Diffie-Hellman Key Exchange in a Quantum World
In 1976, the foundations of our modern cybersecurity infrastructure were created with the publication of the Diffie-Hellman key exchange method:
Within the paper, Whitfield Diffie proposed a fundamental advancement in the usage of public key encryption and Marty Hellman laid out a method of using discrete logarithms to create a shared secret between Bob and Alice:
It was just magic, and although we now use elliptic curves instead of discrete logarithms, it is still at the heart of virtually every connection that we make to the Internet. However, quantum computers could put an end to it, as it is not so easy to implement the method using most of the new Post Quantum robust methods. Only the isogeny-based methods — such as with SIKE — support a DH-type of key exchange. Unfortunately, the version of SIKE submitted to the NIST PQC competition was cracked, and it is not now being considered for standardization. The new standards, though, use a KEM (Key Encapsulation Method), and where Alice sends Bob her public key, and then he encrypts the key he wants Alice to use with this key. Bob sends this over to Alice, and she decrypts it with her private key:
The main method that implements this is ML-KEM (FIPS 203 -Kyber), and which can be used for KEM and public key encryption. For this, we will replace ECDH (Elliptic Curve Diffie Hellman) with ML-KEM.
And, so, we thought that we had seen the end coming for the DH method, but now a new paper outlines an implementation within a quantum computer [here]:
The method uses quantum states to derive a shared secret between Bob and Alice. It uses the encoding of integers around the phase of weak coherent states, and which defines a one-way function between these integers and quantum states:
It thus requires a few more computations than the core DH method, but it implements the same basic principle of passing a public state derived from a secret state. They then derive a common secret quantum key |ψk j ⟩. Using this system, quantum circuits could derive shared keys without needing silicon.
Conclusions
The paper hasn’t been peer-reviewed yet, but it certainly gives insight into how we could derive shared secrets within a quantum infrastructure and see the DH method live on in a quantum era. Let’s see if it passes peer review, and then we can take it seriously as a future method.
