Description
Quantum computers impose a threat to many currently deployed networks
because of their capability to break todays mainly used public-key
cryptosystems. Especially concerning is this threat for anonymization
networks such as Tor, whose aim is to protect its users from tracking
and to provide means for communicating secretly. An important part of
Tor that is vulnerable to adversaries with quantum-capabilities is the
ntor handshake, which is responsible for negotiating keys and providing
one-way authentication. There are proposals on how to modify ntor to
resist such attacks. They mainly do this by replacing the vulnerable
Diffie-Hellman operations with quantum-resistant methods. Because these
quantum-resistant primitives are often quite new and have not withstood
such a long time of analysis as Diffie-Hellman, the common approach is
to use both, Diffie-Hellman and quantum-resistant schemes, in a hybrid
way, such that the combined scheme is secure as long as one of the
underlying schemes is. A drawback of the proposed adaptations of ntor is
that they, to the best of my knowledge, do not provide quantum-resistant
authentication and are therefore vulnerable against man-in-the-middle
attacks by an adversary with quantum-capabilities. In line with this
thought, the goal of this thesis shall be to provide a modified
specification and implementation of ntor that retains confidentiality
and authentication against quantum-adversaries. The implementation's
performance is measured and compared with the currently deployed ntor
protocol.
|
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching