Post-Quantum Cryptography-Based Bidirectional Authentication Key Exchange Protocol and Industry Applications: A Case Study of Instant Messaging
About
This study aims to enhance the bidirectional authentication capability of ML-KEM (Module-Lattice-Based Key-Encapsulation Mechanism) by proposing the post-quantum cryptography-based (PQC-based) bidirectional authentication key exchange protocol. Furthermore, it introduces dual-usage certificates combining PQC-based DSA (Digital Signature Algorithm) and PQC-based KEM, which include composite schemes, catalyst schemes, and chameleon schemes. These dual-usage certificates utilize the PQC-based DSA public key and PQC-based KEM public key within the certificate to meet the requirements for bidirectional authentication and encryption, enabling the negotiation of a shared secret key. During the experimental phase, the study validates and compares key exchange message lengths and computation times under different certificate configurations. Finally, instant messaging is presented as an industry application to demonstrate the practical implementation of the proposed protocol.
Related benchmarks
| Task | Dataset | Result | Rank | |
|---|---|---|---|---|
| Key Exchange Response Length Measurement | SLH-DSA fast | Response Length (Security Level 1)3.63e+4 | 8 | |
| Communication Overhead Measurement | Key Exchange Request ML-DSA-44 + ML-KEM-512 (Security Level 1) | Message Length (Bytes)7.55e+3 | 4 | |
| Communication Overhead Measurement | Key Exchange Request Security Level 3 ML-DSA-65 + ML-KEM-768 | Length (Bytes)1.04e+4 | 4 | |
| Communication Overhead Measurement | Key Exchange Request Security Level 5 ML-DSA-87 + ML-KEM-1024 | Length (Bytes)1.40e+4 | 4 | |
| Key Exchange Communication Overhead | ML-DSA Key Exchange Response | Key Exchange Overhead (SL1)8.33e+3 | 4 | |
| Key Exchange Response | SLH-DSA Security Level 1 SLH-DSA-128s + ML-KEM-512 small | Response Message Length (Bytes)1.79e+4 | 4 | |
| Key Exchange Response | SLH-DSA-192s + ML-KEM-768 Security Level 3 small | Response Message Length (Bytes)3.54e+4 | 4 | |
| Key Exchange Response | SLH-DSA Security Level 5 SLH-DSA-256s + ML-KEM-1024 small | Key Exchange Response Message Length (Bytes)6.34e+4 | 4 | |
| Key Exchange Ack message length comparison | SLH-DSA small | Ack Message Length (SL1)1.79e+4 | 4 | |
| Key Exchange Request | SLH-DSA fast | Key Exchange Count (SL1)5.27e+4 | 4 |