Java TLS that doesn't depend on DLP or simple factorization
I am writing a file server in Java on Windows using encryption that is Shor resistant.
My sticking point is SSL / TLS. From what I can gather, I cannot use the standard java libraries, since socket encryption uses Diffie-Hellman key exchange which relies on the discrete log problem.
I have reviewed Salsa20, the new (ish) stream cipher, but the issue of secure key exchange remains. I also looked at cyaSSL but the Java service provider does not support windows and using C is not an option.
Can anyone point out any direction?
source to share
There are two general approaches:
-
Use a pre-shared key
No key exchange, no quantum problems. But now you need to propagate an out-of-range public key, so it probably doesn't solve the problem.
-
Use quantum quantum key exchange
For example, there is a specification for NTRU here (draft only, no real standard and beware of patents)
But overall, asymmetric post-quantum crypto doesn't seem to be production-ready.
source to share
The outlook is bleak.
There are some asymmetric cryptosystems based on intractable problems that are not DLP or factoring problems. For example, the GGH Cryptosystem is based on the tough closest vector problem. You will find that there are many signature schemes that are resistant to quantum cryptography, but not many encryption systems exist, and those that do exist seem to be a security issue.
As far as connecting GGH and Lamport Signatures in Java as an SSL provider, this is another issue entirely. You will need to learn about how JCE works and a lot of work.
source to share