How would u add quantum-safe crypto? I havent seen anyone puttin a pub lib that anyone can import
tor-dev-request@lists.torproject.org skrev: (2 januari 2016 13:00:02 CET)
Send tor-dev mailing list submissions to tor-dev@lists.torproject.org
To subscribe or unsubscribe via the World Wide Web, visit https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev or, via email, send a message with subject or body 'help' to tor-dev-request@lists.torproject.org
You can reach the person managing the list at tor-dev-owner@lists.torproject.org
When replying, please edit your Subject line so it is more specific than "Re: Contents of tor-dev digest..."
Today's Topics:
- Re: Quantum-safe Hybrid handshake for Tor (Ryan Carboni)
- Re: Quantum-safe Hybrid handshake for Tor (Yawning Angel)
Message: 1 Date: Fri, 1 Jan 2016 19:33:31 -0800 From: Ryan Carboni ryacko@gmail.com To: tor-dev@lists.torproject.org Subject: Re: [tor-dev] Quantum-safe Hybrid handshake for Tor Message-ID: CAO7N=i2MspE1N5eOczCyT9RCPORgUJboSOY3vUMGKL5FSzAPnw@mail.gmail.com Content-Type: text/plain; charset="utf-8"
The first step should be replacing the long-term keys with quantum-safe crypto.
On 01/02/2016 01:49 PM, Flipchan wrote:
How would u add quantum-safe crypto? I havent seen anyone puttin a pub lib that anyone can import
Here's a webpage, a paper, and software from djb: http://sphincs.cr.yp.to/ This is of course one example, there are other works on post-quantum cryptography, and I'm sure most of the authors like to provide a reference implementation of their idea.
For next time, please bottom-post and be sure to replace the subject line to reflect the thread's name. You only have to replace the subject line if you receive posts in a digest form.
On 3 Jan 2016, at 11:11, Jesse V kernelcorn@riseup.net wrote:
On 01/02/2016 01:49 PM, Flipchan wrote:
How would u add quantum-safe crypto? I havent seen anyone puttin a pub lib that anyone can import
Here's a webpage, a paper, and software from djb: http://sphincs.cr.yp.to/ This is of course one example, there are other works on post-quantum cryptography, and I'm sure most of the authors like to provide a reference implementation of their idea.
And if we can't use the reference implementation, we have some decent programmers… (On the other hand, if there's no reference implementation, then that makes it hard to recommend that particular crypto scheme.)
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP 968F094B
teor at blah dot im OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
On 01/02/2016 05:42 PM, Tim Wilson-Brown - teor wrote:
And if we can't use the reference implementation, we have some decent programmers… (On the other hand, if there's no reference implementation, then that makes it hard to recommend that particular crypto scheme.)
That sounds pretty close to a "roll your own crypto" idea, which as I'm sure you know is almost always a poor idea. Classical algorithms like RSA and Diffie-Hellman are ~40 years old but they have many side-channels and are still hard to implement correctly. There are so many subtleties with ECDHE and ECDSA, with the notable exception of the safer *25519 cryptosystems from djb. Post-quantum cryptography is over my head, but considering the pattern and the newness of the field I wouldn't trust any implementation unless it was written or at least vetted by the authors of the respective post-quantum cryptosystem.
That being said, I'd like to thank Schanck, Whyte, and Zhang for their work, their paper, and their reference implementation.
On 3 Jan 2016, at 14:12, Jesse V kernelcorn@riseup.net wrote:
On 01/02/2016 05:42 PM, Tim Wilson-Brown - teor wrote:
And if we can't use the reference implementation, we have some decent programmers… (On the other hand, if there's no reference implementation, then that makes it hard to recommend that particular crypto scheme.)
That sounds pretty close to a "roll your own crypto" idea, which as I'm sure you know is almost always a poor idea. Classical algorithms like RSA and Diffie-Hellman are ~40 years old but they have many side-channels and are still hard to implement correctly. There are so many subtleties with ECDHE and ECDSA, with the notable exception of the safer *25519 cryptosystems from djb. Post-quantum cryptography is over my head, but considering the pattern and the newness of the field I wouldn't trust any implementation unless it was written or at least vetted by the authors of the respective post-quantum crypto system.
Point taken. It was a bit of a throwaway line, rather than a serious suggestion. tor currently uses external crypto implementations rather than writing our own.
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP 968F094B
teor at blah dot im OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
On Sat, Jan 2, 2016 at 7:11 PM, Jesse V kernelcorn@riseup.net wrote:
Here's a webpage, a paper, and software from djb: http://sphincs.cr.yp.to/ This is of course one example, there are other works on [typeof] cryptography, and I'm sure most of the authors like to provide a reference implementation of their idea.
Just another link.
Hi Flipchan,
There are reference implementation of quantum-safe cryptographic algorithms, such as NTRU encryption algorithm (in libntruencrypt): https://github.com/NTRUOpenSourceProject/NTRUEncrypt and BLISS signature algorithm, http://bliss.di.ens.fr/
Those are independent softwares. But for what I understand, common crypto libraries, such as crypto in openssl, libgcrypt, crypto++, do not have quantum-safe crypto, except wolfssl that supports NTRU. https://github.com/wolfSSL/wolfssl
We also have libgcrypt with NTRU supports, https://github.com/wwhyte-si/libgcrypt-ntru but it is not an official release.
Cheers, Zhenfei
On Sat, Jan 2, 2016 at 5:49 PM, Flipchan flipchan@riseup.net wrote:
How would u add quantum-safe crypto? I havent seen anyone puttin a pub lib that anyone can import
tor-dev-request@lists.torproject.org skrev: (2 januari 2016 13:00:02 CET)
Send tor-dev mailing list submissions to tor-dev@lists.torproject.org
To subscribe or unsubscribe via the World Wide Web, visit https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev or, via email, send a message with subject or body 'help' to tor-dev-request@lists.torproject.org
You can reach the person managing the list at tor-dev-owner@lists.torproject.org
When replying, please edit your Subject line so it is more specific than "Re: Contents of tor-dev digest..."
Today's Topics:
- Re: Quantum-safe Hybrid handshake for Tor (Ryan Carboni)
- Re: Quantum-safe Hybrid handshake for Tor (Yawning Angel)
Message: 1 Date: Fri, 1 Jan 2016 19:33:31 -0800 From: Ryan Carboni ryacko@gmail.com To: tor-dev@lists.torproject.org Subject: Re: [tor-dev] Quantum-safe Hybrid handshake for Tor Message-ID: CAO7N=i2MspE1N5eOczCyT9RCPORgUJboSOY3vUMGKL5FSzAPnw@mail.gmail.com Content-Type: text/plain; charset="utf-8"
The first step should be replacing the long-term keys with quantum-safe crypto.
-
Flipchan -
grarpamp -
Jesse V -
Tim Wilson-Brown - teor -
Zhenfei Zhang