Implementing post-quantum cryptography for developers
|Author:||Hekkala, Julius1; Muurman, Mari1; Halunen, Kimmo2,3;|
1VTT Technical Research Centre of Finland, Kaitoväylä 1, Oulu, Finland
2Faculty of Information Technology and Electrical Engineering, University of Oulu, Oulu, Finland
3Department of Military Technology, National Defence University, Helsinki, Finland
|Online Access:||PDF Full Text (PDF, 0.7 MB)|
|Persistent link:|| http://urn.fi/urn:nbn:fi-fe20231106143267
|Publish Date:|| 2023-11-06
Widely used public key cryptography is threatened by the development of quantum computers. Post-quantum algorithms have been designed for the purpose of protecting sensitive data against attacks with quantum computers. National Institute of Standards and Technology has recently reached the end of the third round of post-quantum standardization process and has published three digital signatures and one key encapsulation mechanism for standardization. Three of the chosen algorithms are based on lattices. When implementing complex cryptographic algorithms, developers commonly use cryptographic libraries in their solutions to avoid mistakes. However, most of the open-source cryptography libraries do not yet have post-quantum algorithms integrated in them. We chose a C++ cryptography library, Crypto++, and created a fork where we integrated four lattice-based post-quantum algorithms. We analyzed the challenges in the process as well as the performance, correctness and security of the implemented algorithms. The performance of the integrated algorithms was overall good, but the integration process had its challenges, many of which were caused by the mathematical complexity of lattice-based algorithms. Different open-source implementations of post-quantum algorithms will be essential to their easier use for developers. Usability of the implementations is also important to avoid possible mistakes when using the algorithms.
SN computer science
|Type of Publication:||
A1 Journal article – refereed
|Field of Science:||
113 Computer and information sciences
Open Access funding provided by Technical Research Centre of Finland (VTT). This research was supported by the PQC Finland project funded by Business Finland’s Digital Trust program (Diary number 7188/31/2019).
© The Author(s) 2023. This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article's Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article's Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/.