Post-quantum Hybrid Key Exchange in the IKEv2 with ECDH, ML-KEM, and FrodoKEM

To mitigate the security threats on key exchanges again quantum computers, especialy the harvest-now-and-decrypt-later (HNDL) attack, the approach of hybrid key encapsulation mechanisms (KEMs) has been proposed to achieve secure key exchange if at least one of KEMs is still secure. In particular, hybrid KEMs is supposed to be used in the scenarios where one or multiple traditional KEMs are used together with one or multiple post-quantum KEMs . The Internet Key Exchange Protocol Version 2 (IKEv2), which sepecifies the key exchange procedures of IPSec, has to be updated for quantum resistant security. For this purpose, RFC 9370 describes a framework to hybrid mulitple key encapsulation mechanisms (KEMs), which extends the IKEv2 by allowing multiple key exchanges to take place for deriving shared secret keys during a Security Association (SA) setup. Essentially, this speficiation employs the IKE_INTERMEDIATE exchange, which is a new IKE message introduced in so that multiple key exchanges can be run to establish an IKE SA via exchanging additional PQ public keys and ciphertexts between a client and a server. RFC 9370 also introduces IKE_FOLLOWUP_KE, a new IKEv2 exchange for realizing the same purpose when the IKE SA is being rekeyed or is creating additional Child SAs. However, RFC 9370 just specifies the framework of hybrid KEMS but it has not been instantiated for concrete multiple KEMS. desribes how the framework given by RFC 9370 can be run with the post-quantum (PQ) ML-KEM, also called Kyber, whose formal specification is expected to be published by NIST in 2024. However, on the one hand, FRC 9350 allows up to 7 layers of additiona KEMs employed with the oringal ECDH to derive final shared secret keys for the IKEv2. On the other hand, for some applications (e.g. financial services) demanding high security level, additional PQ KEMs may be desired for completing the hybrid KEMs for the IKEv2. Currently, ML-KEM is the only PQ KEM in the NIST standardization process, while ISO is now standardizing three PQ KEM aglorithms: Kyber, FrodoKEM, and classic McElliece. Note that Frodo is unstructured lattice based KEM, whose security is more conservative compared to ML-KEM, which is based on structured lattice. Therefore, this draft is motivated to describe concretely how the frame of hybrid KEMs for the IKEv2 specified in RFC 9370 can be run via hybriding the ogirinal ECDH and two PQ KEMs, i.e, ML-KEM and FrodoKEM. The following gives several reasons why such diversity of KEMs is important for the IKEv2 (and also other security protocols).

The availability of various PQC algorithms is beneficial to applications as different PQC algorithms could be selected according to practical performance requirements and security requirements.
Generally speaking, post-quantum algorithms are still not mature yet. Some algorithms may turn out to be insecure after a number of years’ study and/or standardization. An example is SIKE, which had been in the NIST standardization progres for several years until it was totally broken in Aug. of 2022.
Cryptographic agility shall play a crucial role in the PQ migration . To facilitate cryptographic agility, not only should the systems and protocols be engineered agile but also there should be a good size of standardized PQC algorithms available, which may be based on different hard problems.

However, the perfomace of Frodo is not as good as ML-KEM. In particular, the sizes of pulic key and ciphtertext of FrodoKEM are roughtly 10 times larger than those of ML-KEM. Consequtently, this will almost unavoidably triger the issue of IKE fragmentation.

Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here.

ML-KEM and FrodoKEM Key encapsulation mechanism(KEM) is a kind of key exchange, which allows one entity to encapsulate a secret key under a (longterm or ephemeral) public key of another entity. By following the definiton given in , a KEM consists of three algorithms:

KeyGen(k) -> (pk, sk): A probabilistic key generation algorithm, which generates a public encapsulation key pk and a secret decapsulation key sk, when a security parameter k is given.
Encaps(pk) -> (ct, ss): A probabilistic encapsulation algorithm, which takes as input a public encapsulation key pk and outputs a ciphertext ct and shared secret ss.
Decaps(sk, ct) -> ss: A decapsulation algorithm, which takes as input a secret decapsulation key sk and ciphertext ct and outputs a shared secret ss.

ML-KEM and FrodoKEM are two well-known post-quantum KEMs from lattice. More specifically, ML-KEM , orignially called Kyber, has been selected as the only one KEM scheme in its first patch of PQ standardizatio by NIST. It is a Module-Lattice-Based Key-Encapsulation Mechanism, so called ML-KEM, which will be published as FIPS 203 standard (ML-KEM) by NIST. ML-KEM is also specified as an Internet Draft in IETF . FrodoKEM is one of three KEMS in the process of ISO stardandization, which is based on unstructured lattice problem. However, the perfomace of Frodo is not as good as ML-KEM. Specifically, as showen in Table 1, the sizes of pulic key and ciphtertext of FrodoKEM are roughtly 10 times larger than those of ML-KEM. Consequtently, this will almost unavoidably triger the issue of IKE fragmentation .

Following general exmaples given in Appendix A of , here is an example to show that the initiator proposes the use of additional key exchanges to establish an IKE SA. Here, the initiator proposes three sets of additional key exchanges. Namely, the first set is TBD36 (ml-kem-768), TBD37 (ml-kem-1024) or NONE; the second set is TBD43 (eFrodoKEM-976-<AES>), TBD45 (eFrodoKEM-976-<SHAKE>) or NONE; and the third set is TBD49 (eFrodoKEM-1344-<SHAKE>) or NONE (refer to ). As all of the three additional key exchanes are optional, the responder can choose NONE for some or all of the additional exchanges if the proposed key exchange methods are not supported or for whatever reasons the responder decides not to perform the additional key exchange. KEi(Curve25519), Ni, N(IKEV2_FRAG_SUPPORTED), N(INTERMEDIATE_EXCHANGE_SUPPORTED) Proposal #1 Transform ECR (ID = ENCR_AES_GCM_16, 256-bit key) Transform PRF (ID = PRF_HMAC_SHA2_512) Transform KE (ID = Curve25519) Transform ADDKE1 (ID = TBD36) Transform ADDKE1 (ID = TBD37) Transform ADDKE1 (ID = NONE) Transform ADDKE2 (ID = TBD43) Transform ADDKE2 (ID = TBD45) Transform ADDKE2 (ID = NONE) Transform ADDKE3 (ID = TBD49) Transform ADDKE3 (ID = NONE) <--- HDR(IKE_SA_INIT), SAr1(.. ADDKE*...), KEr(Curve25519), Nr, N(IKEV2_FRAG_SUPPORTED), N(INTERMEDIATE_EXCHANGE_SUPPORTED) Proposal #1 Transform ECR (ID = ENCR_AES_GCM_16, 256-bit key) Transform PRF (ID = PRF_HMAC_SHA2_512) Transform KE (ID = Curve25519) Transform ADDKE1 (ID = TBD36) Transform ADDKE2 (ID = TBD43) Transform ADDKE3 (ID = NONE) HDR(IKE_INTERMEDIATE), SK {KEi(1)(TBD36)} --> <--- HDR(IKE_INTERMEDIATE), SK {KEr(1)(TBD36)} HDR(IKE_INTERMEDIATE), SK {KEi(2)(TBD43)} --> <--- HDR(IKE_INTERMEDIATE), SK {KEr(2)(TBD43)} HDR(IKE_AUTH), SK{ IDi, AUTH, SAi2, TSi, TSr } ---> <--- HDR(IKE_AUTH), SK{IDr, AUTH, SAr2,TSi, TSr} Fig. 1 Hybrid KEMs of ECDH, TBD36 (ml-kem-768), and TBD43 (eFrodoKEM-976-) ]]> In the above specific example, the responder chooses to run two additional key exchanges. Namely, it selects TBD36 (ml-kem-768), TBD43 (eFrodoKEM-976-<AES>), and NONE, respectively for the first, second, and third additional key exchanges. According to , a set of keying materials can be derived, in particular SK_d, SK_a[i/r], and SK_e[i/r]. After that, both peers will perform an IKE_INTERMEDIATE exchange, carrying TBD36 payload, which is protected with SK_e[i/r] and SK_a[i/r] keys. After the completion of this IKE_INTERMEDIATE exchange, the SKEYSEED is updated using SK(1), which is the TBD36 shared secret. Next, an IKE_INTERMEDIATE exchange for TBD43 payload will be performed so that the SKEYSEED will be updated again. After the completion of both IKE_INTERMEDIATE exchanges, the initiator and the responder continue to the IKE_AUTH exchange phase. More details and and further examples will be provided later

Basically, security considerations from , and apply to hybrid KEM exchange of ECDH, ML-KEM, and FrodoKEM described in this draft. In additon, due to the fragmentation of public key and cipthertext of IKE message when FrodoKEM is hybrided, the performance of IKEv2 may be affected and the chance of re-transmision of IKE packet could become higher in some networking secnarios. Further security analysis will be updated later.

To be added later.