Draft:X-Wing KEM

Review waiting, please be patient.

This may take 3 months or more, since drafts are reviewed in no specific order. There are 1,325 pending submissions waiting for review.

If the submission is accepted, then this page will be moved into the article space.
If the submission is declined, then the reason will be posted here.
In the meantime, you can continue to improve this submission by editing normally.

Where to get help

If you need help editing or submitting your draft, please ask us a question at the AfC Help Desk or get live help from experienced editors. These venues are only for help with editing and the submission process, not to get reviews.
If you need feedback on your draft, or if the review is taking a lot of time, you can try asking for help on the talk page of a relevant WikiProject. Some WikiProjects are more active than others so a speedy reply is not guaranteed.

How to improve a draft

Wikipedia:Contributing to Wikipedia – a basic overview on how to edit Wikipedia.
Help:Wikitext – how to use the markup
Help:Referencing for beginners – how to include references
Wikipedia:Article development – how to develop your article
Wikipedia:Writing better articles – how to improve your article
Wikipedia:Verifiability – make sure your article includes reliable third-party sources

You can also browse Wikipedia:Featured articles and Wikipedia:Good articles to find examples of Wikipedia's best writing on topics similar to your proposed article.

Improving your odds of a speedy review

To improve your odds of a faster review, tag your draft with relevant WikiProject tags using the button below. This will let reviewers know a new draft has been submitted in their area of interest. For instance, if you wrote about a female astronomer, you would want to add the Biography, Astronomy, and Women scientists tags.

Add tags to your draft

Editor resources

Easy tools: Citation bot (help) | Advanced: Fix bare URLs

Reviewer tools

Instructions · What links here · X-Wing KEM (talk: + · bio) · (log) · Copyvios report · reFill · Citation Bot · (Search: Google, Wikipedia) · Submitted 2 days ago by 90.145.31.194 (talk: D · +) · Last edited 2 days ago by Wikishovel

X-Wing is a hybrid key encapsulation mechanism (KEM) designed to be resistant to cryptanalytic with future powerful quantum computers as well as still being secure against classical (e.g. non-quantum) attacks when the underlying, relatively new, post-quantum cryptography algorithm is found to be weak. It combines the classical X25519 ECDH key exchange with ML-KEM-768 as post-quantum algorithm. It is used to establish a shared secret between two communicating parties without an (IND-CCA2) attacker in the transmission system being able to decrypt it.^[1]

Hybrid key exchange

X-Wing implements a hybrid key exchange, meaning that it combines multiple key exchange algorithms to create one shared secret. This is motivated by the transition to post-quantum cryptography^[2] that has undergone less cryptanalysis than the classical algorithms. To ensure that the key exchange is not weakened by these post-quantum algorithms, both key exchanges are combined in such a way that if one is completely broken, the system still has the security properties of the non-broken algorithm.

Key derivation

While ML-KEM-768 is IND-CCA2 resistant, X25519 is not.^[1] X-Wing chooses to rely on the IND-CCA2 properties of ML-KEM-768 while including the public key and ciphertext of X25519 in the final key-derivation. This final key derivation uses SHA3-256 which combines the (already IND-CCA2 secure) ML-KEM-768 shared secret with the X25519 shared secret, public key and ciphertext.

Any modification by an attacker to the public key or ciphertext will result in an incorrect key, which shall fail subsequent key confirmation.

Limitations

X-Wing, and KEMs in general, provide no authentication of the key exchange. A separate authentication scheme needs to be used to validate that the key exchange was executed with a trusted party^[3], which is not part of the X-Wing mechanism.

In general, a hybrid KEM provides a small performance penalty compared to a post-quantum only algorithm, but the penalty is low. ^[4]

References

^ ^a ^b Barbosa, Manuel; Connolly, Deirdre; Duarte, João Diogo; Kaiser, Aaron; Schwabe, Peter; Varner, Karolin; Westerbaan, Bas (2024-04-09). "X-Wing". IACR Communications in Cryptology. 1 (1). doi:10.62056/a3qj89n4e. ISSN 3006-5496.
^ Stebila, Douglas; Fluhrer, Scott; Gueron, Shay (2024-04-05). Hybrid key exchange in TLS 1.3 (Report). Internet Engineering Task Force.
^ Boyd, Colin; de Kock, Bor; Millerjord, Lise (2023-07-05). "Modular Design of KEM-Based Authenticated Key Exchange". Lecture Notes in Computer Science. Berlin, Heidelberg: Springer-Verlag. pp. 553–579. doi:10.1007/978-3-031-35486-1_24. ISBN 978-3-031-35485-4.
^ Giron, Alexandre Augusto; Nascimento, João Pedro Adami do; Custódio, Ricardo; Perin, Lucas Pandolfo (2022), Post-Quantum Hybrid KEMTLS Performance in Simulated and Real Network Environments, retrieved 2024-09-17

[:0-1] Barbosa, Manuel; Connolly, Deirdre; Duarte, João Diogo; Kaiser, Aaron; Schwabe, Peter; Varner, Karolin; Westerbaan, Bas (2024-04-09). "X-Wing". IACR Communications in Cryptology. 1 (1). doi:10.62056/a3qj89n4e. ISSN 3006-5496.

[2] Stebila, Douglas; Fluhrer, Scott; Gueron, Shay (2024-04-05). Hybrid key exchange in TLS 1.3 (Report). Internet Engineering Task Force.

[3] Boyd, Colin; de Kock, Bor; Millerjord, Lise (2023-07-05). "Modular Design of KEM-Based Authenticated Key Exchange". Lecture Notes in Computer Science. Berlin, Heidelberg: Springer-Verlag. pp. 553–579. doi:10.1007/978-3-031-35486-1_24. ISBN 978-3-031-35485-4.

[4] Giron, Alexandre Augusto; Nascimento, João Pedro Adami do; Custódio, Ricardo; Perin, Lucas Pandolfo (2022), Post-Quantum Hybrid KEMTLS Performance in Simulated and Real Network Environments, retrieved 2024-09-17

[1]

[2]

[3]

[4]