Geodesic
Limonnitsa: making Limonnik-3 post-quantum
Matematičeskie voprosy kriptografii, Tome 11 (2020) no. 2, pp. 25-42 Cet article a éte moissonné depuis la source Math-Net.Ru

Voir la notice de l'article

We propose Limonnitsa, a secure authenticated key exchange (AKE) scheme which brings together the standardized in 2017 by Rosstandart Limonnik-3 AKE scheme (a part of Standardization Recommendations R 1323565.1.004-2017 “Key agreement schemes based upon public-key methods” and the supersingular elliptic curves isogeny cryptographic framework alongside with standardized cryptographic primitives, which makes the protocol secure against even the efficient quantum computers. The protocol does not require a digital signature as a “standalone” primitive, allows the parties to use different sets of parameters. We describe the protocol, discuss Limonnitsa's basic cryptographic properties and preliminary choice of its basic parameters that conforms with another standardized cryptographic primitives. We show that the protocol is secure against known classes of attacks, including the problem of determining the parties' secret keys. We give security arguments in a modified Canetti–Krawczyk model based upon the assumption of the hardness of supersingular isogeny analogue of the Diffie–Hellman problem. Thus, we show that Limonnitsa is a versatile, secure cryptographic protocol that conforms the requirements expected from modern authenticated key exchange protocols. 
@article{MVK_2020_11_2_a2,
     author = {S. V. Grebnev},
     title = {Limonnitsa: making {Limonnik-3} post-quantum},
     journal = {Matemati\v{c}eskie voprosy kriptografii},
     pages = {25--42},
     year = {2020},
     volume = {11},
     number = {2},
     language = {en},
     url = {http://geodesic.mathdoc.fr/item/MVK_2020_11_2_a2/}
}
TY  - JOUR
AU  - S. V. Grebnev
TI  - Limonnitsa: making Limonnik-3 post-quantum
JO  - Matematičeskie voprosy kriptografii
PY  - 2020
SP  - 25
EP  - 42
VL  - 11
IS  - 2
UR  - http://geodesic.mathdoc.fr/item/MVK_2020_11_2_a2/
LA  - en
ID  - MVK_2020_11_2_a2
ER  - 
%0 Journal Article
%A S. V. Grebnev
%T Limonnitsa: making Limonnik-3 post-quantum
%J Matematičeskie voprosy kriptografii
%D 2020
%P 25-42
%V 11
%N 2
%U http://geodesic.mathdoc.fr/item/MVK_2020_11_2_a2/
%G en
%F MVK_2020_11_2_a2
S. V. Grebnev. Limonnitsa: making Limonnik-3 post-quantum. Matematičeskie voprosy kriptografii, Tome 11 (2020) no. 2, pp. 25-42. http://geodesic.mathdoc.fr/item/MVK_2020_11_2_a2/

[1] R 1323565.1.004-2017. Standardization recommendations. Key agreement schemes based upon public-key methods, Standartinform, M., 2017 (in Russian)

[2] GOST R 34.12-2015. National standard of Russian Federation. Block ciphers, Standartinform, M., 2015 (in Russian)

[3] GOST R 34.13-2015. National standard of Russian Federation. Block cipher modes, Standartinform, M., 2015 (in Russian)

[4] Biasse J.-F., Jao D., Sankar A., “A quantum algorithm for computing isogenies between supersingular elliptic curves”, INDOCRYPT 2014, Lect. Notes Comput. Sci., 8885, 2014, 428–442 | DOI | MR | Zbl

[5] Canetti R., Krawczyk H., “Analysis of key-exchange protocols and their use for building secure channels”, EUROCRYPT 2001, Lect. Notes Comput. Sci., 2045, 200, 453–474 | DOI | MR | Zbl

[6] Chatterjee S., Menezes A., Ustaoglu B., “A generic variant of NIST's KAS2 key agreement scheme”, Proc. ACISP, Lect. Notes Comput. Sci., 6812, 2011, 353–370 | DOI | Zbl

[7] Costello C., Longa P., Naehrig M., Renes J., Virdia F., Improved classical cryptanalysis of SIKE in practice, Cryptology ePrint Archive, Report 2019/298, 2019

[8] De Feo L., Jao D., Plût J., “Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies”, J. Math. Cryptology, 8:3 (2014), 209-–247 | MR | Zbl

[9] Denisenko D., Marshalko G., Nikitenkova M., Rudskoy V., Shishkin V., “Estimation of Grover's algorithm implementation for searching GOST R 34.10-2015 block cipher keys”, J. Exp. Theor. Phys., 155:4 (2019), 645–653 (in Russian)

[10] Diffie W., van Oorschot P., Wiener M., “Authentication and authenticated key exchanges”, Des., Codes Cryptogr., 2, 107–125 \year 1992 | DOI | MR

[11] Galbraith S., Authenticated key exchange for SIDH, Cryptology ePrint Archive, Report 2018/266, 2018

[12] Galbraith S., Petit P., Silva J., Schemes Based On Supersingular Isogeny Problems, Cryptology ePrint Archive, Report 2016/1154, 2016

[13] Galbraith S., Petit P., Shani B., Yan Bo Ti, On the Security of Supersingular Isogeny Cryptosystem, Cryptology ePrint Archive, Report 2016/859, 2016 | MR

[14] Grebnev S., “Security properties of Limonnik-3”, Bezopasnost' Informacionnykh Tekhnologii, 26:2 (2019), 6–20 (in Russian) | DOI

[15] Jao D., Azarderakhsh R., Campagna M., Costello C., De Feo L., Hess B., Jalali A., Koziel B., LaMacchia B., Longa P., Naehrig M., Renes J., Soukharev V., Urbanik D., Supersingular isogeny key encapsulation, Submission to NIST post-quantum project, 2017 https://sike.org/#nist-submission

[16] Jaques S., Schanck J.M., Quantum cryptanalysis in the RAM model: Claw-finding attacks on SIKE, Cryptology ePrint Archive, Report 2019/103, 2019

[17] Kirkwood D., Lackey B.C., McVey J., Motley M., Solinas J.A., Tuller D., “Failure is not an option: Standardization issues for post-quantum key agreement”, NIST Workshop on Cybersecurity in a Post-Quantum World, v. 2, 2015

[18] Lauter K., Mityagin A., “Security analysis of KEA authenticated key exchange protocol”, PKC 2006, Lect. Notes Comput. Sci., 3958, 2006, 378–394 | DOI | MR | Zbl

[19] Matsumoto T., Takashima Y., Imai H., “On seeking smart public-key distribution systems”, Trans. IECE of Japan, E69:2 (1986), 99–106

[20] Matyukhin D., “On some properties of PKI-based key agreement schemes in the context of developing standardized solutions”, Obozr. Prikl. Promyshl. Mathem., 18 (2011), 793–794 (in Russian)

[21] Seiichiro T., Claw finding algorithms using quantum walk, 2008, arXiv: 0708.2584

[22] Urbanik D., Jao D., SoK: The problem landscape of SIDH, Cryptology ePrint Archive, Report 2018/336, 2018

[23] Vélu J., “Isogenies entre courbes elliptiques”, C.R. Acad. Sci. Paris, Ser. A, 273 (1971), 238–241 | MR | Zbl