The strongest practice is to ensure that any post-quantum preshared key contains at least 256 bits of entropy; this will provide 128 bits of post-quantum security, while providing security …

The protection is achieved by means of a Post-quantum Preshared Key (PPK) that is mixed into the session keys calculation. However, this protection does not cover an initial IKEv2 Security …

The design does not categorize algorithms as "post-quantum" or "non-post-quantum", nor does it create assumptions about the properties of the algorithms; meaning that if algorithms with …

Security considerations for using Post-quantum Preshared Keys in the IKEv2 protocol are discussed in [RFC8784]. Unlike using PPKs in IKE_AUTH, this specification makes even initial …

The Module-Lattice-Based Digital Signature Algorithm (ML-DSA), as defined by NIST in FIPS 204, is a post-quantum digital signature scheme that aims to be secure against an adversary in …

Since the HSS/LMS signature algorithm does not depend on the difficulty of discrete logarithms or factoring, but on a second-preimage-resistant cryptographic hash function, the HSS/LMS …

Abstract The Module-Lattice-Based Digital Signature Algorithm (ML-DSA), as defined by NIST in FIPS 204, is a post-quantum digital signature scheme that aims to be secure against an …

Since the HSS/LMS signature algorithm does not depend on the difficulty of discrete logarithm or factoring, the HSS/LMS signature algorithm is considered to be post-quantum secure.

4.1. IKEv2 Post-Quantum Support IKEv1 and its way of using Preshared Keys (PSKs) protects against quantum-computer-based attacks. IKEv2 updated its use of PSKs to improve the error …

RFC: 8696 Category: Standards Track Published: December 2019 ISSN: 2070-1721 Author: R. Housley Vigil Security