nodejs>> gopqexperiment>> 返回
项目作者: dhcgn

项目描述 :
My Go PQ Experiment
高级语言: Go
项目地址: git://github.com/dhcgn/gopqexperiment.git
创建时间: 2021-04-16T17:11:45Z
项目社区:https://github.com/dhcgn/gopqexperiment
开源协议:MIT License
下载


Go PQ Experiment

Go
CodeQL
Go Report Card

Just an experiment repro to play around to archiv a post-quantum safe system.

Warning from the used modules: We recommend to take caution before using this library in a production application since part of its content is experimental.

In high security context the German Federal Office for Information Security recommend the use of hybrid systems.

Idea

Use the Hybrid Public Key Encryption (HPKE) with AES and X448 in the mode authentication using both a pre-shared key (PSK) and an Asymmetric Key (mode_auth_psk) where the PSK is derived from a isogeny based drop-in replacement for Diffie–Hellman (cSIDH).

Provided one uses sufficiently large key sizes, the symmetric key cryptographic systems like AES are already resistant to attack by a quantum computer, but X448 would be broken with a sufficiently powerful quantum computer running Shor’s algorithm.

With the combination of the proven Advanced Encryption Standard (AES) and the relatively new kind of elliptic-curve cryptography a hybrid system is created which is safe until both specification are broken.

Relevant used cryptographic primitives and ciphers

  1. Symmetric key cryptography
    1. Authenticated Encryption with Associated Data (AEAD)
      1. AES-256-GCM
  2. Public-key cryptography
    1. elliptic-curve cryptography (ECC)
      1. commutative supersingular isogeny-based Diffie-Hellman key exchange algorithm (CSIDH)
      2. X448 with HKDF-SHA512
  3. One-way hash function
    1. SHA-2
      1. SHA-512
  4. Key Derivation Functions (KDFs)
    1. HKDF-SHA512

Use Cases

Drawback

Huge performance penalty when using hpke with csidh, 402.4 milliseconds vs 2.7 milliseconds overall duration with key generation.

  1. goos: windows
  2. goarch: amd64
  3. pkg: github.com/dhcgn/gopqexperiment/cmd/simple_use_case_hpke
  4. cpu: AMD Ryzen 7 PRO 4750U with Radeon Graphics
  5. Benchmark_mainInternal-16                    408           2708316 ns/op
  6. Benchmark_GenerateKeyPair-16                5000            205432 ns/op
  7. PASS
  8. ok      github.com/dhcgn/gopqexperiment/cmd/simple_use_case_hpke       2.584s
  10. goos: windows
  11. goarch: amd64
  12. pkg: github.com/dhcgn/gopqexperiment/cmd/simple_use_case_hpke_csidh
  13. cpu: AMD Ryzen 7 PRO 4750U with Radeon Graphics
  14. Benchmark_mainInternal-16                      3         402387067 ns/op
  15. Benchmark_GenerateKeyPair-16                  18          66902017 ns/op
  16. PASS
  17. ok      github.com/dhcgn/gopqexperiment/cmd/simple_use_case_hpke_csidh 4.112s

TODO

  1. AEAD ciphertexts produced by HPKE do not hide the plaintext length to archiv a level of privacy a suitable padding mechanism must be used.

Questions

  1. Must result of csidh.DeriveSecret be hashed to avoid weak bytes?
  2. Can commutative supersingular isogeny-based Diffie-Hellman key exchange algorithm (CSIDH) be used with static keys?
  3. How to use Additional Authenticated Data, the info label and the identifier for the PSK?