Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Post Quantum Is All The Rage These Days #407

Open
dtklein opened this issue Jan 11, 2023 · 6 comments
Open

Post Quantum Is All The Rage These Days #407

dtklein opened this issue Jan 11, 2023 · 6 comments

Comments

@dtklein
Copy link

dtklein commented Jan 11, 2023

There is a lot of talk about Post-Quantum / Quantum-Resistant Cryptography, and leadership at a company I am talking with has asked about a proof-of-concept for a PKI that uses Post Quantum algorithms. Personnel there have experience with XCA for offline roots and offline bridge CAs.

Would it be feasible to build a version of XCA that offers Falcon/CRYSTALS-Dilithium for signatures, possibly even being able to build on the work done by "Open Quantum Safe" (https://github.com/open-quantum-safe), either in a hybrid-mode with ECDSA/EdDSA (two signatures, one ECC, one PQ) or in a "pure" Post Quantum way?

Looking forward to helping this company understand and demonstrate what a PQ PKI might look like.

@Strider3000
Copy link

They are also being broken still. I wouldn't necessary recommend spending much time putting them into xCA (at least yet).

@sierja
Copy link

sierja commented Mar 17, 2024

Starting to see a push towards PQC for practical use and I have started to see Kyber and Dilithium support in commercial HSMs. Some examples:

  1. https://datatracker.ietf.org/doc/html/draft-ietf-tls-hybrid-design
  2. https://www.thalestct.com/luna-t-series-hardware-security-module-7-13-0-release-announcement/
  3. https://www.ibm.com/docs/en/zos/3.1.0?topic=cryptography-crystals-kyber-algorithm
  4. https://security.apple.com/blog/imessage-pq3/

Unfortunately, this would require use of OpenSSL 3 algorithm providers as far as I can tell.

@krich11
Copy link

krich11 commented Aug 21, 2024

ML-KEM (Kyber), ML-DSA (Dilithium), and SLH-DSA (Sphincs+) have now been approved by NIST. Given that OpenSSL 3 shows in the ChangeLog in 2023, can we hope that these PQC algorithms will be supported soon with a provider like OQS?

@dtklein
Copy link
Author

dtklein commented Aug 21, 2024

I know I should be following NIST more closely than I have. Are people implementing one of these constructions?

  • Merkel construction of both signatures over the whole pre-cert
  • PQ signature over the pre-cert, put that in an extension, then RSA/ECDSA/EdDSA signature over the pre-cert+PQ extension
  • RSA/ECDSA/EdDSA signature over the pre-cert, put that in an extension, then PQ signature over the pre-cert+classical extension
  • RSA/ECDSA/EdDSA signature over the pre-cert, then append PQ signature over the pre-cert
  • Two certificates
    1. Just PQ signature over the pre-cert
    2. Just RSA/ECDSA/EdDSA signature over the pre-cert

Any idea what the certificates will look like? PQ? Classical? Hybrid? If hybrid, are both signatures first-class-citizens?

Enquiring minds want to know.

@sierja
Copy link

sierja commented Aug 21, 2024

For reference:

Some relevant open implementations I'm aware of, but are either official references or not suitable for production

Now that the NIST standards are officially published, hopefully we'll see open, production-ready and audited implementations next year.

@ralienpp
Copy link

Certificate-related interop testing is performed in this community, mainly during IETF hackathons: https://github.com/IETF-Hackathon/pqc-certificates.

There are multiple implementations (e.g., pure-PQ, or hybrids).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

5 participants