post-quantum crytography

[El13B]

Is there an existing issue for this?

• [X] I have searched the existing issues

Feature request

I propose adding post-quantum cryptography (PQC) to the project as a security enhancement against potential quantum attacks in the future. PQC refers to encryption algorithms that are resistant to attacks from quantum computers, which have the potential to break traditional cryptographic algorithms, including the widely used public-key cryptography. By incorporating PQC into the project, we can ensure that the system remains secure even in the face of rapidly evolving quantum technologies and mitigate the risk of potential attacks, such as the "harvest now, decrypt later" vulnerability that quantum computers could exploit.

Context

This change is important as it addresses the potential security risks posed by quantum computers to the project and the sensitive data it may handle. With the advancement of quantum technologies, traditional cryptographic algorithms could become vulnerable, and it is crucial to proactively protect against future quantum attacks. By adding PQC to the project, we can enhance the security of the system and safeguard the confidentiality, integrity, and authenticity of the data. Moreover, this implementation can benefit other users of the project by providing them with a more secure and quantum-resistant solution, ensuring the longevity of the system's security.

Possible implementation

No response

[jefft0]

I'm not a cryptographer, but I do understand that each design decision in a cryptographic system is a response to a specific possible attack by an adversary to reveal the content of an encrypted message. What is the specific attack on the Wesh protocol that an adversary would do with a quantum computer?

[El13B]

Hi there,

You're absolutely right! In the context of cryptographic systems, design decisions are often made to counter specific attacks by adversaries. In the case of the Wesh protocol, the specific attack that a quantum computer could potentially exploit is known as a "quantum attack" or "quantum algorithm."

Quantum computers have the potential to break many traditional cryptographic algorithms that rely on the hardness of certain mathematical problems, such as factoring large numbers or solving the discrete logarithm problem. These problems are currently used as the foundation for many widely used cryptographic protocols, including the ones used in secure communication, such as encryption and digital signatures.

The threat posed by quantum computers to cryptographic systems is that they can use quantum algorithms, such as Shor's algorithm, to solve these mathematical problems exponentially faster than classical computers. This means that once a sufficiently powerful quantum computer becomes available, it could potentially break the security of traditional cryptographic systems, including the Wesh protocol, by decrypting encrypted messages or forging fake digital signatures.

Therefore, by adding post-quantum cryptography (PQC) to the Wesh protocol, we can ensure that the system remains secure even against potential quantum attacks. PQC refers to encryption algorithms that are resistant to attacks from quantum computers, providing a layer of protection against the future advancements of quantum technologies. This proactive step can help safeguard the confidentiality, integrity, and authenticity of the encrypted messages and protect against the potential threat posed by quantum computers.

Let me know if you have any further questions or concerns. Thank you for your attention to this important matter.

[jefft0]

We are aware of the research on quantum cryptography. Wesh depends on other packages which still use standard cryptography. Those other packages don't have plans to change their algorithms based on a possible future threat and we don't either. For the moment, we are just making our users aware of the issues. Can we close this issue for now?

[El13B]

I think leaving the issue open to signal a glaring security flaw you don't have any plans in fixing is for the best. If you'd rather sweep it under the rug then feel free to close the issue yourself.