Limonnitsa: making Limonnik-3 post-quantum

We propose Limonnitsa, a secure authenticated key exchange (AKE) scheme which brings together the standardized in 2017 by Rosstandart Limonnik-3 AKE scheme (a part of Standardization Recommendations R 1323565.1.004-2017 “Key agreement schemes based upon public-key methods” and the supersingular elliptic curves isogeny cryptographic framework alongside with standardized cryptographic primitives, which makes the protocol secure against even the efficient quantum computers. The protocol does not require a digital signature as a “standalone” primitive, allows the parties to use different sets of parameters. We describe the protocol, discuss Limonnitsa's basic cryptographic properties and preliminary choice of its basic parameters that conforms with another standardized cryptographic primitives. We show that the protocol is secure against known classes of attacks, including the problem of determining the parties' secret keys. We give security arguments in a modified Canetti–Krawczyk model based upon the assumption of the hardness of supersingular isogeny analogue of the Diffie–Hellman problem. Thus, we show that Limonnitsa is a versatile, secure cryptographic protocol that conforms the requirements expected from modern authenticated key exchange protocols.