Post quantum cryptography

[forty]

Hello,

Is there any plan to add PQ algorithms to libsodium? I feel it would be nice to have nicely packaged hybrid algorithms using the PQ algorithms selected by NIST last year for example https://csrc.nist.gov/Projects/post-quantum-cryptography/selected-algorithms-2022 ?

The only discussion on the topic I found is #371 which is from 2016, but I might have missed others (sorry if I did, I'm happy to read them if they exist).

See some discussion on the topic by Age author https://words.filippo.io/dispatches/post-quantum-age/

[jedisct1]

Not until Kyber is finalized.

What we have now is very unlikely to be what NIST will standardize.

[jedisct1]

The current version of Kyber is not even the one described in that Filipo's post any more (it's now using SHAKE as a hash function).

You can (and should!) run experiments with it, but using it for production deployments would be premature. So would its inclusion in libsodium, that tries to avoid breaking changes.

[forty]

I understand, thanks for the explanation.

[mhemmings]

NIST have just finalised standards:
https://www.nist.gov/news-events/news/2024/08/nist-releases-first-3-finalized-post-quantum-encryption-standards

[samuel-lucas6]

However, there's no non-interactive key exchange (NIKE), I don't think people are that happy with the signature schemes, and Round 4/Standardization of Additional Digital Signature Schemes are ongoing.

If a library isn't careful with which PQC algorithms and parameter sets to support, it'll end up becoming a kitchen sink. For this type of library, it's not necessarily something to rush into. Having said that, PQC algorithms aren't one size fits all algorithms so maybe this is unavoidable to an extent.

[jedisct1]

There's no standardized hybrid scheme (which is what everybody wants to use, not ML-KEM alone) either yet.

[lolcatw]

Any updates on this? Google has started talking about their own quantum computers which could break ECC encryption very soon. I've been looking into asymmetric encryption schemes that are PQ resistant but so far I haven't found anything, unless someone can guide me towards a solution?

Lastly, is kyber something libsodium devs are looking at, or is the focus set on something else now?

[forty]

I don't think there were any update regarding the objection raised: there is no standardized hybrid scheme yet.

I found this as one standardization effort https://datatracker.ietf.org/doc/draft-connolly-cfrg-xwing-kem/

[jedisct1]

unsubscribe.

[R1kaB3rN]

The OP asked a close-ended question more than 1 year ago:

Is there any plan to add PQ algorithms to libsodium?

Which was left unanswered, so devs looking for PQC solutions should assume the worst and move on. Instead of pinging for updates, either consider another library or make a PR for the feature.