search

veracrypt / VeraCrypt

Disk encryption with strong security based on TrueCrypt
https://www.veracrypt.fr
Other
6.89k stars 947 forks source link

Feature Request (Distant Future): Add Post Quantum Algorithms (to work alongside existing algorithms) #1406

Closed hc970 closed 2 months ago

hc970 commented 2 months ago

Desired behavior

Dear Mounir,

I hope you are doing well. Sorry for adding another feature request. In the distant future, would you also consider adding the newly ratified post quantum encryption algorithm FIPS-203 to work alongside AES?

Also would FIPS-205 be suitable for use alongside SHA-512? Thanks as always for all that you do for VeraCrypt and the community.

Screenshots/Mockup/Designs

Additional information

https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.203.pdf

https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.205.pdf

Your Environment

Please tell us more about your environment

VeraCrypt version: VeraCrypt 1.26.7 Operating system and version: Windows 11 23H2

System type: 64 bit

Searinox commented 2 months ago

VeraCrypt isn't using any key exchange or digital signature algorithms, it is only using symmetric encryption block and stream ciphers and hashes. To be quantum safe these need to have certain sizes and in terms of symmetric encryption 256-bit is considered sufficient, which is the minimum all encryption in VeraCrypt uses. With hashes the vulnerability is with hash collision and the way it's used is outside the scope of VC and thus also irrelevant.

hc970 commented 2 months ago

VeraCrypt isn't using any key exchange or digital signature algorithms, it is only using symmetric encryption block and stream ciphers and hashes. To be quantum safe these need to have certain sizes and in terms of symmetric encryption 256-bit is considered sufficient, which is the minimum all encryption in VeraCrypt uses. With hashes the vulnerability is with hash collision and the way it's used is outside the scope of VC and thus also irrelevant.

Hi Searinox,

Thanks for your comment.

Yes, I’m aware of the fact that AES-256 is more than sufficient to protect against a possible compromise by quantum computing.

However, it appears I’ve misinterpreted the purpose of FIPS 203. In some sources it is written that its use is for general encryption but you’re correct, its not symmetric encryption, its intended for use with TLS for encryption during transit.

You’re also correct about FIPS 205, again I was led to believe it’s the successor of SHA-2 for the purposes of hashing but its not. Its for digital signatures as you said.

I don’t agree with your statement that “the vulnerability is with hash collision and the way it's used is outside the scope of VC and thus also irrelevant” VC is using SHA for “as a pseudorandom "mixing" function, and by the header key derivation function (HMAC based on a hash function, as specified in PKCS #5 v2.0) as a pseudorandom function”

However, FIPS 203 and 205 are not what I thought they were. I’m closing this GitHub feature request. Thanks for your time.