Post-Quantum Cryptography-Based Bidirectional Authentication Key Exchange Protocol and Industry Applications: A Case Study of Instant Messaging

TL;DR

This paper proposes a post-quantum cryptography-based bidirectional authentication key exchange protocol with dual-usage certificates, validated through experiments and demonstrated in instant messaging industry applications.

Contribution

It introduces a novel PQC-based bidirectional authentication protocol with dual-usage certificates, enhancing security and practicality for industry applications.

Findings

Validated key exchange message lengths and computation times under various configurations.

Demonstrated practical implementation in instant messaging industry.

Compared different certificate configurations for efficiency and security.

Abstract

This study aims to enhance the bidirectional authentication capability of ML-KEM (Module-Lattice-Based Key-Encapsulation Mechanism) by proposing the post-quantum cryptography-based (PQC-based) bidirectional authentication key exchange protocol. Furthermore, it introduces dual-usage certificates combining PQC-based DSA (Digital Signature Algorithm) and PQC-based KEM, which include composite schemes, catalyst schemes, and chameleon schemes. These dual-usage certificates utilize the PQC-based DSA public key and PQC-based KEM public key within the certificate to meet the requirements for bidirectional authentication and encryption, enabling the negotiation of a shared secret key. During the experimental phase, the study validates and compares key exchange message lengths and computation times under different certificate configurations. Finally, instant messaging is presented as an industry application to demonstrate the practical implementation of the proposed protocol.