper 2015/287

Circuit-extension handshakes for Tor achieving forward secrecy in a quantum world

John M. Schanck, William Whyte, and Zhenfei Zhang

Abstract

We propose a circuit extension handshake for Tor that is forward secure against adversaries who gain quantum computing capabilities after session negotiation. In doing so, we refine the notion of an authenticated and confidential channel establishment (ACCE) protocol and define pre-quantum, transitional, and post-quantum ACCE security. These new definitions reflect the types of adversaries that a protocol might be designed to resist. We prove that, with some small modifications, the currently deployed Tor circuit extension handshake, ntor, provides pre-quantum ACCE security. We then prove that our new protocol, when instantiated with a post-quantum key encapsulation mechanism, achieves the stronger notion of transitional ACCE security. Finally, we instantiate our protocol with NTRUEncrypt and provide a performance comparison between ntor, our proposal, and the recent design of Ghosh and Kate.

Metadata
Available format(s)
PDF
Publication info
Published elsewhere. Proceedings on Privacy Enhancing Technologies
DOI
10.1515/popets-2016-0037
Keywords
cryptographic protocolsTorkey agreementpost-quantum
Contact author(s)
jschanck @ securityinnovation com
History
2016-06-13: last of 2 revisions
2015-04-01: received
See all versions
Short URL
https://ia.cr/2015/287
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2015/287,
      author = {John M.  Schanck and William Whyte and Zhenfei Zhang},
      title = {Circuit-extension handshakes for Tor achieving forward secrecy in a quantum world},
      howpublished = {Cryptology ePrint Archive, Paper 2015/287},
      year = {2015},
      doi = {10.1515/popets-2016-0037},
      note = {\url{https://eprint.iacr.org/2015/287}},
      url = {https://eprint.iacr.org/2015/287}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.