In cryptography, key establishment protocols are often the starting point paving the way towards secure execution of different tasks. Namely, the parties seeking to achieve some cryptographic task, often start by establishing a common high-entropy secret that will eventually be used to secure their communication. In this paper, we put forward a security model for group key establishment ($\mathsf{GAKE}$) with an adversary that may execute efficient quantum algorithms, yet only once the execution of the protocol has concluded. This captures a situation in which keys are to be established in the present, while security guarantees must still be provided in the future when quantum resources may be accessible to a potential adversary.Further, we propose a protocol design that can be proven secure in this model. Our proposal uses password authentication and builds upon efficient and reasonably well understood primitives: a message authentication code and a post-quantum key encapsulation mechanism. The hybrid structure dodges potential efficiency downsides, like large signatures, of some “true” post-quantum authentication techniques, making our protocol a potentially interesting fit for current applications with long-term security needs. PDF  XML

中文翻译：

---

量子未来场景中的组密钥建立

在密码学中，密钥建立协议通常是为安全执行不同任务铺平道路的起点。即，寻求实现某些加密任务的各方通常从建立通用的高熵秘密开始，该秘密最终将用于保护其通信。在本文中，我们提出了用于组密钥建立的安全模型（$ \ mathsf {GAKE} $）的对手可以执行有效的量子算法，但仅在协议执行结束后才能执行。这捕获了当前要建立密钥的情况，而将来当潜在潜在对手可以访问量子资源时仍必须提供安全保证。此外，我们提出了一种协议设计，可以证明在这种情况下是安全的模型。我们的建议使用密码身份验证，并建立在有效且合理理解的原语之上：消息身份验证代码和后量子密钥封装机制。混合结构避免了某些“真实的”量子后身份验证技术的潜在效率下降（如大型签名），这使我们的协议可能成为对具有长期安全需求的当前应用的潜在关注。PDF XML