| Thread Links | Date Links | ||||
|---|---|---|---|---|---|
| Thread Prev | Thread Next | Thread Index | Date Prev | Date Next | Date Index |
Hi Dan,
Thanks for your comments during the call just now.
If I recalled correctly, you said the quantum computer(QC) can crack the SAEss (K), could you elaborate how to make it based on the first two commit message exchange? In my mind, once we concatenate SAEss and ML-KEMss as IETF TLS did before PMK derivation, it's impossible for the QC to only crack the SAEss . Please correct me if I make any mistake.
The ideas in my contribution is quite similar to the following: please see the link as bellow.
The another comment was relevant to transcript, I can add it during PMK derivation. Due to the time constraint, I don't have time to take other comments, we can discuss them in this reflector.
PQC in WPA3/WPA4 Handshakes: WPA3’s SAE is based on finite-field or elliptic curve cryptography (it’s a password-authenticated key exchange using discrete log problems). To be quantum-safe, one idea is to perform a hybrid key exchange: combine the traditional SAE (to ward off classical attackers) with a parallel PQC key exchange (like exchanging Kyber public keys within the handshake). This way, even if a quantum adversary records the exchange, they would need to break both the classical and the post-quantum parts to get the key (which is conjectured to be infeasible). Efforts in other domains, such as TLS 1.3, have already defined hybrid key exchanges (e.g., combining ECDH with Kyber ).
Wireless Network Security in 2025 and Beyond | by David Montgomery | Medium
Thanks
Best Regards
Jay Yang (杨志杰)
To unsubscribe from the STDS-802-11-TGBT list, click the following link: https://listserv.ieee.org/cgi-bin/wa?SUBED1=STDS-802-11-TGBT&A=1