All you need to know about the state of PQC NIST submissions and Qunatum advancements: media.ccc.de - The year in post-quantum crypto
2 Likes
Requested support for multiple recipients
1 Like
Stateful hashes are especially dangerous in virtual environments because they can be easily used improperly. Opened feature request for stateless sig schemes like SPHINCS
1 Like
Adopted changes but kept 2022 date as final deadline
1 Like
Hey guys, first time using this forum so forgive me if i missed something.
We are a group of students from Germany and my colleagues and I developed a public website with the goal of presenting all known scientific papers that add to the Post-Quantum Cryptography research. You can visit it under the link:
https://cspub.h-da.io/cma/
We would very much appreciate your contribution, participation and feedback to the current status of the website and the general idea. Our goal is to have a central, regularly used accesspoint for the entire community to discuss and present the ongoing research of all aspects of the expected migration to post-quantum cryptography and cryptographic agility.
2 Likes
Hello and welcome to Whonix forums! Interesting!
Account upgraded. Links can be posted now.
(That’s just a crude spam filter to avoid some totally unrelated stuff such as SEO services to be advertised.)
1 Like
Whonix ™ includes Codecrypt by default
Its dead project since 8 years and mostly no more updates: (only PR)
First, I really don’t have much time to actually develop this. It was a bachelor thesis, I was happy to put it out, now I’m doing completely different stuff… Lookin’ at the clock, it’s been whew almost whopping 8 years now!
I don think its worth to have it by default.
Why? Is its main functionality or cryptography broken?
Not sure if either is really checked thoroughly, if we talk about usage
well how many users or any other projects using it? and really did
checked the source code? and if we talk cryptographically do we have
anybody audited the code/checked for its security effectiveness?
The idea of using dead project is something, and using it to solve
future attacks which has yet to come something else.
Either something actively maintained exist or there is none.
Patrick via Whonix Forum:
I had someone very smart look at it and give it and give it his approval.
Sometimes mature codebases no longer need updates and work well into the future. Unless you have a paper on its mainly used algo being broken by a new attack, this software is good to go.
2 Likes
I see, ok cool then.
One thing i found here:
its talking about codecrypt usage with thunderbird but if we read here:
Caveats:
Cryptography is not intended for “online” use, because some algorithms (especially the MDPC decoding) are (slightly) vulnerable to timing attacks.
Thats mean its still ok to be used with thunderbird or not?
1 Like
I am not sure what he means by that. Feel free to ask the author. What I think is this:
Using codecrypt isn’t “online” just because a message is sent over the internet. The message is created “offline”. Remote attackers will have a hard time using timing related side-channel attacks. So yes, fine to be used with Thunderbird.
What’s an example for “online”? For example TLS or Diffie–Hellman could be considered “online”. When these connections are negotiated between peers, a man-in-the-middle might attempt to tamper with the timing by adding artificial delay sometimes in the connection between the peers. If that in theory was to succeed in weakening or breaking the encryption, then that would be a successful “online” attack.
1 Like
Online means implemented as for website ssl connections for example. In short, any automated decryption process without human eyes seeing decryption failure which is a sign of this attack.
2 Likes
I’m seeing a lot of misconceptions about QC in here, so I want to clear things up below. If you want to see my replys to the programs listed in the comments, scroll down furhter.
I feel like if Whonix wants to use PQC, then it would mean that the user would have to make everyone they are communicating with to agree on using a specific PQC-resistant cipher/signature program. With most people using RSA and ECC, this would be hard but not impossible to achieve. This would mean that people would have to manually crunch the numbers regarding the validity of your signature unless Whonix has an in-built GUI for PQC applications.
As far as I’m aware from my knowledge in Theoretical Computer Science, the integer factorization problem (RSA) and finding the value “p” in an eliptic curve (discrete log) (ECC) are NP-intermediate and co-NP respectively. It is currently debated on whether discrete log is NP-hard or not.
For the laymen here, this means that a classic computer has to brute-force or can only find the answer in an exponential function, that is that the time it takes for a computer to find the answer increases exponentially with the amount of possible answers.
In contrast, a very smart man from MIT (Peter Shor) figured out that quantum computers can do this process is “poly-logarithmic time” which says that the time it takes for a quantum computer to factor a number is equal to the logarithm of the amount of possible answers.
While this is scary, the caveat is that a quantum computer needs no noise or decoherence to be as effective as it can. Literally and figuratively breathing on a qubit or even the room being too hot that completely disrupt the superposition.
I’d say that the amount of scientists who say that QC is a fad compared to those who are genuinely worried is a 50/50. We just don’t know when quantum computers can finally have their true power revealed as they have so many obstacles to go through.
Currently, the biggest number factored only with a quantum computer that ran more than mere milliseconds was 21, and the biggest factored with a hybrid quantum-classical system was 261, 980, 999, 226, 226, with the calculation being 15538213 x 16860433 was done with 10 qubits and was only RSA-40 bits.
We are far from the Whonix project having to consider this so early in development, but I think that these first baby steps are fine, but developing a GUI/CLI tool equivalent to GnuPG/libgcrypt or gpa is absurd.
@Patrick if you absolutely need help with cryptographically approved methods, then I recommend crystals-kyber as it is NIST approved. NTRUEncrypt also seems fairly nice. Both of these have no known efficient polynomial (easy to solve and answer) problems on both classical computers and QC.
The articles you listed on PQC are very interesting, and I somewhat agree with Linus when he says that QC’s may not exist. I personally think that while QC’s will exist, they will always have noise that will make breaking RSA and ECC hard as their bit sizes go up. I expect in 20-30 years we will probably have the key sizes of today be broken.
Even with me saying that I find making PQC solutions for Whonix absurd I’m considering working on making a GUI/CLI tool for this in Whonix as I want to volunteer for a project that I love, but I have no idea where to propose one once the code is written. Any ideas?
Please consider maintaining this as an independent upstream project.
Making it specific to Whonix would only limit peer review, security and this is essential for such an application.
Please ask more people.
That depends… A new algorithm or implementation of existing algorithm into an app usable by users?
Also does it need to be a new application or would it be worthwhile to contribute to lets say GnuPG, Sequoia-PGP, signify, OTR, fork codecrypt, or other existing protocols / messengers?
While ago I’ve read that kicksecure wanted to use codecrypt signatures for extra security [unable to find source for that] and recently I got inspired by rhash[1] for a slight proposal, let’s call it paranoid-sign for now.
paranoid-sign would be simple cli program that would utilize the following libraries to produce recursive digest files that are recursively signed with multiple algorithms, as provided by stated libraries.
- https://github.com/open-quantum-safe/liboqs
- https://github.com/openssl/openssl
- liboqs/docs/algorithms at main · open-quantum-safe/liboqs · GitHub
openssl dgst -listSupported digests:
-blake2b512 -blake2s256 -md4
-md5 -md5-sha1 -ripemd
-ripemd160 -rmd160 -sha1
-sha224 -sha256 -sha3-224
-sha3-256 -sha3-384 -sha3-512
-sha384 -sha512 -sha512-224
-sha512-256 -shake128 -shake256
-sm3 -ssl3-md5 -ssl3-sha1
-whirlpool
So the result would be keys and signatures with higher disk / bandwidth cost, with the pro of defense in depth benefit.
Such approach is perfect for high security requirements, only project that I am aware of that stacks algorithms for maximum integrity is rhash[1] (and codecrypt partially).
Since all critical functions would be offloaded onto external libraries, it would be very low line count program making it easy to audit it. The only problem being - is another program needed?
How many people / projects would benefit from paranoid-sign? Is it better to urge projects like GnuPG (which should eventually get PQC support) to add something like --paranoid mode keys and signing or make program just for this purpose to get this functionality early?
I am aware that this may be slightly off-topic to Whonix, I am bringing this idea up because codecrypt signatures were meant to be used for kicksecure and Whonix.
Has anything ever come out of this?
I wouldn’t call it paranoid as this implies a mental issue but PQC is very much accepted as potentially becoming an issue.
related: use codecrypt to sign Whonix releases
The assumption here is that if signed by multiple algorithms, that makes it quantum-resistant? While that is conceivable, I don’t know if that is true. Therefore this assumption could use (a few) reference(s).
If that was true, all that would be needed would be a wrapper script around openssl and maybe other existing hashsum creation tools? That would be nice but also somehow sounds too simple to be true. In that case, auditing would be trivial as the algorithms are implemented by already trusted, existing tools.
I don’t think campaigning them would speed up things. gpg could not even be convinced to use the most secure default security settings among other things. Maybe that is why there is now Sequoia-PGP (gpg replacement) - OpenPGP - Development - Kicksecure Forums which seems to have the intention to re-implement things in a better designed way.
Only contributing code the way they want it or forking/new source code would work.
Also consider checking PQC plans for sequoia and contributing to sequoia.
1 Like