Cryptography underpins the security of modern digital infrastructure, from cloud services to health data. However, many widely deployed systems will become vulnerable after the advent of scalable quantum computing. Although quantum-safe cryptographic primitives have been developed, such as lattice-based digital signature algorithms (DSAs) and key encapsulation mechanisms (KEMs), their unique structural and performance characteristics make them unsuitable for existing protocols. In this work, we introduce a quantum-safe single-shot protocol for machine-to-machine authentication and authorization that is specifically designed to leverage the strengths of lattice-based DSAs and KEMs. Operating entirely over insecure channels, this protocol enables the forward-secure establishment of tokens in constrained environments. By demonstrating how new quantum-safe cryptographic primitives can be incorporated into secure systems, this study lays the groundwork for scalable, resilient, and future-proof identity infrastructures in a quantum-enabled world.

翻译：密码学是现代数字基础设施安全的基石，从云服务到健康数据均依赖其保障。然而，在可扩展量子计算出现后，许多广泛部署的系统将变得脆弱。尽管量子安全的密码学原语（如基于格的数字签名算法和密钥封装机制）已被开发出来，但其独特的结构和性能特征使其难以适配现有协议。本文提出一种专为机器间认证与授权设计的量子安全单次协议，该协议充分利用基于格的数字签名算法和密钥封装机制的优势。该协议完全在不安全信道中运行，能够在受限环境下实现前向安全的令牌建立。通过展示如何将新型量子安全密码原语集成到安全系统中，本研究为量子时代可扩展、强韧且面向未来的身份基础设施奠定了基础。