Go PQ Experiment
Just an experiment repro to play around to archiv a post-quantum safe system.
Warning from the used modules: We recommend to take caution before using this library in a production application since part of its content is experimental.
In high security context the German Federal Office for Information Security recommend the use of hybrid systems.
Idea
Use the Hybrid Public Key Encryption (HPKE) with AES and X448 in the mode authentication using both a pre-shared key (PSK) and an Asymmetric Key (mode_auth_psk) where the PSK is derived from a isogeny based drop-in replacement for Diffie–Hellman (cSIDH).
Provided one uses sufficiently large key sizes, the symmetric key cryptographic systems like AES are already resistant to attack by a quantum computer, but X448 would be broken with a sufficiently powerful quantum computer running Shor's algorithm.
With the combination of the proven Advanced Encryption Standard (AES) and the relatively new kind of elliptic-curve cryptography a hybrid system is created which is safe until both specification are broken.
Relevant used cryptographic primitives and ciphers
- Symmetric key cryptography
- Authenticated Encryption with Associated Data (AEAD)
- AES-256-GCM
- Public-key cryptography
- elliptic-curve cryptography (ECC)
- commutative supersingular isogeny-based Diffie-Hellman key exchange algorithm (CSIDH)
- X448 with HKDF-SHA512
- One-way hash function
- SHA-2
- SHA-512
- Key Derivation Functions (KDFs)
- HKDF-SHA512
Use Cases
Drawback
Huge performance penalty when using hpke with csidh, 402.4 milliseconds vs 2.7 milliseconds overall duration with key generation.
goos: windows
goarch: amd64
pkg: github.com/dhcgn/gopqexperiment/cmd/simple_use_case_hpke
cpu: AMD Ryzen 7 PRO 4750U with Radeon Graphics
Benchmark_mainInternal-16 408 2708316 ns/op
Benchmark_GenerateKeyPair-16 5000 205432 ns/op
PASS
ok github.com/dhcgn/gopqexperiment/cmd/simple_use_case_hpke 2.584s
goos: windows
goarch: amd64
pkg: github.com/dhcgn/gopqexperiment/cmd/simple_use_case_hpke_csidh
cpu: AMD Ryzen 7 PRO 4750U with Radeon Graphics
Benchmark_mainInternal-16 3 402387067 ns/op
Benchmark_GenerateKeyPair-16 18 66902017 ns/op
PASS
ok github.com/dhcgn/gopqexperiment/cmd/simple_use_case_hpke_csidh 4.112s
TODO
- AEAD ciphertexts produced by HPKE do not hide the plaintext length to archiv a level of privacy a suitable padding mechanism must be used.
Questions
- Must result of
csidh.DeriveSecret
be hashed to avoid weak bytes?
- Can commutative supersingular isogeny-based Diffie-Hellman key exchange algorithm (CSIDH) be used with static keys?
- How to use Additional Authenticated Data, the info label and the identifier for the PSK?
Links