Efficient Quantum-Resistant Trust Infrastructure based on HIMMO

Secure Internet communications face conflicting demands: while advances in (quantum) computers require stronger, quantum-resistant cryptographic algorithms, the Internet of Things demands better-performing protocols. Finally, communication links usually depend on a single root-of-trust, e.g., a certification authority which forms a single point-of-failure that is too big of a risk for future systems. This paper addresses these problems by proposing a hybrid infrastructure that combines the quantum-resistant HIMMO key pre-distribution scheme based on multiple Trusted Third Parties with public-key cryptography. During operation, any pair of devices can use private HIMMO key material and public keys to establish a secure and authenticated link, where their public keys are certified beforehand by multiple TTPs, acting as roots of trust. Our solution is resilient to the capture of individual roots of trust without affecting performance, while public-key cryptography provides features such as forward-secrecy. Combining HIMMO identities with public keys enables secure certification of public keys and distribution of HIMMO key material from multiple TTPs, without requiring an out-of-band channel. The infrastructure can be tuned to fit Internet of Things use-cases benefiting from an efficient, non-interactive and authenticated key exchange, or to fit use-cases where the use of multiple TTPs provides privacy safe-guards when lawful interception is required. Our TLS proof-of-concept shows the feasibility of our proposal by integrating the above security features with minimal changes in the TLS protocol. Our TLS implementation provides classic and post-quantum confidentiality and authentication, all while adding a computation overhead of only 2.8% and communication overhead of approximately 50 bytes to a pre-quantum Elliptic Curve Diffie-Hellman ciphersuite