search

saveoursecrets / sdk

High-level, cross-platform SDK for a local-first, distributed encrypted database that can be used to build password managers, cryptocurrency wallets or other applications that require storing secrets securely.
GNU Affero General Public License v3.0
0 stars 0 forks source link

Post quantum cryptography (PQC) ciphers #203

Open tmpfs opened 11 months ago

tmpfs commented 11 months ago

Interesting article from the Signal foundation:

https://signal.org/blog/pqxdh/

Particularly how they augment to combine both schemes.

Related interesting information: https://blog.chromium.org/2024/05/advancing-our-amazing-bet-on-asymmetric.html?m=1

tmpfs commented 10 months ago

@conduition I thought this might be an area of research that would interest you.

I found this:

https://docs.rs/krystals/latest/krystals/

But the lack of documentation doesn't fill me with confidence. Maybe we could discuss this with the RustCrypto team and contribute an implementation there?

tmpfs commented 9 months ago

Some interesting information on PQC attacks here:

https://www.quantamagazine.org/post-quantum-cryptography-scheme-is-cracked-on-a-laptop-20220824/

tmpfs commented 7 months ago

@conduition this Go implementation looks like a good candidate for a Rust port: https://words.filippo.io/dispatches/mlkem768/

I would be up for that later once we have nailed some of the more important features.

conduition commented 7 months ago

I tend to shy away from using crypto software I don't fully understand. and golly, i certainly need to delve into the literature on PQC and lattice-based crypto but I haven't yet gotten around to it. I tried a year or two ago to dive in, but I found little in the way of approachable resources at the time. Perhaps now that NIST is actually finalizing things, I might have better luck.

tmpfs commented 7 months ago

I tend to shy away from using crypto software I don't fully understand. and golly, i certainly need to delve into the literature on PQC and lattice-based crypto but I haven't yet gotten around to it. I tried a year or two ago to dive in, but I found little in the way of approachable resources at the time. Perhaps now that NIST is actually finalizing things, I might have better luck.

That's smart, I tend to learn by trying to figure things out as I go but clearly not a viable approach for complex cryptography. I did notice though that Fillipe mentioned it was particularly easy to implement as NIST had defined all the types.

Also I came across this kybers implementation in Rust which are bindings to this library. Whilst I prefer pure Rust implementations wherever possible often the C versions have seen more usage and peer review.