If you have difficulty in submitting comments on draft standards you can use a commenting template and email it to admin.start@bsigroup.com. The commenting template can be found here.
Standards Development
This document provides an equitable analysis of quantum versus non-quantum methods for symmetric key-establishment (SKE) by discussing SKE methods at large and address their realization by quantum and non-quantum methods, addressing the SKE frameworks, fundamentals and any vulnerabilities, and equitably comparing non-quantum SKE methods with QKD-based SKEs, from a security and scalability perspective.
This document also covers combined SKEs. For example, hybrid distributed SKE (DSKE) combinations with QKD, as part of defense-in-depth and/or best-of-both-worlds strategies will be considered.
The proposed technical report will provide an equitable analysis of quantum versus non-quantum methods for symmetric key-establishment (SKE). SKE approaches are characterized by the fact that they rely on a symmetric-key infrastructure (SKI), i.e., one or more trusted or semi-trusted third parties such as key distribution centers or security hubs, to facilitate end-to-end key generation. Endpoints and SKI use a set of shared secrets for the purpose of key generation and/or key encapsulation, and authentication. SKE methods require some form of initial out-of-band key material delivery for the purpose of enrollment.
SKE techniques rely on symmetric cryptography and/or quantum effects to offer strong security properties such as long-term security (LTS) or even information-theoretical security (ITS), distinguishing them from approaches based on public key cryptography (PKC) (or its version Post-Quantum Cryptography – PQC), whose security relies on computational complexity assumptions.
The primary quantum-based SKE method involves quantum key distribution (QKD), as a part of a full-scale SKE, which in principle allows protection against adversaries with unbounded computational resources, and thus – modulo technical implementation details -- may also be characterized as ITS. As it is well known, there is a need to extend QKD protocols by appropriate non-quantum SKE sub-methods to achieve a standalone, secure key distribution.
It should be noted however that any ITS concept, although sometimes referred to as “unconditional security”, is inextricably based on major assumptions/conditions that are paramount for critically evaluating its practical value, and will therefore be scrutinized here.
Additionally, whether a key establishment scheme is considered ITS, or not, is certainly not the only relevant criterion to consider. Further aspects to take into account are e.g. key strength (vs. key size), post-compromise security (PCS), forward secrecy (FS), key freshness, performance, operational efficiency (e.g., the number of security associations to maintain), cryptographic agility, secrets splitting, ability to support federation, requirements regarding operational environment and compute platform (such as performance, storage capacity, battery life), resilience against infrastructure failures, among others.
The proposed Technical Report (TR) will provide an equitable analysis of quantum and non-quantum SKE methods, with emphasis on, but not exclusively restricted to, ITS-achieving composite solutions. This TR is justified by the fact that not enough attention has been paid to SKE methods, as opposed to modern PQC and QKD approaches, which have gained spotlight status due to the widespread public concern with the quantum threat (the threat posed by quantum computing that is particularly acute for traditional PKC methods). However different types of SKE also often provide alternative quantum-safe solutions, typically based on well-known and sound cryptography. Moreover, many technology solutions in finance, telecom, public transport, and software sectors already rely on SKE. Stakeholders would, therefore, benefit from a better understanding of the security potential of quantum and non-quantum SKE at large to counter emerging challenges. The analysis proposed in TR will be adopting the definitions and framework developed in the Technical Report “QKD and PQC – An equitable analysis and comparison of both technologies” (Work Item number WIJT022002).
A proposed outline for the document would be:
1. Introduction
2. Scope
3. A general overview of SKE (quantum and non-quantum) protocols
4. ITS-achieving full scale SKE methods
. Distributed Symmetric Key Establishment (DSKE)
b. QKD-based, composite SKE
5. Equitable analysis of quantum and non-quantum approaches, following the SKE general framework
You are now following this standard. Weekly digest emails will be sent to update you on the following activities:
You can manage your follow preferences from your Account. Please check your mailbox junk folder if you don't receive the weekly email.
You have successfully unsubscribed from weekly updates for this standard.
Comment on proposal
Required form fields are indicated by an asterisk (*) character.