<div dir="ltr"><div><div>Hi Flipchan,<br><br></div>There are reference implementation of quantum-safe cryptographic algorithms, such <br></div><div>as NTRU encryption algorithm (in libntruencrypt):<br><a href="https://github.com/NTRUOpenSourceProject/NTRUEncrypt">https://github.com/NTRUOpenSourceProject/NTRUEncrypt</a><br></div><div>and BLISS signature algorithm,<br><a href="http://bliss.di.ens.fr/">http://bliss.di.ens.fr/</a><br><br></div><div>Those are independent softwares. But for what I understand, common crypto libraries,<br></div><div>such as crypto in openssl, libgcrypt, crypto++, do not have quantum-safe crypto, except <br>wolfssl that supports NTRU.<br><a href="https://github.com/wolfSSL/wolfssl">https://github.com/wolfSSL/wolfssl</a><br></div><div><br></div><div>We also have libgcrypt with NTRU supports, <br><a href="https://github.com/wwhyte-si/libgcrypt-ntru">https://github.com/wwhyte-si/libgcrypt-ntru</a><br>but it is not an official release.<br> <br></div><div>Cheers,<br></div><div>Zhenfei<br></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Sat, Jan 2, 2016 at 5:49 PM, Flipchan <span dir="ltr"><<a href="mailto:flipchan@riseup.net" target="_blank">flipchan@riseup.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div>How would u add quantum-safe<br>
crypto? I havent seen anyone puttin a pub lib that anyone can import<br><br><div class="gmail_quote"><a href="mailto:tor-dev-request@lists.torproject.org" target="_blank">tor-dev-request@lists.torproject.org</a> skrev: (2 januari 2016 13:00:02 CET)<blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<pre>Send tor-dev mailing list submissions to<br> <a href="mailto:tor-dev@lists.torproject.org" target="_blank">tor-dev@lists.torproject.org</a><br><br>To subscribe or unsubscribe via the World Wide Web, visit<br> <a href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev" target="_blank">https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev</a><br>or, via email, send a message with subject or body 'help' to<br> <a href="mailto:tor-dev-request@lists.torproject.org" target="_blank">tor-dev-request@lists.torproject.org</a><br><br>You can reach the person managing the list at<br> <a href="mailto:tor-dev-owner@lists.torproject.org" target="_blank">tor-dev-owner@lists.torproject.org</a><br><br>When replying, please edit your Subject line so it is more specific<br>than "Re: Contents of tor-dev digest..."<br><br><br>Today's Topics:<br><br> 1. Re: Quantum-safe Hybrid handshake for Tor (Ryan Carboni)<br> 2. Re: Quantum-safe Hybrid handshake for Tor (Yawning Angel)<br><br><br><hr><br><br>Message: 1<br>Date: Fri, 1 Jan 2016 19:33:31 -0800<br>From: Ryan Carboni <<a href="mailto:ryacko@gmail.com" target="_blank">ryacko@gmail.com</a>><br>To: <a href="mailto:tor-dev@lists.torproject.org" target="_blank">tor-dev@lists.torproject.org</a><br>Subject: Re: [tor-dev] Quantum-safe Hybrid handshake for Tor<br>Message-ID:<br> <CAO7N=<a href="mailto:i2MspE1N5eOczCyT9RCPORgUJboSOY3vUMGKL5FSzAPnw@mail.gmail.com" target="_blank">i2MspE1N5eOczCyT9RCPORgUJboSOY3vUMGKL5FSzAPnw@mail.gmail.com</a>><br>Content-Type: text/plain; charset="utf-8"<br><br>The first step should be replacing the long-term keys with quantum-safe<br>crypto.<br>-------------- next part --------------<br>An HTML attachment was scrubbed...<br>URL: <<a href="http://lists.torproject.org/pipermail/tor-dev/attachments/20160101/14b4bd21/attachment-0001.html" target="_blank">http://lists.torproject.org/pipermail/tor-dev/attachments/20160101/14b4bd21/attachment-0001.html</a>><br><br><hr><br><br>Message: 2<br>Date: Sat, 2 Jan 2016 04:19:28 +0000<br>From: Yawning Angel <<a href="mailto:yawning@schwanenlied.me" target="_blank">yawning@schwanenlied.me</a>><br>To: <a href="mailto:tor-dev@lists.torproject.org" target="_blank">tor-dev@lists.torproject.org</a><br>Subject: Re: [tor-dev] Quantum-safe Hybrid handshake for Tor<br>Message-ID: <<a href="mailto:20160102041928.15e0cbc3@schwanenlied.me" target="_blank">20160102041928.15e0cbc3@schwanenlied.me</a>><br>Content-Type: text/plain; charset="us-ascii"<br><br>On Fri, 1 Jan
2016 19:33:31 -0800<br>Ryan Carboni <<a href="mailto:ryacko@gmail.com" target="_blank">ryacko@gmail.com</a>> wrote:<br><br><blockquote class="gmail_quote" style="margin:0pt 0pt 1ex 0.8ex;border-left:1px solid #729fcf;padding-left:1ex"> The first step should be replacing the long-term keys with<br> quantum-safe crypto.<br></blockquote><br>Wrong.<br><br>There are NO usable PQ signature primitives that are suitable for<br>deployment. Adding 1408+ bytes to every single microdescriptor is<br>not a realistic proposition. Signing is also quite expensive unless you<br>have AVX2, and will decimate circuit build performance.<br><br>Protecting against Quantum Computer equipped active Man-In-The-Middle<br>attacks is the least important thing to do in terms of user safety.<br><br>By modifying the link handshake to incorporate a PQ key exchange<br>algorithm with ephemeral keys as in the proposal, user data being<br>generated right now will be protected from bulk decryption later, in<br>the event of
a Curve25519 break (probably by a large enough Quantum<br>Computer), which is a far more realistic threat to be concerned about.<span class="HOEnZb"><font color="#888888"><br></font></span></pre></blockquote></div><span class="HOEnZb"><font color="#888888"><br>
-- <br>
Sincerly Flipchan</font></span></div><br>_______________________________________________<br>
tor-dev mailing list<br>
<a href="mailto:tor-dev@lists.torproject.org">tor-dev@lists.torproject.org</a><br>
<a href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev" rel="noreferrer" target="_blank">https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev</a><br>
<br></blockquote></div><br></div>