Post-Quantum Cryptography for Open Source Software from Africa
Post-Quantum Cryptography for Open Source Software from Africa by Loganaden Velvindron, cyberstorm's global team member. During the IETF 122 Hackathon in Bangkok
During the IETF 122 Hackathon in Bangkok and online last month, the cyberstorm team from Mauritius, the United States, and Kenya participated remotely to implement post-quantum cryptography components currently missing from widely-used open source software such as nmap, zmap, wireshark, and GnuTLS.
The ability to use post-quantum cryptography is an important part of ensuring continued security and privacy for people using the Internet as quantum computing—which may make it easier to circumvent many existing cryptographic methods—continues to develop and improve.
Goal
Our goal during the IETF Hackathon was to make sure that popular open source software such as nmap, wireshark, and GnuTLS supported the latest version of Post Quantum Cryptography. We needed to make sure that those widely used tools such as nmap and zmap supported it correctly. Then, we were able to use them to implement large changes such as SecP384r1MLKEM1024 in GnuTLS—which is a secure communications library implementing the IETF-developed SSL, TLS and DTLS protocols and technologies around them, debug on the wire, and correct mistakes.
Our work built on Internet-Drafts such as ML-KEM Post-Quantum Key Agreement for TLS 1.3 and
Post-quantum hybrid ECDHE-MLKEM Key Agreement for TLSv1.3. Both of these documents are being considered in the IETF’s Transport Layer Security (TLS) Working Group.
Results
This work resulted in contributions (PRs) to Open Source software projects, several of which have already been incorporated. These include:
- Zmap (commit)
- Nmap (pull request 1, pull request 2)
- Wireshark (commit 1, commit 2)
- Gnutls (commit)
Lessons learned
Implementing SECP384r1MLKEM1024 in GnuTLS turned out to be a challenge due to GnuTLS internals, which are quite complex. It led to many interoperability failures and this required us to go through several iterations of the code to pass Continuous Integration (CI). We wish to thank the IBM/Redhat developers for taking the time to work with us and reviewing our code to make sure that it meets their high standards. We also wish to thank the Cloudflare engineers who also helped us by reviewing our code in other open source projects.
Next steps
We are working to raise awareness of the need for post quantum cryptography in African countries such as Mauritius and continue our work on implementing new post quantum cryptographic IETF standards in open source software ecosystems. African countries are often lagging behind by several years. We wish to change this by educating and promoting new IETF and W3C standards across Africa. We are the voice that represents close to 1.5 billion people from our continent. We are able to do this by standing on the shoulders of giants and we wish to thank everybody who helped us.
See also the Cyberstorm website.
What's Your Reaction?
Like
0
Dislike
0
Love
0
Funny
0
Angry
0
Sad
0
Wow
0
