Protocol Summary

SIAP implements deterministic, one-time authentication keys derived from two factors: encrypted token state on removable media and a passphrase known only to the user. The server retains only minimal verification material, typically hashes and non-secret metadata, so theft of the server database does not yield reusable credentials. Each successful authentication advances a monotonic key index on both client and server, permanently invalidating prior keys and preventing token cloning and rollback.

The protocol is designed for deployments where online certificate validation is fragile or unavailable. Because SIAP does not rely on certificate authorities, OCSP, or renewal infrastructure, it supports secure access in disconnected networks, industrial environments, and field systems while preserving clear auditability through deterministic key lifecycles.

Motivation and Problem Definition

Traditional access systems depend on asymmetric cryptography and certificate lifecycles that introduce cost, fragility, and large operational attack surfaces. Validation services, revocation, issuance, renewal, and policy drift create failure modes that are difficult to reason about and expensive to govern. Under post-quantum planning horizons, these systems also inherit long-term risk from assumptions that will eventually require urgent migration.

SIAP addresses these issues by operating entirely in the symmetric and hash-based setting. Authentication becomes a deterministic computation, enforced by two-factor inputs and a strict one-time key schedule. This reduces dependency chains, eliminates certificate lifecycle management, and enables secure operation without network connectivity.

Architecture and Mechanism

SIAP organizes identity and authorization context into three linked hierarchies: server identity, user identity, and a composite key identity that binds server, user, token, and validity information into a single derivation context. A server generates a base secret, then deterministically derives a chain of indexed one-time keys. During token initialization, encrypted user key structures and metadata are written to the removable device, protected by a passphrase-derived stream created with a cost-based KDF.

At authentication time, the client unlocks the current token state using the passphrase-derived material, produces a one-time authentication token, and the server verifies it by regenerating the expected key state from its base secret and stored verification data. On success, both sides advance their indices, invalidating the previous leaf and making replay and rollback infeasible without synchronized state.

Cryptographic Design

SIAP relies on symmetric, hash-based primitives selected for conservative security margins and straightforward implementation. Key expansion and deterministic derivation are provided by SHAKE and cSHAKE family functions, authentication is performed with KMAC, token unlocking is strengthened by a memory and cost intensive KDF, and stored and transmitted data is protected with authenticated encryption.

• SHAKE-256 for key expansion and deterministic derivation of indexed key chains.
• KMAC-256 for message authentication and transcript binding.
• SCB-KDF for cost-based key derivation that raises the work factor of offline passphrase guessing.
• RCS-256 for authenticated encryption of stored token structures and protocol messages.

Security Model

SIAP’s threat model includes network attackers, token theft, server database exposure, and server compromise. The protocol’s key properties come from two-factor enforcement, one-time key destruction, and strict monotonic index handling. Captured traffic cannot be replayed because authentication requires the current synchronized index and a valid derived token. Stolen token state without the passphrase yields no usable secrets, and server-side records expose no recoverable key material when limited to hashes and non-secret metadata.

• Two-factor assurance: token possession and passphrase knowledge are both required to derive working keys.
• Forward secrecy: each leaf key is invalidated after use, so past sessions are not recoverable.
• Replay and rollback resistance: monotonic indices prevent reuse of old token states and cloned devices.
• Post-quantum durability: the protocol avoids discrete log and factorization assumptions by design.
• Offline operability: no CA, no OCSP, and no online validation services are required.

Implementation and Integration

SIAP is designed to run on constrained platforms and to integrate into both embedded and enterprise access workflows. It supports deployment patterns such as administrative logins, secure device activation, credentialed maintenance access, and controlled authorization flows where deterministic audit evidence and offline reliability are required. The server side footprint can be minimal, anchored by a base key and a compact user table, without introducing a certificate management subsystem.

Because the key schedule is deterministic and indexed, organizations can enforce controlled validity windows, rotation policies, and governance boundaries without relying on external validators. This makes SIAP suitable for environments that prioritize sovereign control over identity systems.

Use Cases and Applications

SIAP is suited to high-assurance access control where long-term stability and offline resilience matter:

• Payment and banking: offline digital wallets, terminal maintenance tokens, and secure POS administration.
• Industrial systems: SCADA and critical infrastructure consoles in segmented or air-gapped networks.
• Enterprise access: privileged system login without PKI dependency and without online validation infrastructure.
• Defense and aerospace: secure access in environments where revocation services and connectivity are unavailable.
• OEM and manufacturing: one-time activation and controlled firmware unlock workflows tied to deterministic indices.

Strategic and Economic Value

SIAP reduces lifecycle cost by eliminating certificate renewal, revocation services, and CA dependencies. Its small footprint and symmetric-only design make it practical for constrained systems, while its deterministic key destruction model improves audit clarity and limits compromise impact. For regulated operators, it provides an access mechanism that is easier to govern because authentication is enforced by cryptographic state, not by external validation services.

As part of the broader QRCS stack, SIAP complements transport and messaging protocols by providing a robust, certificate-free authentication layer that remains stable under post-quantum threat models and disconnected operational constraints.

Conclusion

The Secure Infrastructure Access Protocol provides a compact, two-factor, post-quantum authentication system built on one-time keys and deterministic key lifecycles. By combining removable token state, passphrase-derived unlocking, and irreversible key advancement, SIAP delivers forward secrecy, replay resistance, and offline operability without PKI.

SIAP is engineered for real deployments that require longevity, governance, and minimal dependency chains, making it a practical foundation for secure infrastructure access across embedded, industrial, enterprise, and sovereign environments.