]> Inria

elsa.lopez-perez@inria.fr

Ericsson

goran.selander@ericsson.com

Ericsson

john.mattsson@ericsson.com

University of Murcia

rafa@um.es

University of Murcia

francisco.lopezg@um.es

Security LAKE Working Group This document specifies a Pre-Shared Key (PSK) authentication method for the Ephemeral Diffie-Hellman Over COSE (EDHOC) key exchange protocol. The PSK method enhances computational efficiency while providing mutual authentication, ephemeral key exchange, identity protection, and quantum resistance. It is particularly suited for systems where nodes share a PSK provided out-of-band (external PSK) and enables efficient session resumption with less computational overhead when the PSK is provided from a previous EDHOC session (resumption PSK). This document details the PSK method flow, key derivation changes, message formatting, processing, and security considerations. About This Document The latest revision of this draft can be found at . Status information for this document may be found at . Discussion of this document takes place on the LAKE Working Group mailing list (), which is archived at . Subscribe at . Source for this draft and an issue tracker can be found at .

Introduction This document defines a Pre-Shared Key (PSK) authentication method for the Ephemeral Diffie-Hellman Over COSE (EDHOC) key exchange protocol . The PSK method balances the complexity of credential distribution with computational efficiency. While symmetric key distribution is more complex than asymmetric approaches, PSK authentication offers greater computational efficiency compared to the methods outlined in . The PSK method retains mutual authentication, asymmetric ephemeral key exchange, and identity protection established by . EDHOC with PSK authentication benefits use cases where two nodes share a Pre-Shared Key (PSK) provided out-of-band (external PSK). Examples include the Authenticated Key Management Architecture (AKMA) in mobile systems or the Peer and Authenticator in Extensible Authentication Protocol (EAP) systems. The PSK method enables the nodes to perform ephemeral key exchange, achieving Perfect Forward Secrecy (PFS). This ensures that even if the PSK is compromised, past communications remain secure against active attackers, while future communications are protected against passive attackers. Additionally, by leveraging the PSK for both authentication and key derivation, the method provides quantum-resistant key exchange and authentication even when used with ECDHE. Another important use case of PSK authentication in the EDHOC protocol is session resumption. This allows previously connected parties to quickly reestablish secure communication using pre-shared keys from a prior session, reducing the overhead associated with key exchange and asymmetric authentication. By using PSK authentication, EDHOC allows session keys to be refreshed with significantly lower computational overhead compared to public-key authentication. In this case, the resumption PSK is provisioned after the establishment of a previous EDHOC session by using EDHOC_Exporter. Thus, the external PSK serves as a long-term credential while the resumption PSK acts as a session key. Section 3 provides an overview of the PSK method flow and credentials. Section 4 outlines the changes to key derivation compared to . Section 5 details message formatting and processing, and Section 6 describes the usage of PSK for resumption. Section 7 defines the use of EDHOC-PSK with OSCORE. Security considerations are described in Section 8, and Section 9 outlines the IANA considerations.

Conventions and Definitions The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here. Readers are expected to be familiar with the terms and concepts described in EDHOC , CBOR , CBOR Sequences , COSE Structures and Processing , COSE Algorithms , CWT and CCS , and the Concise Data Definition Language (CDDL) , which is used to express CBOR data structures.

Protocol This document specifies a new EDHOC authentication method (see ) referred to as the Pre-Shared Key method (EDHOC-PSK). This method shares some features with, and differs in other respects from, the authentication methods previously defined in EDHOC. Authentication is based on a Pre-Shared Key (PSK) shared between the Initiator and the Responder. As in the methods defined in , CRED_I and CRED_R are authentication credentials containing identifying information for the Initiator and Responder, respectively. However, unlike those methods, there is a single shared authentication credential identifier, ID_CRED_PSK, which the Responder uses to retrieve the PSK and the associated authentication credentials.

Credentials The Initiator and Responder are assumed to share a PSK (either an external PSK or a resumption PSK) with high entropy that meets the following requirements:

• Only the Initiator and the Responder have access to the PSK.
• The Responder can retrieve the PSK, CRED_I, and CRED_R, using ID_CRED_PSK.

ID_CRED_PSK ID_CRED_PSK is a COSE header map containing header parameters that can identify a pre-shared key. For example: The purpose of ID_CRED_PSK is to facilitate retrieval of the correct PSK. While ID_CRED_PSK use encoding and representation patterns from , it differs fundamentally in that it identifies a symmetric key rather than a public authentication key. It is RECOMMENDED that ID_CRED_PSK uniquely or stochastically identifies the corresponding PSK. Uniqueness avoids ambiguity that could require the recipient to try multiple keys, while stochasticity reduces the risk of identifier collisions and supports stateless processing. These properties align with the requirements for rKID in session resumption.

CRED_I and CRED_R CRED_I and CRED_R are authentication credentials associated with the PSK. The notation CRED_x refers to either CRED_I or CRED_R. Authentication is achieved implicitly through the successful use of the PSK to derive keying material, and to encrypt and subsequently decrypt protected messages. When using an external PSK, a common representation of CRED_I and CRED_R is a CBOR Web Token (CWT) or CWT Claims Set (CCS) , where the 'cnf' claim includes the confirmation method COSE_Key. An example of CRED_I and CRED_R is shown below: Alternative formats for CRED_I and CRED_R MAY be used. When a resumption PSK is employed, CRED_I and CRED_R MUST be the same credentials used in the initial EDHOC exchange, for example, public-key credentials such as X.509 certificates. Implementations MUST ensure that CRED_I and CRED_R are distinct, for example by including different identities in their sub-claims (e.g., "42-50-31-FF-EF-37-32-39" and "23-11-58-AA-B3-7F-10"). Ensuring distinct credentials simplifies correct party identification and prevents reflection and misbinding attacks, as described in .

Encoding and processing guidelines The following guidelines apply to the encoding and handling of CRED_x and ID_CRED_PSK. Requirements on CRED_x applies both to CRED_I and to CRED_R.

• If CRED_x is CBOR-encoded, it SHOULD use deterministic encoding as specified in Sections and of . Deterministic encoding ensures consistent identification and avoids interoperability issues caused by non-deterministic CBOR variants.
• If CRED_x is provisioned out-of-band and transported by value, it SHOULD be used as received without re-encoding. Re-encoding can cause mismatches when comparing identifiers such as hash values or 'kid' references.
• ID_CRED_PSK SHOULD uniquely identify the corresponding PSK to avoid ambiguity. When ID_CRED_PSK contains a key identifier, care must be taken to ensure that 'kid' is unique for the PSK.
• When ID_CRED_PSK consists solely of a 'kid' parameter (i.e., { 4 : kid }), the compact encoding optimization defined in MUST be applied in plaintext fields (such as PLAINTEXT_3A). For example:
  • { 4 : h'0f' } encoded as h'0f' (CBOR byte string)
  • { 4 : 21 } encoded as 0x15 (CBOR integer)

These optimizations MUST NOT be applied in COSE header parameters or in other contexts where the full map structure is required.

• To mitigate misbinding attacks, identity information such as a 'sub' (subject) claim MUST be included in both CRED_I and CRED_R.

Message Flow of EDHOC-PSK The message flow of EDHOC-PSK follows the structure defined in , with authentication based on symmetric keys rather than public keys. For identity protection, credential-related message fields appear first in message_3. ID_CRED_PSK is encrypted using a key derived from a shared secret obtained through the first two messages. If Diffie-Hellman key exchange is used, G_X and G_Y are the ephemeral public keys, and the shared secret G_XY is the DH shared secret, as in . If the Diffie-Hellman procedure is replaced by a KEM, then G_X and G_Y are encapsulation key and ciphertext, respectively, and the shared secret G_XY is derived by the KEM, see . The Responder authenticates the Initiator first. illustrates the message flow of the EDHOC-PSK authentication method.

Overview of Message Flow of EDHOC-PSK. | | message_1 | | | | G_Y, Enc( C_R, EAD_2 ) | |<------------------------------------------------------------------+ | message_2 | | | | Enc( ID_CRED_PSK, AEAD( EAD_3 ) ) | +------------------------------------------------------------------>| | message_3 | | | | AEAD( EAD_4 ) | |<------------------------------------------------------------------+ | message_4 | ]]>

This approach provides identity protection against passive attackers for both Initiator and Responder. EDHOC message_4 remains OPTIONAL, but is needed to authenticate the Responder and achieve mutual authentication in EDHOC when external applications (e.g., OSCORE) are not relied upon. In either case, the inclusion of a fourth message provides mutual authentication and explicit key confirmation (see ).

Key Derivation The pseudorandom keys (PRKs) used in the EDHOC-PSK authentication method are derived with EDHOC_Extract, as in . where salt and input keying material (IKM) are defined for each key. The definition of EDHOC_Extract depends on the EDHOC hash algorithm selected in the cipher suite, see . To maintain a uniform key schedule across all EDHOC authentication methods, the same pseudorandom key notation (PRK_2e, PRK_3e2m, and PRK_4e3m) is retained. The index notation is preserved for consistency with other EDHOC authentication variants, even though it does not fully reflect the functional role of the keys in this method; for example, no MACs are used in EDHOC-PSK. PRK_2e is extracted as in with

• salt = TH_2, and
• IKM = G_XY,

where the transcript hash TH_2 = H( G_Y, H(message_1) ) is defined in . SALT_4e3m is derived from PRK_3e2m and TH_3, as shown in Figure 6 of . The other PRKs and transcript hashes are modified as specified below. lists the key derivations that differ from .

Key Derivation of EDHOC-PSK.

where:

• KEYSTREAM_2A is used to encrypt PLAINTEXT_2A in message_2.
  • plaintext_length_2a is the length of PLAINTEXT_2A in message_2.
• KEYSTREAM_3A is used to encrypt PLAINTEXT_3A (the concatenation of ID_CRED_PSK and CIPHERTEXT_3B) in message_3.
  • plaintext_length_3a is the length of PLAINTEXT_3A in message_3.
• TH_3 = H( TH_2, PLAINTEXT_2A ).

The definition of the transcript hash TH_4 is modified as follows:

• TH_4 = H( TH_3, ID_CRED_PSK, PLAINTEXT_3B, CRED_I, CRED_R )

Message Formatting and Processing This section specifies the differences in message formatting and processing compared to . Note that if any processing step fails, then the Responder MUST send an EDHOC error message back as defined in , and the EDHOC session MUST be aborted.

Message 1 Message 1 is formatted and processed as specified in .

Message 2

Formatting of Message 2 Message 2 is formatted as specified in .

Responder Composition of Message 2 CIPHERTEXT_2A is calculated with a binary additive stream cipher, using a keystream generated with EDHOC_Expand, and the following plaintext:

• PLAINTEXT_2A = ( C_R, ? EAD_2 )
• CIPHERTEXT_2A = PLAINTEXT_2A XOR KEYSTREAM_2A

C_R, EAD_2 are defined in . In contrast to , ID_CRED_R, MAC_2, and Signature_or_MAC_2 are not included in message_2. This omission is the primary difference from the signature and MAC-based authentication methods defined in , as authentication in EDHOC-PSK relies solely on the shared PSK and the successful decryption of protected messages. KEYSTREAM_2A is defined in .

Initiator Processing of Message 2 Upon receiving message_2, the Initiator processes it as follows:

• Compute KEYSTREAM_2A as defined in .
• Decrypt CIPHERTEXT_2A using binary XOR, i.e., PLAINTEXT_2A = CIPHERTEXT_2A XOR KEYSTREAM_2A

In contrast to , ID_CRED_R is not made available to the application in step 4, and steps 5 and 6 are skipped.

Message 3

Formatting of Message 3 Message 3 is formatted as specified in .

Initiator Composition of Message 3

• CIPHERTEXT_3A is computed using a binary additive stream cipher with a keystream generated by EDHOC_Expand, applied to the following plaintext:
  • PLAINTEXT_3A = ( ID_CRED_PSK / bstr / -24..23, CIPHERTEXT_3B )
    • If ID_CRED_PSK contains a single 'kid' parameter, i.e., ID_CRED_PSK = { 4 : kid_PSK }, then the compact encoding is applied, see .
    • For the case of plaintext_length exceeding the EDHOC_KDF output size, see .
  • Compute KEYSTREAM_3A as in .
  • CIPHERTEXT_3A = PLAINTEXT_3A XOR KEYSTREAM_3A
• CIPHERTEXT_3B is the 'ciphertext' of COSE_Encrypt0 object as defined in Section and Section of , with the EDHOC AEAD algorithm of the selected cipher suite, using the encryption key K_3, the initialization vector IV_3 (if used by the AEAD algorithm), the parameters described in , plaintext PLAINTEXT_3B and the following parameters as input:
  • protected = h''
  • external_aad = << ID_CRED_PSK, TH_3, CRED_I, CRED_R >>
  • K_3 and IV_3 as defined in
  • PLAINTEXT_3B = ( ? EAD_3 )

The Initiator computes TH_4 as defined in . There is no need for MAC_3 or signature, since AEAD's built-in integrity and the use of PSK-based key derivation provides implicit authentication of the Initiator.

Responder Processing of Message 3 Upon receiving message_3, the Responder proceeds as follows:

• Derive K_3 and IV_3 as defined in .
• Parse the structure of message_3, which consists of a stream-cipher encrypted structure, CIPHERTEXT_3A = PLAINTEXT_3A XOR KEYSTREAM_3A, where PLAINTEXT_3A = ( ID_CRED_PSK, CIPHERTEXT_3B ) and CIPHERTEXT_3B is the inner AEAD-encrypted object.
• Generate KEYSTREAM_3A with the same method the Initiator used.
• Decrypt CIPHERTEXT_3A using binary XOR with KEYSTREAM_3A to recover PLAINTEXT_3A.
• Use ID_CRED_PSK to identify the authentication credentials and retrieve PSK.
• AEAD-decrypt CIPHERTEXT_3B using:
  • K_3, IV_3
  • external_aad = << ID_CRED_PSK, TH_3, CRED_I, CRED_R >>
  • protected = h''
  • AEAD algorithm from cipher suite

If AEAD verification fails, this indicates a processing problem or that the message was tampered with. If it succeeds, the Responder concludes that the Initiator possesses the PSK, correctly derived TH_3, and is actively participating in the protocol. Finally, the Responder computes TH_4 as defined in . No MAC_3 or signature is needed, as the AEAD tag guarantees both integrity and authenticity in this symmetric setting.

Message 4 Message 4 is formatted and processed as specified in . After successfully verifying message_4, or another fourth message from the Responder protected with an exported application key such as an OSCORE message, the Initiator is assured that the Responder has derived PRK_out (key confirmation) and that no other party can derive this key. The Initiator MUST NOT persistently store PRK_out or application keys until it has successfully verified such a fourth message and the application has authenticated the Responder. Compared to , the fourth message not only provides key confirmation but also authenticates the Responder. For mutual authentication a fourth message is therefore mandatory.

PSK usage for Session Resumption This section specifies how EDHOC-PSK is used for session resumption in EDHOC. The EDHOC_Exporter, as defined in , is used to derive the resumption parameters rPSK and rKID:

Resumption Parameters.

where:

• resumption_psk_length defaults to the key_length, i.e., the length of the encryption key of the EDHOC AEAD algorithm in the selected cipher suite of the session where the EDHOC_Exporter is invoked.
• id_cred_psk_length defaults to 2 bytes.

A peer that has successfully completed an EDHOC session, regardless of the authentication method used or whether the session was a PSK resumption, MUST generate a resumption key for the next resumption within the current "session series", provided that PSK resumption is supported. To ensure both peers share the same resumption key, when a resumption session is run using rPSK_i as the resumption key:

• The Responder MAY delete the previous resumption key rPSK_(i-1), if present, after successfully verifying message_3. At that point the Responder can be certain that the Initiator has access to the current resumption key rPSK_i.
• The Initiator MAY delete rPSK_i after successfully verifying the fourth message. At that point, the Initiator can be certain that the Responder already has derived the next resumption key, rPSK_(i+1).
• The Responder MAY delete rPSK_i after successfully verifying a fifth message from the Initiator protected with an exported application key such as an OSCORE message, if present. At that point, the Initiator can be certain that the Responder already has derived the next resumption key, rPSK_(i+1).

Cipher Suite Requirements for Resumption When using a resumption PSK derived from a previous EDHOC exchange:

1. The resumption PSK MUST only be used with the same cipher suite from which it was derived, or with a cipher suite that provides stronger security guarantees.
2. Implementations MUST maintain a mapping between each resumption PSK and its originating cipher suite to enforce this requirement.
3. If a resumption PSK is offered with a cipher suite that provides weaker security, the Responder MUST reject the ongoing EDHOC session.

Privacy Considerations for Resumption When using resumption PSKs:

• ID_CRED_PSK is not exposed to passive attackers, and under normal operation it is not reused. Reuse of the same ID_CRED_PSK can occur due to transmission errors or when a peer loses its stored resumption key. An active attacker can obtain the value of ID_CRED_PSK and force its reuse. This aligns with the security goals of EDHOC-PSK, which are to provide identity protection against passive attackers, but not against active attackers.

Security Considerations for Resumption

• Resumption PSKs MUST NOT be used for purposes other than EDHOC session resumption.
• Resumption PSKs MUST be securely stored with the same level of protection as the session keys.
• Parties SHOULD prevent excessive reuse of the same resumption PSK.

EDHOC-PSK and Extensible Authentication Protocol (EAP) EDHOC with PSK authentication has several important use cases within the Extensible Authentication Protocol (EAP). One use case is the resumption of a session established with the EAP method EAP-EDHOC , regardless of the EDHOC-based authentication method originally used in that session. This is similar to the resumption mechanism in EAP-TLS 1.3 . Resumption reduces the number of round trips and allows the EAP-EDHOC server to avoid database lookups that might be required during an initial handshake. If the server accepts resumption, the resumed session is considered authenticated and securely bound to the prior authentication or resumption. The use of resumption with EAP-EDHOC is optional for the peer, but it is RECOMMENDED whenever a valid rPSK is available. On the server side, resumption acceptance is also optional, but it is RECOMMENDED if the rPSK remains valid. The server may, however, require a new initial handshake by refusing resumption. It is further RECOMMENDED to use Network Access Identifiers (NAIs) with the same realm in the identity response during both the full handshake and resumption. For example, the NAI @realm can safely be reused since it does not expose information that links a user’s resumption attempt with the original full handshake. EAP-EDHOC-PSK also provides a significant improvement over EAP-PSK , which lacks support for identity protection, cryptographic agility, and ephemeral key exchange, now considered essential for meeting current security requirements. Without perfect forward secrecy, compromise of the PSK enables a passive attacker to decrypt both past and future sessions. Note that PSK authentication is not allowed in EAP-TLS .

EDHOC-PSK and OSCORE Before sending message_3 the Initiator can derive PRK_out and create an OSCORE-protected request. The request payload MAY convey both an EDHOC message_3 and OSCORE-protected data combined together, as described in .

Security Considerations The EDHOC-PSK authentication method introduces deviations from the initial specification of EDHOC . This section analyzes the security implications of these changes and discusses the security properties of EDHOC authenticated with PSK.

Identity Protection In EDHOC-PSK, the ID_CRED_PSK in message_3 is encrypted with a keystream derived from the ephemeral shared secret G_XY. As a result, EDHOC-PSK protects both the Initiator and the Responder identities against passive attackers. This contrasts with the asymmetric authentication methods in , which protect the Initiator’s identity against active attackers and the Responder’s identity against passive ones. However, EDHOC-PSK does not satisfy the stronger identity protection notion defined by Cottier and Pointcheval , which requires security against an active Man-in-the-Middle (MitM) attacker. Under this stronger notion, an active attacker must not only be prevented from learning the identity but also from forcing a specific identity to be used in a way that allows them to later distinguish between the legitimate owner of a secret (the PSK) and any other user. Because message_3 is sent before the key material used for the keystream is cryptographically bound to the authenticated identities, the MitM retains full control over the communication channel and can conduct a distinguisher attack. Specifically, the attacker can intercept message_3 and perform a chosen-plaintext attack by manipulating the ciphertext. By observing the protocol's subsequent behavior, such as the Responder's failure to retrieve a valid PSK and aborting the session, the attacker can link the Initiator's identity to the specific (coerced) ID_CRED_PSK value, thereby breaking the strong guarantee of anonymity that would otherwise be expected under an active threat model.

Mutual Authentication EDHOC-PSK provides mutual authentication and explicit key confirmation through an additional message that demonstrates possession of the PSK. This may be message_4 or an application message (e.g., an OSCORE message) protected with a key derived from EDHOC. To mitigate reflection or Selfie attacks, the identities in CRED_I and CRED_R MUST be distinct. EDHOC-PSK does not provide Key Compromise Impersonation (KCI) protection. Compromise of the long-term PSK enables an attacker to impersonate either the Initiator or the Responder to the other party. While compromise of the ephemeral Diffie-Hellman secret only affects the specific session in which it is used, compromise of the PSK allows full active impersonation in all future sessions that rely on the compromised key.

Protection of External Authorization Data (EAD) As in , EDHOC-PSK ensures the confidentiality and integrity of External Authorization Data (EAD). The security guarantees for EAD fields remain unchanged from the original EDHOC specification.

Cryptographic strength EDHOC-PSK provides a minimum of 64-bit security against online brute force attacks and, provided the PSK has sufficient entropy, a minimum of 128-bit security against offline brute force attacks. If the PSK entropy is lower, the effective offline security is limited by the entropy of the PSK. To break 64-bit security against online brute force, an attacker would on average have to send 4.3 billion messages per second for 68 years, which is infeasible in constrained IoT radio technologies. A successful forgery of the AEAD authentication tag in EDHOC-PSK breaks the security of all future application data derived from the session, while a forgery in the subsequent application protocol (e.g., OSCORE ) typically only breaks the security of the forged packet.

Downgrade Protection Following , EDHOC-PSK must support cryptographic agility, including modularity and negotiation of preferred cryptographic primitives. In message 1, the Initiator sends an ordered list of supported cipher suites (SUITES_I). The Responder verifies that the suite selected by the Initiator is the most preferred option in SUITES_I that is mutually supported. If this condition is not met, the Responder MUST abort the session.

Post Quantum Considerations Advances in quantum computing suggest that a Cryptographically Relevant Quantum Computer (CRQC) may eventually be realized. Such a machine would render many asymmetric algorithms, including Elliptic Curve Diffie-Hellman (ECDH), insecure. EDHOC-PSK derives authentication and session keys primarily from a symmetric PSK, which provides quantum resistance even when combined with ECDHE. However, if a CRQC is realized, the ECDHE contribution degenerates to providing only randomness. In that case, EDHOC-PSK with ECDHE offers neither identity protection nor Perfect Forward Secrecy (PFS) against quantum adversaries. Moreover, if the PSK is compromised, a passive quantum attacker could decrypt both past and future sessions. By contrast, combining EDHOC-PSK with a quantum-resistant Key Encapsulation Mechanism (KEM), such as ML-KEM, ensures both identity protection and PFS even against quantum-capable attackers. Future EDHOC cipher suites incorporating ML-KEM are expected to be registered; see .

Confidentiality The primary security goal of EDHOC-PSK is to establish a shared secret known only to the authenticated Initiator and Responder. The protocol ensures key indistinguishability by relying on the security of the PSK and the ephemeral key shares, making it computationally infeasible for an adversary to distinguish the true session secret from a random value.

Independence of Session Keys NIST requires that an ephemeral private key be used in only one key-establishment transaction (, Section 5.6.3.3). This requirement preserves session key independence and forward secrecy, and EDHOC-PSK complies with it. By deriving the final shared secret from a fresh, session-specific ephemeral secret (G_XY), the protocol ensures that even if the PSK is compromised, an attacker is unable to decrypt the past sessions. Similarly, if a session secret were to be compromised, future session secrets remain protected by fresh ephemeral keys. In other protocols, reuse of ephemeral keys, especially when combined with missing public key validation, has led to severe vulnerabilities, enabling attackers to recover “ephemeral” private keys and compromise both past and future sessions between two legitimate parties. Assuming breach and minimizing the impact of compromise are fundamental principles of zero-trust security.

Unified Approach and Recommendations For use cases where application data is transmitted, it can be sent together with message_3, maintaining efficiency. In applications such as EAP-EDHOC , where no application data is exchanged between Initiator and Responder, message_4 is mandatory. In such cases, EDHOC-PSK does not increase the total number of messages. Other implementations may replace message_4 with an OSCORE-protected message. In this case, the following requirement applies: The Initiator SHALL NOT persistently store PRK_out or derived application keys until successfully verifying message_4 or a message protected with an exported application key (e.g., an OSCORE message). This ensures that key material is stored only after its authenticity is confirmed, thereby strengthening privacy by preventing premature storage of potentially compromised keys. Finally, the order of authentication (i.e., whether the Initiator or the Responder authenticates first) is not relevant in EDHOC-PSK. While this ordering affects privacy properties in the asymmetric methods of , it has no significant impact in EDHOC-PSK.

IANA Considerations This document requires the following IANA actions.

EDHOC Method Type Registry IANA is requested to register the following entry in the "EDHOC Method Type" registry under the group name "Ephemeral Diffie-Hellman Over COSE (EDHOC)". Addition to the EDHOC Method Type Registry.

Value	Initiator Authentication Key	Responder Authentication Key
TBD4	PSK	PSK

NOTE: Suggested value: TBD4 = 4. RFC Editor: Remove this note.

EDHOC Exporter Label Registry IANA is requested to register the following entry in the "EDHOC Exporter Label" registry under the group name "Ephemeral Diffie-Hellman Over COSE (EDHOC)". Additions to the EDHOC Exporter Label Registry.

Label	Description	Change Controller	Reference
TBD2	Resumption PSK	IETF	Section 7
TBD3	Resumption kid	IETF	Section 7

NOTE: Suggested values: TBD2 = 2, TBD3 = 3. RFC Editor: Remove this note.

References Normative References CBOR Web Token (CWT) is a compact means of representing claims to be transferred between two parties. The claims in a CWT are encoded in the Concise Binary Object Representation (CBOR), and CBOR Object Signing and Encryption (COSE) is used for added application-layer security protection. A claim is a piece of information asserted about a subject and is represented as a name/value pair consisting of a claim name and a claim value. CWT is derived from JSON Web Token (JWT) but uses CBOR rather than JSON. This document proposes a notational convention to express Concise Binary Object Representation (CBOR) data structures (RFC 7049). Its main goal is to provide an easy and unambiguous way to express structures for protocol messages and data formats that use CBOR or JSON. This document describes the Concise Binary Object Representation (CBOR) Sequence format and associated media type "application/cbor-seq". A CBOR Sequence consists of any number of encoded CBOR data items, simply concatenated in sequence. Structured syntax suffixes for media types allow other media types to build on them and make it explicit that they are built on an existing media type as their foundation. This specification defines and registers "+cbor-seq" as a structured syntax suffix for CBOR Sequences. The Concise Binary Object Representation (CBOR) is a data format whose design goals include the possibility of extremely small code size, fairly small message size, and extensibility without the need for version negotiation. These design goals make it different from earlier binary serializations such as ASN.1 and MessagePack. This document obsoletes RFC 7049, providing editorial improvements, new details, and errata fixes while keeping full compatibility with the interchange format of RFC 7049. It does not create a new version of the format. Concise Binary Object Representation (CBOR) is a data format designed for small code size and small message size. There is a need to be able to define basic security services for this data format. This document defines the CBOR Object Signing and Encryption (COSE) protocol. This specification describes how to create and process signatures, message authentication codes, and encryption using CBOR for serialization. This specification additionally describes how to represent cryptographic keys using CBOR. This document, along with RFC 9053, obsoletes RFC 8152. Concise Binary Object Representation (CBOR) is a data format designed for small code size and small message size. There is a need to be able to define basic security services for this data format. This document defines a set of algorithms that can be used with the CBOR Object Signing and Encryption (COSE) protocol (RFC 9052). This document, along with RFC 9052, obsoletes RFC 8152. This document specifies Ephemeral Diffie-Hellman Over COSE (EDHOC), a very compact and lightweight authenticated Diffie-Hellman key exchange with ephemeral keys. EDHOC provides mutual authentication, forward secrecy, and identity protection. EDHOC is intended for usage in constrained scenarios, and a main use case is to establish an Object Security for Constrained RESTful Environments (OSCORE) security context. By reusing CBOR Object Signing and Encryption (COSE) for cryptography, Concise Binary Object Representation (CBOR) for encoding, and Constrained Application Protocol (CoAP) for transport, the additional code size can be kept very low. The lightweight authenticated key exchange protocol Ephemeral Diffie-Hellman Over COSE (EDHOC) can be run over the Constrained Application Protocol (CoAP) and used by two peers to establish a Security Context for the security protocol Object Security for Constrained RESTful Environments (OSCORE). This document details this use of the EDHOC protocol by specifying a number of additional and optional mechanisms, including an optimization approach for combining the execution of EDHOC with the first OSCORE transaction. This combination reduces the number of round trips required to set up an OSCORE Security Context and to complete an OSCORE transaction using that Security Context. This document defines Object Security for Constrained RESTful Environments (OSCORE), a method for application-layer protection of the Constrained Application Protocol (CoAP), using CBOR Object Signing and Encryption (COSE). OSCORE provides end-to-end protection between endpoints communicating using CoAP or CoAP-mappable HTTP. OSCORE is designed for constrained nodes and networks supporting a range of proxy operations, including translation between different transport protocols. Although an optional functionality of CoAP, OSCORE alters CoAP options processing and IANA registration. Therefore, this document updates RFC 7252. University of Oviedo University of Murcia Ericsson Ericsson University of Murcia The Extensible Authentication Protocol (EAP), defined in RFC 3748, provides a standard mechanism for support of multiple authentication methods. This document specifies the EAP authentication method EAP- EDHOC, based on Ephemeral Diffie-Hellman Over COSE (EDHOC). EDHOC is a lightweight security handshake protocol, enabling authentication and establishment of shared secret keys suitable in constrained settings. This document also provides guidance on authentication and authorization for EAP-EDHOC. Ericsson Ericsson The Lightweight Authenticated Key Exchange (LAKE) protocol, Ephemeral Diffie-Hellman over COSE (EDHOC), achieves post-quantum security by adding new cipher suites with quantum-resistant algorithms, such as ML-KEM for key exchange and ML-DSA for digital signatures. This document specifies how EDHOC operates in a post-quantum setting using both signature-based and PSK-based authentication methods, and defines corresponding cipher suites. In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings. Informative References This document specifies EAP-PSK, an Extensible Authentication Protocol (EAP) method for mutual authentication and session key derivation using a Pre-Shared Key (PSK). EAP-PSK provides a protected communication channel when mutual authentication is successful for both parties to communicate over. This document describes the use of this channel only for protected exchange of result indications, but future EAP-PSK extensions may use the channel for other purposes. EAP-PSK is designed for authentication over insecure networks such as IEEE 802.11. This memo defines an Experimental Protocol for the Internet community. The Extensible Authentication Protocol (EAP), defined in RFC 3748, provides a standard mechanism for support of multiple authentication methods. This document specifies the use of EAP-TLS with TLS 1.3 while remaining backwards compatible with existing implementations of EAP-TLS. TLS 1.3 provides significantly improved security and privacy, and reduced latency when compared to earlier versions of TLS. EAP-TLS with TLS 1.3 (EAP-TLS 1.3) further improves security and privacy by always providing forward secrecy, never disclosing the peer identity, and by mandating use of revocation checking when compared to EAP-TLS with earlier versions of TLS. This document also provides guidance on authentication, authorization, and resumption for EAP-TLS in general (regardless of the underlying TLS version used). This document updates RFC 5216.

CDDL Definitions This section compiles the CDDL definitions for convenience, incorporating errata filed against .

Test Vectors

message_1 Both endpoints are authenticated with Pre-Shared Keys (METHOD = 4) NOTE: Assuming TBD4 = 4, to be confirmed by IANA. RFC Editor: Remove this note. The initiator selects cipher suite 02. A single cipher suite is encoded as an int: The Initiator creates an ephemeral key pair for use with the EDHOC key exchange algorithm: The Initiator selects its connection identifier C_I to be the byte string 0xA, which is encoded as 0xA since it is represented by the 1-byte CBOR int 10: No external authorization data The Initiator constructs message_1:

message_2 The Responder supports the most preferred and selected cipher suite 02, so SUITES_I is acceptable. The Responder creates an ephemeral key pair for use with the EDHOC key exchange algorithm: The Responder selects its connection identifier C_R to be the byte string 0x05, which is encoded as 0x05 since it is represented by the 1-byte CBOR int 05: The transcript hash TH_2 is calculated using the EDHOC hash algorithm: TH_2 = H( G_Y, H(message_1) ), where H(message_1) is: PRK_2e is specified in . To compute it, the Elliptic Curve Diffie-Hellman (ECDH) shared secret G_XY is needed. It is computed from G_X and Y or G_Y and X: Then, PRK_2e is calculated as defined in Since the Responder authenticates using PSK, PRK_3e2m = PRK_2e. No external authorization data: The Responder constructs PLAINTEXT_2A: The Responder computes KEYSTREAM_2 as defined in The Responder calculates CIPHERTEXT_2B as XOR between PLAINTEXT_2A and KEYSTREAM_2: The Responder constructs message_2 as defined in :

message_3 The Initiator computes PRK_4e3m, as described in Section 4, using SALT_4e3m and PSK: The transcript hash TH_3 is calculated using the EDHOC hash algorithm: TH_3 = H( TH_2, PLAINTEXT_2A ) No external authorization data: The Initiator constructs firstly PLAINTEXT_3B as defined in Section 5.3.1.: It then computes CIPHERTEXT_3B as defined in Section 5.3.2. It uses ID_CRED_PSK, CRED_I, CRED_R and TH_3 as external_aad: The Initiator computes K_3 and IV_3 It then computes CIPHERTEXT_3B: The Initiator computes KEYSTREAM_3A as defined in Section 4: It then calculates PLAINTEXT_3A as stated in Section 5.3.2.: It then uses KEYSTREAM_3A to derive CIPHERTEXT_3A: The Initiator computes message_3 as defined in Section 5.3.2.: The transcript hash TH_4 is calculated using the EDHOC hash algorithm: TH_4 = H( TH_3, ID_CRED_PSK, ? EAD_3, CRED_I, CRED_R )

message_4 No external authorization data: The Responder constructs PLAINTEXT_4: The Responder computes K_4 and IV_4: The Responder computes message_4:

PRK_out and PRK_exporter After the exchange, the following PRK_out and PRK_exporter are derived by both entities:

rPSK and rKID Both peers generate a resumption key for use in the next resumption attempt, as explained in :

Change Log RFC Editor: Please remove this appendix.

• From -04 to -05
  • Fixed misbinding attacks and resumption
  • Updated privacy considerations
  • Added EDHOC-PSK and EAP section
  • Editorial changes
  • Fixed test vectors
• From -03 to -04
  • Test Vectors
  • Editorial changes
• From -02 to -03
  • Updated abstract and Introduction
  • Changed message_3 to hide the identity length from passive attackers
  • CDDL Definitions
  • Security considerations of independence of Session Keys
  • Editorial changes
• From -01 to -02
  • Changes to message_3 formatting and processing
• From -00 to -01
  • Editorial changes and corrections

Acknowledgments The authors want to thank , , , and for reviewing and commenting on intermediate versions of the draft. This work has been partly funded by PID2023-148104OB-C43 funded by MICIU/AEI/10.13039/501100011033 (ONOFRE4), FEDER/UE EU HE CASTOR under Grant Agreement No 101167904 and EU CERTIFY under Grant Agreement No 101069471. This work was supported partially by Vinnova - the Swedish Agency for Innovation Systems - through the EUREKA CELTIC-NEXT project CYPRESS. This work has been partially supported by the French National Research Agency under the France 2030 label (NF-HiSec ANR-22-PEFT-0009)