search

Argyle-Software / kyber

A rust implementation of the Kyber post-quantum KEM
https://docs.rs/pqc_kyber/
Apache License 2.0
163 stars 37 forks source link

NSA suggestions #90

Closed oilel closed 11 months ago

oilel commented 1 year ago

https://media.defense.gov/2022/Sep/07/2003071836/-1/-1/0/CSI_CNSA_2.0_FAQ_.PDF Let's ses these 2 parts: First: NSA suggests using Leighton-Micali Signature (LMS) or Xtended Merkle Signature Scheme (XMSS) to sign firmware or software. You should implement them in pure Rust. Second:

Q: What is NSA’s position on the use of hybrid solutions?
A: NSA has confidence in CNSA 2.0 algorithms and will not require NSS developers to 
use hybrid certified products for security purposes. Product availability 
and interoperability requirements may lead to adopting hybrid solutions. NSA recognizes 
that some standards may require using hybrid-like constructions to accommodate the 
larger sizes of CRQC algorithms and will work with industry on the best options for 
implementation.

In my opinion, "product availability and interoperability" means compatibility for old browsers in WinXP and even Win10. So only when you're still using WinXP or even Win10, you use hybrid mode for your old browser. In my opinion, it's only for old browsers, Kyber is strong enough and works well without legacy cryptographies.

mberry commented 1 year ago

I would not suggest anything other than using hybrid schemes at this time.

The extra overhead is low, there's very few use cases which couldn't handle a traditional kex in addition to Kyber.

mberry commented 1 year ago

If no one else has anything to add to this issue I'll close it in a fortnight.

Suggested reading: