Time-Based State-Management of Hash-Based Signature CAs for VPN-Authentication

• URL: http://arxiv.org/abs/2509.11695v1
• Date: Mon, 15 Sep 2025 08:49:08 GMT
• Title: Time-Based State-Management of Hash-Based Signature CAs for VPN-Authentication
• Authors: Daniel Herzinger, Linus Heise, Daniel Loebenberger, Matthias Söllner,
• Abstract summary: IPsec-based VPN connection authentication requires post-quantum cryptography.<n>We propose a design with time-based state-management that assigns VPN devices a certificate authority.<n> leaf certificates are based on classical cryptography but have a short validity time.
• Score: 3.3548757628577603
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Advances in quantum computing necessitate migrating the entire technology stack to post-quantum cryptography. This includes IPsec-based VPN connection authentication. Although there is an RFC draft for post-quantum authentication in this setting, the draft does not consider (stateful) hash-based signatures despite their small signature size and trusted long-term security. We propose a design with time-based state-management that assigns VPN devices a certificate authority (CA) based on the hash-based signature scheme XMSS. The CA then issues leaf certificates which are based on classical cryptography but have a short validity time, e. g., four hours. It is to be expected that even large quantum computers will take significantly longer to break the cryptography, making the design quantum-secure. We propose strategies to make the timekeeping more resilient to faults and tampering, as well as strategies to recognize a wrong system time, minimize its potential damage, and quickly recover. The result is an OpenBSD implementation of a quantum-safe and, regarding the leaf certificates, highly flexible VPN authentication design that requires significantly less bandwidth and computational resources compared to existing alternatives.

Related papers

• Shaping a Quantum-Resistant Future: Strategies for Post-Quantum PKI [0.0]
  We present the latest developments in selecting robust Post-Quantum algorithms.<n>Our contribution entails defining requirements for a secure transition to a quantum-resistant Public Key Infrastructure.
  arXiv  Detail & Related papers  (2026-01-16T09:02:10Z)
• A High-Dimensional Quantum Blockchain Protocol Based on Time- Entanglement [0.0]
  Protocol combines high-dimensional Bell states, time-entanglement, entanglement, and high-dimensional superdense coding.<n>Time-entanglement provides distributed authentication, non-repudiation, and tamper detection across the blockchain.
  arXiv  Detail & Related papers  (2025-12-23T16:31:12Z)
• Verifier-initiated quantum message-authentication via quantum zero-knowledge proofs [38.81686642226027]
  We introduce a new method where the verifier can request authentication only when needed, improving efficiency for quantum networks and blockchain applications.<n>Our approach adapts the concept of zero-knowledge widely used in classical cryptography to quantum settings, ensuring that verification reveals nothing about secret keys.<n>This work delivers the first general verifier-initiated quantum signature scheme with formal security, paving the way for scalable, secure authentication in future quantum infrastructures and decentralized systems.
  arXiv  Detail & Related papers  (2025-12-05T04:40:34Z)
• Performance and Storage Analysis of CRYSTALS Kyber as a Post Quantum Replacement for RSA and ECC [45.88028371034407]
  CRYSTALS-Kyber is a post-quantum cryptographic solution standardized by NIST in 2022.<n>This study evaluates Kyber's practical viability through performance testing across various implementation schemes.
  arXiv  Detail & Related papers  (2025-08-03T09:53:45Z)
• Integration of quantum random number generators with post-quantum cryptography algorithms [33.72751145910978]
  Post-Quantum Cryptography (PQC) has become a potential solution to prolong the life of existing Public Key Infrastructure (PKI) systems.<n>PQC protocols depend on high-quality randomness for key generation and encapsulation procedures.<n>We demonstrate a proof-of-concept enabling the incorporation of Quantum Random Number Generation (QRNG) devices within communication networks using PQC-based Transport Layer Security (TLS)
  arXiv  Detail & Related papers  (2025-07-01T10:56:39Z)
• Information-theoretically secure quantum timestamping with one-time universal hashing [5.968836846058194]
  Classical timestamp protocols rely on computational assumptions for security, rendering them vulnerable to quantum attacks.<n>We propose an information-theoretically secure quantum timestamping protocol based on one-time universal hashing with quantum keys.<n>Our protocol simultaneously achieves information-theoretic security and high efficiency, enabling secure timestamping for arbitrarily long documents.
  arXiv  Detail & Related papers  (2025-05-20T03:46:15Z)
• Post-Quantum Cryptography: An Analysis of Code-Based and Lattice-Based Cryptosystems [55.49917140500002]
  Quantum computers will be able to break modern cryptographic systems using Shor's Algorithm.<n>We first examine the McEliece cryptosystem, a code-based scheme believed to be secure against quantum attacks.<n>We then explore NTRU, a lattice-based system grounded in the difficulty of solving the Shortest Vector Problem.
  arXiv  Detail & Related papers  (2025-05-06T03:42:38Z)
• A Quantum Good Authentication Protocol [0.0]
  This article presents a novel network protocol that incorporates a quantum photonic channel for symmetric key distribution.<n>The protocol uses strong hash functions to hash original messages and verify heightened data integrity at the destination.
  arXiv  Detail & Related papers  (2025-03-05T20:30:34Z)
• Quantum-Safe integration of TLS in SDN networks [0.0]
  transition to quantum-safe cryptography within the next decade is critical.<n>We have selected Transport Layer Security as the foundation to hybridize classical, quantum, and post-quantum cryptography.<n>The performance of this approach has been demonstrated using a deployed production infrastructure.
  arXiv  Detail & Related papers  (2025-02-24T14:35:56Z)
• Quantum digital signature based on single-qubit without a trusted third-party [45.41082277680607]
  We propose a novel quantum digital signature protocol without a trusted third-party.<n>We prove that the protocol has information-theoretical unforgeability.
  arXiv  Detail & Related papers  (2024-10-17T09:49:29Z)
• The Latency Price of Threshold Cryptosystem in Blockchains [52.359230560289745]
  We study the interplay between threshold cryptography and a class of blockchains that use Byzantine-fault tolerant (BFT) consensus protocols.<n>Our measurements from the Aptos mainnet show that the optimistic approach reduces latency overhead by 71%.
  arXiv  Detail & Related papers  (2024-07-16T20:53:04Z)
• An Experimentally Validated Feasible Quantum Protocol for Identity-Based Signature with Application to Secure Email Communication [1.156080039774429]
  In 1984, Shamir developed the first Identity-based signature (IBS) to simplify public key infrastructure. IBS protocols rely on several theoretical assumption-based hard problems. Quantum cryptography (QC) is one such approach.
  arXiv  Detail & Related papers  (2024-03-27T04:32:41Z)
• A Variational Quantum Attack for AES-like Symmetric Cryptography [69.80357450216633]
  We propose a variational quantum attack algorithm (VQAA) for classical AES-like symmetric cryptography. In the VQAA, the known ciphertext is encoded as the ground state of a Hamiltonian that is constructed through a regular graph.
  arXiv  Detail & Related papers  (2022-05-07T03:15:15Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.