Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PQ-PSK prototype #310

Merged
merged 50 commits into from
Jun 27, 2024
Merged

PQ-PSK prototype #310

merged 50 commits into from
Jun 27, 2024

Conversation

jschneider-bensch
Copy link
Collaborator

@jschneider-bensch jschneider-bensch commented Jun 12, 2024
edited
Loading

This crate implements a protocol for agreeing on a pre-shared key such that the protocol messages are secure against harvest-now-decrypt-later (HNDL) passive quantum attackers.

The protocol between initator A and receiver B roughly works as follows:

A:  (ik, enc) <- PQ-KEM(pk_B)
    K_0 <- KDF(ik, pk_B || enc || sctxt)
    K_m <- KDF(K_0, "Confirmation")
    K <- KDF(K_0, "PSK")
    mac_ttl <- MAC(K_m, psk_ttl)
A -> B: (enc, psk_ttl, mac_ttl)

Where

  • pk_B is the receiver's KEM public key,
  • sctx is context information for the given session of the protocol,
  • psk_ttl specifies for how long the PSK should be considered valid, and
  • K is the final PSK that is derived from the decapsulated shared secret based on the internal KEM.

The crate implements the protocol based on several different internal KEMs:

  • X25519, an elliptic-curve Diffie-Hellman KEM (not post-quantum secure; for performance comparison)
  • ML-KEM 768, a lattice-based post-quantum KEM, in the process of being standardized by NIST
  • Classic McEliece, a code-based post-quantum KEM & Round 4 candidate in the NIST PQ competition,
  • XWingKemDraft02, a hybrid post-quantum KEM, combining X25519 and ML-KEM 768 based KEMs

jschneider-bensch and others added 30 commits June 10, 2024 13:17
@jschneider-bensch
Make ML-KEM-768 constants public
d6f3448 
So they can be used by hybrid KEMs in the `libcrux-kem` crate.
@jschneider-bensch
Change libcrux::ecdh submodule and item visibility to public
b4d9e76 
So they can be used in the `libcrux-kem` crate
@jschneider-bensch
Change visibility of libcrux-ml-kem::MlKemKeyPair fields to pub
7d3fe6b 
So they can be accessed in the `libcrux-kem` crate.
@jschneider-bensch
Extract libcrux::kem module to its own crate
d8d8e17
@jschneider-bensch
Update KEM crate documentation
7040c64
@jschneider-bensch
Format
550d6f6
@jschneider-bensch
Provide .len() on ML-KEM structs and use that instead of constants
c639f7b
@jschneider-bensch
Use .into_parts() on MlKemKeyPair instead of direct access
a82fc0e
@jschneider-bensch
Add CI run for libcrux-kem
cb2ac3a
@jschneider-bensch
Merge branch 'dev' into jonas/kem-crate
90dc277
@jschneider-bensch
Fix ML-KEM tests
8fdf171
@jschneider-bensch
CI: Use Rust stable and exclude Win32 (linker issue)
8000575
@jschneider-bensch
Revert CI change to now install Rust nightly again
35c5f6d
@jschneider-bensch
Pull out ecdh module into its own crate
2bc3b92
@jschneider-bensch
Make libcrux-kem use libcrux-ecdh instead of libcrux
7f68d12
@jschneider-bensch
Make libcrux use standalone libcrux-ecdh crate
85ef2ad
@jschneider-bensch
WIP: PQ-PSK prototype
ef18721
@jschneider-bensch
Copied CI workflow for ECDH crate
319593f
@jschneider-bensch
Merge imports
20cb5b8
@jschneider-bensch
Option to use Curve25519, ML-KEM768 or Classic McEliece
7e36ee7
@jschneider-bensch
Merge branch 'jonas/kem-crate' into jonas/psq
ba59708
@jschneider-bensch
Move P256 ECDSA signature API back to libcrux
d0ad351
@jschneider-bensch
Move ECDH tests to the libcrux-ecdh crate
b119396
@jschneider-bensch
Merge branch 'dev' into jonas/kem-crate
f86a100
@jschneider-bensch
Make PSK lifetime a parameter of PSK generation
1bd7451
@jschneider-bensch
Update Cargo.lock
debd4e7
@jschneider-bensch
Reduce public API
6186bcb
@jschneider-bensch
Make libcrux depend on libcrux-kem
3044792
@jschneider-bensch
Make spec libcrux interop tests use standalone crate
4e49371
@jschneider-bensch
Update benchmarks to use libcrux-ml-kem (resp. libcrux-kem)
b47fd6e
Base automatically changed from jonas/kem-crate to dev June 13, 2024 13:36
@franziskuskiefer franziskuskiefer added the waiting-on-author Status: This is awaiting some action from the author. label Jun 24, 2024
@jschneider-bensch jschneider-bensch marked this pull request as ready for review June 26, 2024 12:26
@jschneider-bensch jschneider-bensch changed the title WIP: PQ-PSK prototype PQ-PSK prototype Jun 26, 2024
@jschneider-bensch jschneider-bensch added waiting-on-review Status: Awaiting review from the assignee but also interested parties. and removed waiting-on-author Status: This is awaiting some action from the author. labels Jun 26, 2024
karthikbhargavan
karthikbhargavan approved these changes Jun 26, 2024
View reviewed changes
Copy link
Contributor

@karthikbhargavan karthikbhargavan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Very nice work. We don't exactly know how this will be deployed in the context of other protocols it needs to compose with, but let's leave that larger API/composition discussion for a future PR.

@jschneider-bensch jschneider-bensch merged commit 7d40ffc into dev Jun 27, 2024
46 checks passed
@jschneider-bensch jschneider-bensch deleted the jonas/psq branch June 27, 2024 06:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@karthikbhargavan karthikbhargavan karthikbhargavan approved these changes

@franziskuskiefer franziskuskiefer Awaiting requested review from franziskuskiefer

Assignees

@jschneider-bensch jschneider-bensch

Labels
waiting-on-review Status: Awaiting review from the assignee but also interested parties.
Projects
libcrux
Status: ✅ Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jschneider-bensch @karthikbhargavan @franziskuskiefer