Enhancing Quantum-Safe Cryptography in TLS: The Role of Pre-Shared Keys

Due to the increasing attainability of quantum computers, the threat to traditional cryptographic algorithms is more relevant than ever before. However, the field of Post-Quantum Cryptography (PQC) to address this is still young and may potentially exhibit security vulnerabilities. In this paper, the role of Pre-Shared Keys (PSK) is analyzed in an attack scenario with both traditional and post-quantum algorithms potentially broken. We present a scheme for improved integration of external PSKs into a PQC-secured TLS 1.3 handshake, with a focus on no security compromises and broad deployment options. In that context, the protection of long-term secrets on dedicated security tokens and the integration of Quantum Key Distribution (QKD) are elaborated. For QKD integration, our scheme enables a deployment without QKD-specific changes to TLS. In addition to the scheme itself, a reference implementation is presented and evaluated to demonstrate its technical viability. Our results indicate that the general integration of PSKs into the TLS handshake adds negligible overhead while substantially increasing the achieved security level. Although deployments using dedicated security tokens or QKD systems have a significant influence on handshake times, specific applications could benefit greatly from the added security guarantees.