Post-Quantum TLS experiments based on KEMTLS #2954
Replies: 3 comments 2 replies
-
|
Hi! It looks like some cool work. Just FYI, the AuthKEM draft is not exactly compatible with KEMTLS (for example, AuthKEM uses HPKE's API and doesn't discuss ephemeral key exchange). |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for the pointer (and all your work!) We'll keep an eye on AuthKEM and hopefully add it to Botan at one point. For this demonstrator it should be enough to be able to be compatible with your KEMTLS experimental server. We weren't actually aware of the HPKE standardization and didn't look into AuthKEM in detail yet, so this is a valuable hint :) |
Beta Was this translation helpful? Give feedback.
-
|
If you do get around to wanting to do AuthKEM, please reach out, we might have some more implementations specifically of authkem by then 😄 |
Beta Was this translation helpful? Give feedback.
-
|
Hi together, TLS1.3 Client looks really cool. Currently, we are working at the Dilithium signature algorithm an hopefully will finish work at the end of May. Thanks for your work @hrantzsch & @reneme, looking forward to bring all together. |
Beta Was this translation helpful? Give feedback.
-
|
It's great to see KEMTLS implemented. Thank you! When it's finished, I'd like to see the code merged. |
Beta Was this translation helpful? Give feedback.
-
With Kyber now merged and the TLS 1.3 client working @hrantzsch and I combined both efforts into an experimental implementation of KEMTLS: neXenio#20.
This work is meant as a demonstrator for the work done in the KBLS project to showcase the PQC algorithms added in the context of this project. For now, Kyber is used as a KEM to perform a modified (KEM)TLS handshake with an experimental server implementation by @thomwiggers and @claucece. Once the addition of the Dilithium signature algorithm is finished, we might extend this demonstrator to also verify the experimental server's certificates.
Extending our TLS 1.3 implementation with the KEMTLS handshake state machine adaptions proved straight forward. Furthermore the Kyber implementation interoperated nicely. We don't expect this work to be merged upstream (hence the draft PR in the neXenio fork) but hope it might be useful or insightful for some.
Also note that there is a recent draft in the IETF TLS working group about KEM-based Authentication for TLS 1.3.
Beta Was this translation helpful? Give feedback.
All reactions