Alexander Hansen Færøy<p>This is undoubtedly the most promising Post-Quantum TLS deployment situation I have seen for <a href="https://mastodon.social/tags/Tor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Tor</span></a> since we started discussing it more actively in the team. Very exciting!</p><p>I hope that OpenSSL 3.5, when released, will make it into <a href="https://mastodon.social/tags/Debian" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Debian</span></a> Trixie. That would make deployment of this so much more snappy and easy for the Tor network to upgrade, but that may be dreaming. The timelines here look quite difficult for that to happen, but let's hope.</p><p><a href="https://mastodon.social/tags/cryptography" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cryptography</span></a> <a href="https://mastodon.social/tags/pqc" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pqc</span></a> <a href="https://mastodon.social/tags/pqcrypto" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pqcrypto</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
helvede.net is one of the many independent Mastodon servers you can use to participate in the fediverse.
Velkommen til Helvede, fediversets hotteste instance! Vi er en queerfeministisk server, der shitposter i den 9. cirkel.
Welcome to Hell, We’re a DK-based queerfeminist server.
Read our server rules!
Administered by:
Server stats:
159active users
helvede.net: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.7
#pqcrypto
0 posts · 0 participants · 0 posts today
Soatok Dreamseeker<p>I must admit, I'm not in love with HQC but I think it's a good backup choice if ML-KEM is ever broken.</p><p>McEliece public keys would have broken my use cases.</p><p><a href="https://furry.engineer/tags/pqcrypto" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pqcrypto</span></a></p>
Fiona :transbian: :autism:<p><a href="https://blahaj.zone/tags/NIST" rel="nofollow noopener noreferrer" target="_blank">#NIST</a> chose <a href="https://blahaj.zone/tags/HQC" rel="nofollow noopener noreferrer" target="_blank">#HQC</a> as their backup KEM and elected not to standardize <a href="https://blahaj.zone/tags/ClassicMcElice" rel="nofollow noopener noreferrer" target="_blank">#ClassicMcElice</a> for now among other reasons pointing to the standardization with <a href="https://blahaj.zone/tags/ISO" rel="nofollow noopener noreferrer" target="_blank">#ISO</a><span>.<br><br>The argument to choose HQC over Bike is a higher confidence in IND-CCA-security of HQC. I cannot comment on whether that is a reasonable assessment, though I have no reason to doubt it, but I can say that in terms of reasons to make a choice this is of course a pretty good one.<br><br>I’m not sure how I think about the decision regarding McElice, but I can to an extend see where they are coming from.<br><br>This means there are now </span><b>9</b><span> post quantum algorithms approved, standardized or chosen for standardization by generally respected organizations:<br><br></span><b>Key Encapsulation Mechanisms</b><span> (“KEMs”):<br><br>* ML-KEM (“Kyber”), based on Lattices, standardized by NIST<br><br>* HQC, based on Codes, chosen for standardization by NIST<br><br>* Classic McElice, based on codes, approved by BSI (de), ANSSI(fr), and NCSC (nl)<br><br>* Frodo, based on lattices, approved by BSI (de), ANSSI(fr), and NCSC (nl)<br><br></span><b>Signatures</b><span>:<br><br>* ML-DSA (“Dilithium”), based on Lattices, standardized by NIST<br><br>* SLH-DSA (“SPHINCS+”), based on hashes, standardized by NIST<br><br>* FN-DSA (“Falcon”), based on lattices, chosen for standardization by NIST<br><br></span><b>Stateful Signatures</b><span>:<br><br>* XMSS, based on hashes, standardized by IEEE<br><br>* LMS, based on hashes, standardized by IEEE<br><br>Overall, this looks like a decent portfolio. Future standardization might add schemes based on multivariate-equations and isogonies, but for now this should do and give us a basis from which we can design more efficient schemes without being to concerned about the entire ground suddenly giving in because one random guy/gal finds a new attack-vector.<br><br></span><a href="https://blahaj.zone/tags/postquantumcryptography" rel="nofollow noopener noreferrer" target="_blank">#postquantumcryptography</a> <a href="https://blahaj.zone/tags/PQC" rel="nofollow noopener noreferrer" target="_blank">#PQC</a> <a href="https://blahaj.zone/tags/PQCrypto" rel="nofollow noopener noreferrer" target="_blank">#PQCrypto</a></p>
Fiona :transbian: :autism:<p>So looking through some old projects I’ve had lying around, I ran into something I started (and never even really wrote anything) about steganography. This led me down a bit of rabbit-hole and I now have a slightly better understanding of some components of ML-KEM (aka. <a href="https://blahaj.zone/tags/Kyber" rel="nofollow noopener noreferrer" target="_blank">#Kyber</a><span>).<br><br>Both the public key and the ciphertext are for the most part long sequences of integers modulo 3329 that are effectively indistinguishable from random integers out of that range.<br><br>Of course they are obvious to distinguish from random bitstrings, but the easiest way to fix that would be to just view them as numbers in base 3329, re-encode them to base 2 and work from there… So that might be one thing I could look into now.<br><br>The alternative is to see whether there is a sufficiently hard to detect way to change some of the representatives of the field-elements… It might be easier to implement if, if not easier from a mathematical perspective, but would also let the possibility of slightly compressing the public-key and ciphertext by about 2.5% in length lie on the table.<br><br>In any case, this is something that might be worthwhile for practical use-cases… </span>🤔<span><br><br></span><a href="https://blahaj.zone/tags/cryptography" rel="nofollow noopener noreferrer" target="_blank">#cryptography</a> <a href="https://blahaj.zone/tags/pqc" rel="nofollow noopener noreferrer" target="_blank">#pqc</a> <a href="https://blahaj.zone/tags/pqcrypto" rel="nofollow noopener noreferrer" target="_blank">#pqcrypto</a> <a href="https://blahaj.zone/tags/steganography" rel="nofollow noopener noreferrer" target="_blank">#steganography</a> <a href="https://blahaj.zone/tags/crypto" rel="nofollow noopener noreferrer" target="_blank">#crypto</a> <a href="https://blahaj.zone/tags/MLKEM" rel="nofollow noopener noreferrer" target="_blank">#MLKEM</a></p>
🏳️⚧️ Fiona :flag_lesbian:<p>Pushing my “let’s stop pretending post-quantum crypto is something fundamentally different from regular crypto and acknowledge that it really is just the replacement of broken algorithms with secure ones”-agenda in the intro of the paper I’m co-writing. 😈</p><p><a href="https://tech.lgbt/tags/itsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>itsecurity</span></a> <a href="https://tech.lgbt/tags/cryptography" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cryptography</span></a> <a href="https://tech.lgbt/tags/crypto" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>crypto</span></a> <a href="https://tech.lgbt/tags/postquantumcryptography" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>postquantumcryptography</span></a> <a href="https://tech.lgbt/tags/quantumcomputing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>quantumcomputing</span></a> <a href="https://tech.lgbt/tags/pqc" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pqc</span></a> <a href="https://tech.lgbt/tags/pqcrypto" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pqcrypto</span></a></p>
Harry Sintonen<p><a href="https://infosec.exchange/tags/OpenSSH" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSSH</span></a> 9.9 has been released: <a href="https://www.openssh.com/txt/release-9.9" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">openssh.com/txt/release-9.9</span><span class="invisible"></span></a></p><p>The significant new feature is support for post-quantum mlkem768x25519-sha256 KEX as specified in <a href="https://datatracker.ietf.org/doc/html/draft-kampanakis-curdle-ssh-pq-ke-03" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">datatracker.ietf.org/doc/html/</span><span class="invisible">draft-kampanakis-curdle-ssh-pq-ke-03</span></a> </p><p><a href="https://infosec.exchange/tags/pqcrypto" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pqcrypto</span></a> <a href="https://infosec.exchange/tags/postquantumcryptography" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>postquantumcryptography</span></a></p>
hanno<p>It appears lattices are still fine <a href="http://www.chenyilei.net/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">http://www.</span><span class="">chenyilei.net/</span><span class="invisible"></span></a> <a href="https://mastodon.social/tags/pqcrypto" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pqcrypto</span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload