Author: David Stainton 2023-09-05 01:12:48+00:00
Published on: 2023-09-05T01:12:48+00:00
In the email, David expresses his agreement with Laolu's understanding of a Sphinx modification. He suggests naming it "PQ Sphinx" or "KEM Sphinx" when combined with an ECDH and a PQ KEM. David also mentions the existence of a PQ Noise that utilizes KEMs. He provides examples of Cloudflare using Kyber in production and links to their blog post on securing the post-quantum world, as well as their CIRCL golang library that implements Kyber.David further explains that Kyber is undergoing standardization and recommends keeping up with Peter Schwabe for any updates. Peter had suggested implementing KEM Sphinx after David discussed the slowness of Sphinx when using X25519 + CTIDH. David highlights the benefits of upgrading protocols to use PQ cryptography, such as gaining bragging rights for technical blog posts.He mentions that currently, Katzenpost is the only software project using PQ Noise, and provides a link to Nyquist, a PQ Noise implementation written in golang by Yawning Angel. For Katzenpost, they have forked Nyquist to allow the caller control over the construction and selection of KEMs for use with noise.David suggests modifying the snow rust implementation and opens a ticket for it. He discusses the importance of the security preserving KEM combiner in Noise compared to Sphinx, due to the use of MAC and hash objects in different ways. He mentions that Cloudflare uses an insecure KEM combiner with TLS but still achieves semantic security.To conclude, David mentions that Katzenpost has a hybrid signature scheme used in their decentralized PKI to sign the PKI document containing network connection information and public key materials. Currently, they are using X25519 and Sphincs+ for signatures, which are around 49 kilobytes in size but have no noticeable performance impact.
Updated on: 2023-09-06T01:56:18.990660+00:00