Pre-shared keys (PSK) have been widely used in network security. Nonetheless, existing PSK solutions are not scalable. Moreover, whenever a new user joins a network, PSK requires an existing user to get a new key before they are able to communicate with the new user. The key issue is how to distribute the PSK between different users. Here, we solve this problem by proposing a new protocol called Distributed Symmetric Key Establishment (DSKE). DSKE has the advantage of being scalable. Unlike standard public key infrastructure (PKI) which relies on computational assumptions, DSKE provides information-theoretic security in a universally composable security framework. Specifically, we prove the security (correctness and confidentiality) and robustness of this protocol against a computationally unbounded adversary, who additionally may have fully compromised a bounded number of the intermediaries and can eavesdrop on all communication. DSKE also achieves distributed trust through secret sharing. We present several implementations of DSKE in real environments, such as providing client services to link encryptors, network encryptors, and mobile phones, as well as the implementation of intermediaries, called Security Hubs, and associated test data as evidence for its versatility. As DSKE is highly scalable in a network setting with no distance limit, it is expected to be a cost-effective quantum-safe cryptographic solution to the network security threat presented by quantum computers.

翻译：预共享密钥（PSK）已在网络安全领域得到广泛应用。然而，现有的PSK解决方案不具备可扩展性。此外，每当新用户加入网络时，PSK要求现有用户获取新密钥后才能与新用户通信。关键问题在于如何在不同用户之间分发PSK。本文通过提出一种名为分布式对称密钥建立（DSKE）的新协议来解决此问题。DSKE具有可扩展的优势。与依赖计算假设的标准公钥基础设施（PKI）不同，DSKE在通用可组合安全框架下提供信息论安全性。具体而言，我们证明了该协议在对抗计算能力无限制的敌手时的安全性（正确性与保密性）及鲁棒性——该敌手还可能完全攻陷有限数量的中介节点并窃听所有通信。DSKE还通过秘密共享实现分布式信任。我们展示了DSKE在真实环境中的多种实现方案，例如为链路加密器、网络加密器和移动电话提供客户端服务，以及名为安全枢纽的中介节点实现方案，并提供了相关测试数据以证明其多功能性。由于DSKE在网络环境中具有高度可扩展性且无距离限制，它有望成为应对量子计算机带来的网络安全威胁的一种经济高效的量子安全密码解决方案。