KEM-based Authentication for IKEv2 with Post-quantum Security Huawei Int. Pte Ltd9 North Buona Vista Drive, #13-01 The Metropolis Tower 1Singapore138588SingaporeWang.Guilin@huawei.comELVIS-PLUSPO Box 81Moscow (Zelenograd)124460RUsvan@elvis.ru
General
IP Security Maintenance and Extensions keyword This draft specifies a new authentication mechanism, called KEM (Key Encapsulation Mechanism) -based authentication,
for the Internet Key Exchange Protocol Version 2 (IKEv2). This is motivated by the fact that some post-quantum KEMs (like ML-KEM)
are more efficient than post-quantum signature algorithms (like ML-DSA).
Version -02 was completely rewritten to accommodate ideas expressed in PQuAKE protocol. Two changes have been made in version -01, as a response to comments received at 122 meeting:
More details about how each side does for running KEM authentication in .
Added section about KEM authentication with preshared public key.
Cryptographically-relevant quantum computers (CRQC) pose a threat to cryptographically protected data. In particular,
the so-called harvest-now-and-decrypt-later (HNDL) attack is considered an imminent threat. To mitigate this threat against
the Internet Key Exchange Protocol Version 2 (IKEv2) , an extension allowing multiple key exchanges in
IKEv2 was introduced to achieve post-quantum (PQ) security for the key exchange.
"Signature Authentication in the Internet Key Exchange Version 2 (IKEv2) using PQC" specifies
how NIST PQ digital algorithms ML-DSA and SLH-DSA can be used in IKEv2.
On the other hand,
"Post-Quantum Traditional (PQ/T) Hybrid PKI Authentication in the Internet Key Exchange Version 2 (IKEv2)"
specifies how to run general hybrid PQ/T digital algorithms in IKEv2. Motivated by the fact that ML-KEM is much more efficient than ML-DSA ,
"KEM-based Authentication for TLS 1.3"
specifies how a KEM can be used to achieve post-quantum secure authentication for the TLS 1.3 protocol. The basic idea is as follows:
when one entity A receives the certified long term public key of another entity B, A can authenticate B by encapsulating a secret key k
using B's KEM public key, and confirming that the communicating entity is indeed B if the entity can successfully return the correct k to A.
A similar idea for TLS is presented in , followed by a number of research papers then.
Besides saving communication overhead and computational time, as pointed out in ,
KEM-based authentication also reduces implementation code size, as the code for PQ signature may not be needed, and KEM-based authentication
can re-use the KEM code for ephemeral key establishment. This draft specifies how to use KEM-based authentication for the Internet Key Exchange Protocol Version 2 (IKEv2) .
Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY",
and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when,
and only when, they appear in all capitals, as shown here. Key Encapsulation Mechanism and Digital Signature A key encapsulation mechanism (KEM) is a set of algorithms that allows key exchange to be performed, which allows one entity to encapsulate a secret key under a
(longterm or ephemeral) public key of another entity. By following the definition given in ,
a KEM consists of three algorithms:
KeyGen(k) -> (pk, sk): A probabilistic key generation algorithm, which generates a public encapsulation key pk and
a secret decapsulation key sk, when a security parameter k is given.
Encaps(pk) -> (ct, ss): A probabilistic encapsulation algorithm, which takes as input a public encapsulation key pk and
outputs a ciphertext ct and shared secret ss.
Decaps(sk, ct) -> ss: A decapsulation algorithm, which takes as input a secret decapsulation key sk and ciphertext ct and
outputs a shared secret ss.
By following the definition given in , a signature scheme
consists of the following three algorithms:
SKeyGen(k) -> (spk, ssk): A probabilistic key generation algorithm, which generates a public verifying key spk and
a private signing key ssk, when a security parameter k is given..
Sign(ssk, m) -> s: A deterministic or probabilistic signature generation algorithm, which takes as input
a private signing key ssk and a message m, and outputs a signature s.
Verify(spk, s, m) -> b: A deterministic verification algorithm, which takes as input a public verifying key spk,
a signature s and a message m, and outputs a bit b indicating accept (b=1) or reject (b=0) of the signature-message pair (s, m).
In August of 2024, NIST released ML-KEM and ML-DSA , which are both
module-lattice-based post-quantum algorithms. Each of both algorithms has three sets of parameters corresponding to three NIST security levels.
Namely, ML-KEM-512 for Level 1, ML-KEM-768 for Level 3, and ML-KEM-1024 for for Level 5, while ML-DSA-44 for Level 2, ML-DSA-65 for Level 3,
and ML-DSA-87 for Level 5. Comparison of ML-KEM and ML-DSA This section compares ML-KEM and ML-DSA, with respect to the sizes of key, ciphertext and signature, and also the computational
overhead of key generation, encapsulation, signing, decapsulation, and verifying. To compare the communication overhead when using ML-DSA and ML-KEM, data from Table 2 in and
Table 3 in are used to generate the following . The results show the comparison
of keys and signature over ciphertext between ML-DSA and ML-KEM. Namely, for all corresponding security levels, the following statements can be concluded:
The private key size of ML-DSA is about 1.5 times of the decapsulation key size of ML-KEM,
The public size of ML-DSA is about 1.6 times of that of ML-KEM, and
The signature size of ML-DSA is about 3 times of the ciphertext size of ML-KEM.
Communication Overhead Comparison of ML-DSA and ML-KEM
Private Key/Decapsulation Key
Public Key/Encapsulation Key
Signature/Ciphertext
ML-DSA-44/ML-KEM-512
2,650/1,632 =157%
1,312/800 =164%
2,420/768 =315%
ML-DSA-65/ML-KEM-768
4,032/2,400 =168%
1,952/1,184 =165%
3,309/1,088 =304%
ML-DSA-87/ML-KEM-1024
4,896/3,168 =155%
2,592/1,568 =165%
4,627/1,568 =295%
Specifically, for the three security levels, when ML-KEM is used to replace ML-DSA for authentication, the saved communication overhead,
namely public key+signature for ML-DSA and encapsulation key+ciphertext for ML-KEM, is 2,164, 2,989, and 4,083 bytes, respectively.
Those savings are helpful to improve the performance of IKEv2. In fact, as shown in the experiment in simulated environment,
the average time delay for IKEv2 can increase a few times due to large size of PQ public key, ciphertext and signature,
especially when the IP packet loss rate reaches about 1%. Next, the computation overhead comparison will be given now. In , the authors present their implementation
results of Dilithium and Kyber, via various optimization techniques for Keccak and the two PQ algorithms. Concretely, Table 6
in shows the performance comparison of Dilithium and Kyber on ARMv7 Cortex-M4 processor, presented by clock cycles.
By ignoring the small difference between ML-KEM and its informal version Kyber, also ML-DSA and its informal version Dilithium,
the following is obtained.
Computational Overhead Comparison of ML-DSA and ML-KEM
KeyGen Time/SKeyGen Time
Encap Time/Sign Time
Decap Time/Verify Time
ML-DSA-44/ML-KEM-512
1,357k/369k =368%
3,487k/448k =778%
1,350k/409k =330%
ML-DSA-65/ML-KEM-768
2,394k/604k =396%
5,574k/732k =761%
2,302k/674k =342%
ML-DSA-87/ML-KEM-1024
4,069k/962k =423%
7,730k/1,119k =691%
3,998k/1,043k =383%
By assuming that the computational comparison shown in reasonably presents a performance difference
of ML-KEM and ML-DSA on the same platform with optimal implementations, for all three corresponding security levels,
the following statements can be derived:
The private key generation time of ML-DSA is about 4 times of that of ML-KEM.
The signature signing time of ML-DSA is about 7 times of the encapsulation time of ML-KEM.
The signature verifying time of ML-DSA is over 3 times of the decapsulation time of ML-KEM.
In the scenario of KEM-based authentication, both the private keys for ML-DSA and ML-KEM will be long term keys, so the private key generation time
can be ignored, as it is just one time overhead. Therefore, by combining signature signing and verifying together,
and also combining encapsulation and decapsulation together, we can simply say that the computational time of ML-DSA is about 5 times of that of ML-KEM. With a KEM-based authentication in IKEv2 peers first perform an ephemeral key exchange that allows
them to derive session keys for protecting subsequent exchanges. This ephemeral key exchange
may take place entirely in the IKE_SA_INIT exchange or be accompanied by a series of subsequent IKE_INTERMEDIATE
exchanges , in which case it would be a hybrid key exchange.
To run KEM-based Authentication in IKEv2, the two peers first exchange their long-term KEM certificates,
and then exchange random values encapsulated with each other's long-term KEM public key from the corresponding KEM certificate.
Here, both long-term KEM certificates and the KEM ciphertexts encapsulating the random values are sent via the IKE_INTERMEDIATE exchanges.
After decapsulating these random values the two peers cam demonstrate their knowledge of the random values
sent by the other side in the subsequent IKE_AUTH exchange, thus confirming that they do possess the corresponding KEM
private keys linked to their long-term KEM certificates.
Mode details about the KEM-based authentication are provided in <citations for PQuAKE and other papers needed>.
The KEM-based authentication in IKEv2 relies on the IKE_INTERMEDIATE exchange
that MUST be supported. In addition, the following extensions can contribute
to the security and the robustness of the protocol.
IKE fragmentation SHOULD be negotiated in case peers use UDP as a transport for IKE,
since KEM public key and KEM ciphertext can be of significant size.
Multiple key exchanges has to be utilized if a hybrid key exchange combining
traditional and post-quantum key exchange methods is required.
Using group Postquantum Preshared Key (PPK) can
contribute to the identity hiding, thus it is RECOMMENDED to use.
The ability to authenticate the full protocol transcript protects
peers against downgrade attacks and SHOULD be used.
The initiator wishing to use the KEM-based authentication indicates this to the responder
by including a new status type notification USE_AUTHKEM (with type <TBA2>) into the IKE_SA_INIT request message.
This notification has the Protocol ID and SPI Size both set to 0 (meaning no SPI is present), and its notification data is empty.
To be able to use the KEM-based authentication the initiator MUST also include
the INTERMEDIATE_EXCHANGE_SUPPORTED notification.
If the responder receives the IKE_SA_INIT request containing the USE_AUTHKEM
notification and it supports and is configured to use the KEM-based authentication,
then it sends this notification back in the response. The responder can optionally
include the Certificate Request payload (as defined in )
to help the initiator to select the right KEM certificate. The responder can also
indicate which KEMs it is willing to use for authentication by including
the SUPPORTED_AUTH_METHODS notification in the response.
In this case the notification SHOULD NOT contain announcements
with the Auth Method other than a newly defined "KEM-based Authentication" (<TBA1>).
The format of announcement is defined in .
Peers can also negotiate other IKEv2 extensions during IKE_SA_INIT. Some of them are listed in .
In particular, the figures below show the optional use of PPK during
KEM-based authentication.
N(INTERMEDIATE_EXCHANGE_SUPPORTED),
[N(USE_PPK_INT),]
N(USE_AUTHKEM)
<--- HDR(IKE_SA_INIT), SAr1, KEr, Nr, [CERTREQ,]
N(INTERMEDIATE_EXCHANGE_SUPPORTED),
[N(SUPPORTED_AUTH_METHODS),]
[N(USE_PPK_INT),]
N(USE_AUTHKEM)
]]> Peers MUST ignore the USE_AUTHKEM notification in the message if it is not accompanied
by the INTERMEDIATE_EXCHANGE_SUPPORTED notification.
If using KEM-based authentication is mandatory for the responder and the initiator did not propose
it or failed to make a valid proposal, then the responder MUST send the NO_PROPOSAL_CHOSEN notification
indicating that the proposed parameters are unacceptable.
Otherwise the responder can continue establishing IKE SA using other authentication method.
If using the KEM-based authentication is mandatory for the initiator and it failed
to negotiate it with the responder, then the initiator MUST cancel
establishing IKE SA. Otherwise the initiator can continue using other authentication method.
After the IKE_SA_INIT exchange completes, peers calculate the session keys as defined in Section 2.14
of and use these keys to protect the next exchange.
Once the KEM-based authentication is negotiated in IKE_SA_INIT, a series of the
IKE_INTERMEDIATE exchanges takes place. These exchanges can be classified as those
for the purpose of the KEM-based authentication and those for other purposes.
The exchanges for the KEM base authentication MUST follow all
other IKE_INTERMEDIATE exchanges, so that they take place right before the IKE_AUTH exchange.
First, if multiple key exchanges were negotiated, then one or more IKE_INTERMEDIATE exchanges
are performed, right after the IKE_SA_INIT exchange, as defined in .
<--- HDR(IKE_INTERMEDIATE), SK {KEr(n)}
]]> Each of these exchanges updates the session keys as defined in Section 2.2.2 of .
If the use of PPKs as defined in is negotiated,
then the IKE_INTERMEDIATE exchange negotiating the PPK to use is performed then as defined
in Section 3.1 of .
<--- HDR(IKE_INTERMEDIATE), SK {N(PPK_IDENTITY)}
]]> After this exchange the session keys are updated as defined in Section 3.1.1 of
.
If both additional key exchange(s) and the use of PPKs as defined in are negotiated,
then the last additional key exchange MAY alternatively be combined with negotiating the PPK
in a single IKE_INTERMEDIATE exchange as shown in . Note, that in many cases only one
additional key exchange will be negotiated (as a part of PQ/T hybrid key exchange), thus
in this case the last additional key exchange will also be the only one.
<--- HDR(IKE_INTERMEDIATE), SK {KEr(m),
N(PPK_IDENTITY)}
]]> If this combined IKE_INTERMEDIATE exchange takes place, then upon its completion session
keys are updated twice - fist as defined in Section 2.2.2 of and
then, provided the peers negotiate the PPK to use, as defined in Section 3.1.1 of
.
Note, that while generally requires that the PPK negotiation
is performed in the last IKE_INTERMEDIATE exchange right before the IKE_AUTH exchange, it also allows
this requirement to be overridden by other specification. This document specifically overrides
this requirement by allowing the IKE_INTERMEDIATE exchanges concerned with the KEM-based authentication
to take place between the negotiation of PPK and the IKE_AUTH exchange.
The next two IKE_INTERMEDIATE exchanges perform the necessary actions for the KEM-based authentication.
In the first exchange the responder sends its KEM certificate to the initiator.
The initiator can optionally include the Certificate Request payload in the request message
to help the responder to select the right KEM certificate. The Certificate Request payload
can also be used to indicate which format(s) of certificate are acceptable for the sender
of this payload. This is done by setting the Cert Encoding field to appropriate value.
For KEM-based authentication this field MUST be either "X.509 bundle"
(new certificate encoding defined in this document, it value is <TBA5 by IANA>)
or "Hash and URL of X.509 bundle" (value 13). If both encoding are acceptable, then two Certificate Request payloads
MUST be included (with possibly different list of CAs) each with its own value in the Cert Encoding field.
Since the Certificate Request payload is optional, its absence leaves the choice of the certificate
and its encoding on the certificate sender's discretion. Note that these rules are also
applicable to the Certificate Request payload sent by the responder in the IKE_SA_INIT exchange
(see ).
The initiator can also indicate which KEMs it is willing to use for authentication by including
the SUPPORTED_AUTH_METHODS notification in the request.
In this case the notification SHOULD NOT contain announcements
with the Auth Method other than the "KEM Authentication" (<TBA1>).
The format of announcement is defined in .
The responder sends its KEM certificate in the response. Besides the KEM certificate, additional
intermediate signing certificates and CRLs can be sent. All these certificates and CRLs are packed into
the CertificateBundle ASN.1 structure defined in Section 3.6 of .
The KEM certificate MUST be the only KEM certificate in the bundle.
The bundle can either be present in the Certificate payload (with the Cert Encoding field set to a new value
"X.509 bundle") or provided by reference (with the Cert Encoding field set to "Hash and URL of X.509 bundle").
If certificate bundle is provided by reference, then a host can avoid downloading the peer's certificates
if it cached them from a previous connection. Only one Certificate payload MUST be present in the response.
<--- HDR(IKE_INTERMEDIATE), SK {CERT}
]]> This exchange does not update the current session keys.
The initiator verifies the responder's certificate to make sure that it is valid,
properly signed by a certificate chain leaded to a trusted CA, and that it is acceptable for responder authentication
based on the initiator's local policy. The exact verification steps are out of scope of this document,
but generally should follow those defined in .
Then the initiator starts the next IKE_INTERMEDIATE exchange. In the request message it sends the ciphertext CT_i, produced as a result
of encapsulation of a random value SS_i using the KEM public keys from the responder's certificate. CT_i is sent in a new status type
notification AUTHKEM_CT (with type <TBA3>). The Protocol ID and SPI Size fields are set to 0 (meaning no SPI is present).
The notification data contains the ciphertext CT_i.
In the same request the initiator also sends its KEM certificate. Besides the KEM certificate, additional
intermediate signing certificates and CRLs can be sent. All these certificates and CRLs are packed into
the CertificateBundle ASN.1 structure defined in Section 3.6 of .
The KEM certificate MUST be the only KEM certificate in the bundle.
The bundle can either be present in the Certificate payload (with the Cert Encoding field set to a new value
"X.509 bundle") or provided by reference (with the Cert Encoding field set to "Hash and URL of X.509 bundle").
If certificate bundle is provided by reference, then a host can avoid downloading the peer's certificates
if it cached them from a previous connection.
This content (either bundle or hash & URL) is sent in a new payload Encrypted Certificate
(with type <TBA0 by IANA>). The content is encrypted using key derived from SS_i.
The details of the Certificate payload encryption are provided in .
Encryption provides protection of initiator's identity against active attackers, since only a responder
a responder with the private key corresponding to the responder's certificate is able to decrypt the
initiator's KEM certificate.
Exactly one Encrypted Certificate payload MUST be present in the message.
The responder decrypts the initiator's certificate, verifies it to make sure that it is valid,
properly signed by a certificate chain leaded to a trusted CA, and that it is acceptable for initiator authentication
based on the responder's local policy. The exact verification steps are out of scope of this document,
but generally should follow those defined in .
The initiator's certificate and the responder's one, sent in the previous exchange, MAY contain public keys
for different KEMs, provided that peers support these KEMs, - there is no requirement that they are for the same KEM.
The responder then sends a response message containing the ciphertext CT_r, produced as a result
of encapsulation of a random value SS_r using the KEM public keys from the initiator's certificate. CT_r is sent in the
AUTHKEM_CT notification in the same manner as SS_i.
The responder also includes a new status type notification AUTHKEM_SSCONF (with type <TBA3>).
The Protocol ID and SPI Size fields are set to 0 (meaning no SPI is present).
The notification data is computed as prf(SK_pr, SS_r), where prf is the negotiated PRF for this SA and SK_pr is from the current
session keys (see Section 3.3.1 of ).
<--- HDR(IKE_INTERMEDIATE), SK {N(AUTHKEM_CT),
N(AUTHKEM_SSCONF)}
]]> Upon receiving the response message the initiator decapsulates the received ciphertext CT_r and obtains
the SS_r key. Then the initiator computes prf(SK_pr, SS_r) using the obtained SS_r and verifies
that the value matches the content of the AUTHKEM_SSCONF notification. This ensures that there are no
mis-configurations and the the received SS_r value is indeed the same that was encapsulated.
Upon completion of this exchange the session keys are updated. A new value of SKEYSEED is computed as:
Then all the session keys (SK_d, SK_ai, SK_ar, SK_ei, SK_er, SK_pi, and SK_pr)
are computed as defined in Section 2.14 of . These session
keys are then used for protecting all subsequent exchanges starting from the IKE_AUTH exchange.
The IKE_AUTH exchange immediately follows the IKE_INTERMEDIATE exchange
where peers sent each other encrypted SS values. The IKE_AUTH exchange is basically
unchanged from that defined in .
The Auth Method field in the AUTH payloads MUST be "KEM Authentication".
The format of the AUTH payload is computed as defined in .
<--- HDR(IKE_AUTH), SK{IDr,
AUTH, SAr2, TSi, TSr}
]]> With KEM based authentication peers have to exchange their KEM certificates
before actual authentication of each other. Certificates usually contain
some identity information, that the CA asserts the included public key is bound to.
This makes peers aware of each other's identity before the IKE_AUTH exchange starts.
However, IKEv2 doesn't rely on the identities from certificates when performing authentication.
Instead, Identification payloads (IDi and IDr) are mandatory in the IKE_AUTH exchange
and exactly they are included into the AUTH payload calculation.
The content of the IDi and IDr payload may differ from the identification
information in the corresponding certificate, as stated in Section 3.5 of .
This section is to be removed eventually. It provides ideas for alternative design of the protocol.
The presented sequence of exchanges requires two additional exchanges (namely IKE_INTERMEDIATE exchanges)
for KEM-based authentication compared to signature-based authentication. It is possible to
only have one additional IKE_INTERMEDIATE exchange, but this either results in some degradation
of security properties or leads to additional protocol complexity. Note, that the amount
of data exchanged over the wire would not changed, the different items would just
be combined in one message. This would increase the size of these messages that might
not be desirable from a reliable delivery point of view.
It is possible to exchange certificates before all additional key exchanges (and optional negotiation of the PPK)
are completed. In this case the certificates would only be protected with session keys computed after the IKE_SA_INIT
exchange (in case of hybrid key exchange that would be traditional key exchange).
In this case, the exchange shown in is not needed,
since the certificates would be exchanged in the previous exchange. For example, the exchange
shown in would look like:
<--- HDR(IKE_INTERMEDIATE), SK {KEr(m),
(PPK_IDENTITY), CERT}
]]>
This design would decrease the level of identity hiding for responder, since the session keys used to protect
the responder's certificates in case of hybrid key exchange could be cracked by an attacker using quantum computer.
In this case the exchange shown in is also not needed.
The responder sends its certificate in the previous IKE_INTERMEDIATE exchange using new Encrypted Certificate payload.
Note, that this exchange contains the last additional key exchange and optionally the PPK negotiation,
thus its messages are not yet protected with the session keys that would result in this exchange -
the new keys are calculated only once the exchange completes. However, the responder can
calculate the updated keys before it sends the response message. The idea is that
the responder calculates new session keys and uses these "future" keys (for the next exchange)
to protect its certificate in the Encrypted Certificate payload,
that itself is protected with the "current" session keys in the Encrypted payload.
The Encrypted Certificate payload is protected using keys derived from the SK_d from the next exchange
(see for details).
<--- HDR(IKE_INTERMEDIATE), SK {KEr(m),
(PPK_IDENTITY), ECERT}
]]> This sequence of exchanges allows certificates to be protected at the same level as in the original
sequence of exchanges (in particular, both certificates can be protected with group PPK).
The drawback is the added complexity for implementations, since it could break the
traditional state transitions logic of IKE.
The format of the Authentication payload is defined in Section 3.8 of .
In case of KEM-based authentication the Auth Method is set to "KEM Authentication" (<TBA1>).
The Authentication Data is computed as:
)
For the responder:
AUTH = prf( prf(SK_pr, "Key Pad for IKEv2"),
)
]]>
The content of the InitiatorSignedOctets and the ResponderSignedOctets is defined
in Section 3.3.2 of . If full transcript authentication
is employed as specified in ,
then the InitiatorSignedOctets and the ResponderSignedOctets are additionally
modified as defined in .
The format of the announcement for the "KEM Authentication" is the same as for
"Digital Signature" as shown in Section 3.2.3 of . For convenience
the format is also shown below.
3) | Auth Method | Cert Link | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +
| |
~ AlgorithmIdentifier ASN.1 object ~
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
]]>Length - Length of the announcement in octets, must be greater than 3.Auth Method - Announced authentication method, in this case it is "KEM Authentication".Cert Link - Links this announcement with particular CA; see Section 3.2.2 of for details.AlgorithmIdentifier ASN.1 object - the AlgorithmIdentifier of PKIX (see Section 4.1.1.2 of ),
encoded using distinguished encoding rules (DER) .
For "KEM Authentication" announcement the AlgorithmIdentifier MUST contain
identifier of a KEM algorithm (and not, for example, of a signature algorithm). Identifiers
for KEM algorithms are specified in the corresponding documents for these algorithms
(e.g., for ML-KEM see ).
The Encrypted Certificate payload, denoted ECERT in this document, provides a
means to transport certificates or other authentication-related
information in encrypted form. The payload type for the Encrypted Certificate payload is <TBA0 by IANA>.
This payload is semantically equivalent to the Certificate payload (defined in Section 3.6 of ,
but it provides a means to encrypt the certificate information. For this purpose the format of the Encrypted Certificate payload
mirrors the format of the Encrypted payload (defined in Section 3.14 of ) with the difference,
that it contains not the encrypted IKE payloads, but the encrypted Cert Encoding and Certificate Data
as defined in Section 3.6 of .
Initialization Vector, Padding, Pad Length and Integrity Checksum Data
are defined in Section 3.14 of .
This document restricts the possible values of Cert Encoding in the ECERT payload
to either "X.509 bundle" (<TBA5 by IANA>) or "Hash and URL of X.509 bundle" (13).
The payload is encrypted and authenticated using the same encryption and integrity algorithms
as were negotiated for IKE SA. The encryption and authentication keys are calculated as follows:
where SK_d is from the current session keys (see Section 3.3.1 of ) and K is the key
to protect the certificate data (like SS_i in ).
To be added.
To be done later. 1) It may be not a good idea by directly showing the decapsulated secret ss as the means of authentication here.
The reason is that the entity being authenticated may employ the owner of the KEM public/private key pair as an oracle to decapsualte
the secret via running a different session, normally within a separate protocol or scenario where directly showing such a secret is harmless.
2) It may be preferable or MUST limit the use of such a KEM certificate only for KEM authentication. IANA is requested to make the following changes in the IKEv2 registries
"Internet Key Exchange Version 2 (IKEv2) Parameters" :
Define a new payload type in the "IKEv2 Payload Types" registry:
Value
Next Payload Type
Notation
TBA0
Encrypted Certificate
ECERT
Define a new authentication method in the "IKEv2 Authentication Method" registry:
Value
IKEv2 Authentication Method
TBA1
KEM Authentication
Define three new status type notifications in the "IKEv2 Notify Message Status Types" registry:
Value
Notify Message Status Type
TBA2
USE_AUTHKEM
TBA3
AUTHKEM_CT
TBA4
AUTHKEM_SSCONF
Define a new certificate encoding in the "IKEv2 Certificate Encodings" registry:
Value
Certificate Encoding
TBA5
X.509 bundle
Internet Key Exchange Version 2 (IKEv2) Parameters .. Informative References Revisiting Keccak and Dilithium Implementations on ARMv7-M .. Post-quantum TLS without handshake signatures .. FIPS 203: Module-Lattice-Based Key-Encapsulation Mechanism Standard .. FIPS 204: Module-Lattice-Based Digital Signature Standard .. FIPS 205: Stateless Hash-Based Digital Signature Standard .. Information Technology - ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER) .. AcknowledgementsThom Wiggers shared an idea to provide identity protection of one of the peers against active attackers.
ContributorsUri Blumenthal and Brandon Luo contributed a lot to the design of this protocol as authors of PQuAKE protocol.