How Symmetrikey and Authentikey work

The science behind our key exchange algorithm and Continuous Trust Verification Protocol.

Discover how Symmetrikey works
Discover how Authentikey works

Quantum security for every device

It’s well-understood that every organisation needs to take steps urgently to protect itself against future quantum attacks, and current hack now, decrypt later (HNDL) attacks. But how to do that is still the subject of some debate.

Protecting constrained devices

It’s predicted that there will be 50 billion IoT devices in circulation by 2050. Current NIST-approved algorithms for key exchange and authentication are too large for these devices. Many of these devices also rely on static keys for authentication, which are inherently risky – if an attacker steals the key, the device is permanently compromised.

Protecting the SIM

SIM cards have long been considered a secure enclave for identity services – but a range of vulnerabilities, including risk of quantum attack, mean that a new solution is needed to secure the SIM.

The authentication challenge

Authentication workflows are just as vulnerable to quantum attack as key exchange – but they are also vulnerable to a range of other attacks. Current PKI, certificate-based authentication is too slow and vulnerable to be fit for purpose – especially for constrained environments and decentralised networks. Static keys, as already mentioned, are inherently risky – and their security decays over time as the likelihood of the key being stolen increases.

How Cavero Quantum solves the challenge

We have two technologies that enable organisations to protect against quantum attacks on key exchange and authentication: Symmetrikey and Authentikey 

Symmetrikey

Symmetrikey is a quantum-safe key exchange protocol that enables the creation of faster PQC solutions that function in constrained environments.

Key features

  • Uses Ring Learning With Errors as the basis of security
  • Uses correlation filtering inspired by QKD to further improve security
  • Lab tests demonstrate Symmetrikey is 35% faster than ML-KEM
  • Capable of running in constrained environments including SIM cards, embedded devices, and IoT sensors

Authentikey

Authentikey is the world’s first Continuous Trust Verification Protocol that provides fast and strong mutual endpoint authentication, and supports quantum-safe encryption.

Key features

  • Uses key exchange history to reauthenticate endpoints, with perfect forward secrecy and break-in recovery
  • An ideal replacement for static keys and for certificate-based authentication, acting as a self-rotating secret.
  • Supports a classical and quantum-safe keys, supporting crypto-agility and quantum security
See which industries we support

How Symmetrikey works

Symmetrikey uses Ring Learning With Errors (RLWE) as the basis of security. RLWE is similar to the well-known PQC problem, Learning with Errors (LWE), done over a polynomial ring.

A variant of LWE is also used by the NIST-approved ML-KEM and ML-DSA protocols, meaning that Symmetrikey is based on proven mathematical problems. To date, no computational shortcuts have been found for RLWE, making it a quantum-safe PQC problem.

In addition to RLWE, Symmetrikey uses correlation filtering. Correlation filtering is a technique borrowed from QKD that enables each party to generate identical keys without having to transmit anything over a public channel that could enable an attacker to guess or compute the key.

Download the Symmetrikey science paper

How Authentikey works

From an initial root of trust which you choose, Authentikey creates a shared ledger of key exchanges and a unique two-way challenge to validate both parties in the authentication.

In subsequent exchanges, the key ledger is used in place of the initial root of trust, with a new key is generated and added to the shared ledger. The ledger becomes a self-rotating secret that remains secure even if the initial trust anchor is compromised.

Because Authentikey uses the key ledger to reauthenticate instead of the initial root of trust, it protects against Authentication decay – and as long as the keys used are quantum safe keys like Symmetrikey, the authentiation is quantum safe, too. 

Download the Authentikey science paper

How to get the technology

You can get Symmetrikey and Authentikey via the Cavero Cryptographic Library, which is currently at v1 stage and in beta testing. The library enables you to implement Authentikey using your choice of keys – Symmetrikey, ML-KEM, or ECDH.

Once this has been set up, there are very few API calls required to run the authentication – full details can be found in the documentation.

We also provide an example app and stubs to be replaced by your defined components, to help
with integration.

To access the Cavero Cryptographic Library, fill in the form below and our team will be in touch to discuss your project.