Authentication and key establishment protocol from supersingular isogeny for mobile environments

This paper presents a provably secure post-quantum authentication and key establishment protocol for mobile environments, which is the first one from supersingular isogeny to our best knowledge that achieves the client user authentication by using the convenient password and the server authentication by using the password-transformed secret value and its certificate, together with the final session key establishment between them. This makes it be quite suitable for providing quantum-resilient security assurance in mobile environments in the near future post-quantum era. The presented protocol actually is constructed by integrating the password-based authentication way with the key encapsulation mechanism and thereby is named as PBKEM for short. The presented post-quantum PBKEM protocol from supersingular isogeny is formally proved secure in the random oracle model under the well-known Bellare–Pointcheval–Rogaway (BPR) security model, whose security is finally reduced to the SI-CDH security assumption and the IND-CCA security of the SIKE scheme. Moreover, it is implemented on a personal computer by using the SIDH Library provided by Microsoft, and the experimental results have shown that the protocol is efficient enough to be applied in practice to provide quantum-resilient security assurance.