delete content and layouts

content/docs/List_Contributors.md

----
-title: "Contributors"
-linktitle: "Contributors"
-date: 2021-05-05T22:18:28+02:00
-draft: false
-type: docs
-weight: 10
----
-This site was initiated by the research groups [Applied Cyber-Security](https://fbi.h-da.de/forschung/arbeitsgruppen/applied-cyber-security-darmstadt) and [User Centered Security](https://fbi.h-da.de/index.php?id=764) of [Darmstadt University of Applied Sciences](https://h-da.de/), funded by [ATHENE National Research Center for Applied Cybersecurity](https://www.athene-center.de).
-
-A list of our kind contributors:
-
-| Name                           | Affiliation | Contribution |
-|--------------------------------|-------------|--------------|
-||||

content/docs/Mindmap.md

----
-title: "Categorization Scheme"
-linktitle: "Categorization Scheme"
-date: 2021-05-05T22:20:34+02:00
-draft: false
-type: docs
-weight: 2
-menu:
-  main:
-    weight: 2
----
-{{< mindmap >}}

content/docs/_index.md

----
-title: "Cryptographic Migration & Agility"
-linktitle: "Cryptographic Migration & Agility"
-date: 2021-05-05T22:20:34+02:00
-draft: false
-type: docs
----
-An open community site for sharing any relevant research, findings, and solutions on PQC migration and cryptographic agility.

content/docs/about.md

----
-title: "About Cryptographic Migration & Agility"
-linktitle: "About Cryptographic Migration & Agility"
-date: 2021-05-05T22:17:54+02:00
-draft: false
-type: docs
-weight: 1
-menu:
-  main:
-    weight: 1
----
-Post-quantum cryptographic schemes have been under development for several years. Very soon there will be standardized post-quantum algorithms replacing the previous standards, which will eventually become obsolete. In order for quantum-resistant cryptographic Measures to be utilized, one needs more than simply developing secure post-quantum algorithms. The migration towards PQC poses great challenges on different levels. Those are not only restricted to the integration into existing protocols, but also include performance issues such as hardware specifications and memory usage, and especially the uncertainty of long term security of the new algorithm families. Moreover, a major challenge lies within finding suitable means of communicating and negotiating new algorithms and protocol parameters between different IT-systems. This leads to the urgent need for establishing the concept of crypto-agility, so as to be prepared for the rapid changes of cryptography, and insure the compatibility in all possible scenarios and settings.

content/docs/agility/_index.md

----
-title: "State of Agility"
-linktitle: "State of Agility"
-date: 2021-05-05T22:35:41+02:00
-draft: false
-type: docs
-weight: 5
----
-Aspects regarding the notion of cryptographic agility

content/docs/agility/development.md

----
-title: "Development Considerations"
-linktitle: "Development Considerations"
-date: 2021-05-06T00:12:02+02:00
-draft: false
-type: docs
-weight: 2
----
-- Research on CA mechanism
-  - [On the importance of cryptographic agility for industrial automation](https://www.degruyter.com/document/doi/10.1515/auto-2019-0019/html) This work motivates cryptographic agility by discussing the threat of quantum computers to modern cryptography [[PN19]](../../refs#pn19)
-  - [Security issues on the CNG cryptography library (Cryptography API: Next Generation)](https://ieeexplore.ieee.org/document/6603762) Next Generation from Microsoft to exchange cryptographic algorithms without any change to the code of the program [[LLP+13]](../../refs#llp13)
-  - [API Usability of Stateful Signature Schemes](https://link.springer.com/chapter/10.1007/978-3-030-26834-3_13) Easy-to-use API design for stateful signature schemes [[ZWH19]](../../refs#zwh19)
-- CA as design principle
-  - [PQFabric: A Permissioned Blockchain Secure from Both Classical and Quantum Attacks](https://arxiv.org/abs/2010.06571) Proposes a redesign of Fabric's credential-management procedures and related specifications in order to incorporate hybrid digital signatures, protecting against both classical and quantum attacks using one classical and one quantum-safe signature [[HPDM20]](../../refs#hpdm20)
-  - [Public Key Infrastructure and Crypto Agility Concept for Intelligent Transportation Systems](http://www.thinkmind.org/index.php?view=article&articleid=vehicular_2015_1_30_30028) This paper proposes a multi-domain PKI architecture for intelligent transportation systems, which considers the necessities of road infrastructure authorities and vehicle manufacturers, today [[UWK15]](../../refs#uwk15)
-- Eval crypto libs
-  - [Comparing the Usability of Cryptographic APIs](https://ieeexplore.ieee.org/document/7958576) This paper is the first to examine both how and why the design and resulting usability of different cryptographic libraries affects the security of code written with them [[ABF+17]](../../refs#abf17)
-- Eval code examples for crypto libs
-  - [Usability and Security Effects of Code Examples on Crypto APIs](https://ieeexplore.ieee.org/document/8514203) Platform for cryptographic code examples that improves the usability and security of created applications by non security experts [[MW18]](../../refs#mw18)
-  - [Fluid Intelligence Doesn't Matter! Effects of Code Examples on the Usability of Crypto APIs](https://arxiv.org/abs/2004.03973) Researches whether similarity and Gf also have an effect in the context of using cryptographic APIs [[MW20]](../../refs#mw20)
-- Eval docum. system for crypto libs
-  - [Zur Benutzbarkeit und Verwendung von API-Dokumentationen](https://dl.gi.de/handle/20.500.12116/33515) Showcases requirements for a good security API [[HZHW20]](../../refs#hzhw20)

content/docs/agility/frontiers.md

----
-title: "Frontiers of Cryptography"
-linktitle: "Frontiers of Cryptography"
-date: 2021-05-06T00:12:24+02:00
-draft: false
-type: docs
-weight: 5
----
-- Blockchains difficult
-  - [Stateful Hash-based Digital Signature Schemes for Bitcoin Cryptocurrency](https://ieeexplore.ieee.org/document/9043192) This research work presents basic analysis and the background understanding of Stateful Hash-based Signature Schemes, particularly the Lamport One-Time Signature Scheme, Winternitz One-Time Signature Scheme, and the Merkle Signature Scheme. [[NWAO19]](../../refs#nwao19)
-- Satellites difficult
-  - [Quantum Resistant Authentication Algorithms for Satellite-Based Augmentation Systems](https://web.stanford.edu/group/scpnt/gpslab/pubs/papers/Neish_2018_IONITM_QuantumResistantAuthenticationUpdated.pdf) Introduces the cryptographic primitives necessary to understand the vulnerabilities in modern day cryptography due to quantum computing and investigates the use of TESLA and EC-Schnorr algorithms in broadcast systems. [[NWE19]](../../refs#nwe19)
-- Cryptographic primitives handable
-  - [Cryptographic Agility and its Relation to Circular Encryption](https://eprint.iacr.org/2010/117) Researches whether wPRFs (weak-PRFs) are agile and whether every secure (IND-R) encryption scheme is secure when encrypting cycles. [[ABBC10]](../../refs#abbc10)

content/docs/agility/incentives.md

----
-title: "Incentives"
-linktitle: "Incentives"
-date: 2021-05-06T00:12:16+02:00
-draft: false
-type: docs
-weight: 4
----
-- Ranking by best practice as incentive
-  - [Biggest Failures in Security](https://drops.dagstuhl.de/opus/volltexte/2020/11981/) Tries to identify the "biggest failures" in security and to get a comprehensive understanding on their overall impact on security. [[AVVY19]](../../refs#avvy19)
-- Best practice for agility in protocols
-  - [Guidelines for Cryptographic Algorithm Agility and Selecting Mandatory-to-Implement Algorithms](https://tools.ietf.org/html/rfc7696) Provides guidelines to ensure that protocols have the ability to migrate from one mandatory-to-implement algorithm suite to another over time. [[Hou15]](../../refs#hou15)
-- Building blocks of crypto-agility
-  - [On the importance of cryptographic agility for industrial automation](https://www.degruyter.com/document/doi/10.1515/auto-2019-0019/html) This work motivates cryptographic agility by discussing the threat of quantum computers to moderncryptography. [[PN19]](../../refs#pn19)
-

content/docs/agility/modalities.md

----
-title: "Modalities"
-linktitle: "Modalities"
-date: 2021-05-06T00:11:45+02:00
-draft: false
-type: docs
-weight: 1
----
-- New agile protocols:
-  - [Security Agility Solution Independent of the Underlaying Protocol Architecture](https://www.semanticscholar.org/paper/Security-Agility-Solution-Independent-of-the-Vasic-Mikuc/489054a1f28eb26b1baa1a9f0caff2306c821695) The agilecryptographic negotiation protocol (ACNP) proposed in this paper repre-sents a layer-agnostic, robust solution that can be deployed for providingcryptographic agility and greatly improve security. [[VM12]](../../refs#vm12)
-  - [Stateful Hash-based Digital Signature Schemes for Bitcoin Cryptocurrency](https://ieeexplore.ieee.org/document/9043192) This research work presents basic analysis and the background understanding of Stateful Hash-based Signature Schemes, particularly the Lamport One-Time Signature Scheme, Winternitz One-Time Signature Scheme, and the Merkle Signature Scheme. [[NWAO19]](../../refs#nwao19)
-- Enhance existing protocols for use with PQC
-  - [Public Key Cryptography for Initial Authentication in Kerberos (PKINIT) Algorithm Agility](https://tools.ietf.org/html/rfc8636.html) This document updates the Public Key Cryptography for Initial Authentication in Kerberos (PKINIT) standard (RFC 4556) to remove protocol structures tied to specific cryptographic algorithms. [[AZCH19]](../../refs#azch19)
-  - [The Secure Socket API: TLS as an Operating System Service](https://www.usenix.org/conference/usenixsecurity18/presentation/oneill) We explore the use of the standard POSIX socket API as a vehicle for a simplified TLS API, while also giving administrators the ability to control applications and tailor TLS configuration to their needs. [[OHW+18]](../../refs#ohw18)
-- Enhance existing infrastructure for PQC
-  - [Algorithm Agility – Discussion on TPM 2.0 ECC Functionalities](https://link.springer.com/chapter/10.1007%2F978-3-319-49100-4_6) In this paper, we review all the TPM 2.0 ECC functionalities, and discuss on whether the existing TPM commands can be used to implement new cryptographic algorithms which have not yet been addressed in the specification. [[CU16]](../../refs#cu16)
-  - [Fail-Safe-Konzept für Public-Key-Infrastrukturen](https://tuprints.ulb.tu-darmstadt.de/246/) In dieser Dissertation wird ein Fail-Safe-Konzept für Public-Key-Infrastrukturen vorgestellt. [[Mas02]](../../refs#mas02)
-  - [Public Key Infrastructure and Crypto Agility Concept for Intelligent Transportation Systems](http://www.thinkmind.org/index.php?view=article&articleid=vehicular_2015_1_30_30028) This paper proposes a multi-domain PKI architecture for intelligent transportation systems, which considers the necessities of road infrastructure authorities and vehicle manufacturers, today. [[UWK15]](../../refs#uwk15)
-- Draft for composite keys and signatures
-  - [Composite Keys and Signatures For Use In Internet PKI](https://tools.ietf.org/id/draft-ounsworth-pq-composite-sigs-01.html) This document defines the structures CompositePublicKey, CompositeSignatureValue, and CompositeParams, which are sequences of the respective structure for each component algorithm. [[OP20]](../../refs#op20)

content/docs/agility/testing.md

----
-title: "Testing"
-linktitle: "Testing"
-date: 2021-05-06T00:12:09+02:00
-draft: false
-type: docs
-weight: 3
----
-- Algorithm relations for better test coverage
-  - [Systematic Testing of Post-Quantum Cryptographic Implementations Using Metamorphic Testing](https://ieeexplore.ieee.org/document/8785645) Investigates the effectiveness of a systematic testing approach for discovering bugs in highly complex cryptographic algorithm implementations. [[PRKK19]](../../refs#prkk19)

content/docs/contributing.md

----
-title: "How to Contribute"
-linktitle: "How to Contribute"
-date: 2021-05-05T22:18:28+02:00
-draft: false
-type: docs
-weight: 9
----
-Your contributions are always welcome!
-
-To contribute to this site send a Pull Request to our repository on [Gitlab](https://code.fbi.h-da.de/cspub/cma)
-#### Guidelines
-
-* Use the development branch.
-* Add one link per Pull Request.
-    * Make sure the PR title is in the format of `Add project-name`.
-    * Write down the reason why the contribution is suitable.
-* Add the link: `* [project-name](http://example.com/) - A short description ends with a period.`
-    * Keep descriptions concise and **short**.
-* Add a section if needed.
-    * Add the section description.
-    * Add the section title to Table of Contents.
-* Search previous Pull Requests or Issues before making a new one, as yours may be a duplicate.
-* Check your spelling and grammar.
-* Remove any trailing whitespace.

content/docs/libraries.md

----
-title: "Cryptographic Libraries and Interfaces"
-linktitle: "Cryptographic Libraries and Interfaces"
-date: 2021-05-06T00:13:06+02:00
-draft: false
-type: docs
-weight: 7
-menu:
-  main:
-    weight: 4
----
-- [NaCL (Salt)](https://nacl.cr.yp.to/):
-Software library for network communication, encryption, decryption, signatures, etc.
-
-- [Libsodium](https://libsodium.gitbook.io/doc/):
-Portable, cross-compilable, installable, packageable fork of NaCl, with a compatible API software library for encryption, decryption, signatures, password hashing etc.
-
-- [LibHydrogen](https://github.com/jedisct1/libhydrogen):
-Lightweight crypto library for constrained environments.
-
-- [WASI Cryptography APIs](https://github.com/WebAssembly/wasi-crypto):
-Development of cryptography API proposals for the WASI Subgroup of the [WebAssembly Community Group](https://www.w3.org/community/webassembly/)
-
-- [Botan: Crypto and TLS for Modern C++](https://botan.randombit.net/) A  C++ cryptographic library implementing a range of practical systems, such as TLS protocol, X.509 certificates, modern AEAD ciphers, PKCS#11 and TPM hardware support, password hashing, and post quantum crypto schemes. Several other language bindings are available, including Python. Versions of Botan that are approved by the BSI can be found on the [Github repository](https://github.com/Rohde-Schwarz/botan)

content/docs/migration/_index.md

----
-title: "State of Migration"
-linktitle: "State of Migration"
-date: 2021-05-05T22:35:41+02:00
-draft: false
-type: docs
-weight: 4
----

content/docs/migration/algorithms.md

----
-title: "PQC Algorithms"
-date: 2021-05-05T22:41:49+02:00
-draft: false
-type: docs
-weight: 1
----
-The current state of PQC is represented by the ongoing [NIST PQC standardization process](https://www.nist.gov/pqcrypto)
-- [Report on post-quantum cryptography](https://nvlpubs.nist.gov/nistpubs/ir/2016/nist.ir.8105.pdf) [[CJL+16]](../../refs#cjl16).
-- [Status report on the first round](https://nvlpubs.nist.gov/nistpubs/ir/2019/NIST.IR.8240.pdf) [[AASA+19]](../../refs#aasa19).
-- [ Status report on the second round](https://nvlpubs.nist.gov/nistpubs/ir/2020/NIST.IR.8309.pdf) [[MAA+20]](../../refs#maa20).
-
-#### **NIST PQC candidate algorithms:**
-
-| Algorithm                           | Description | Type | NIST Round |
-|-------------------------------------|-------------|------|------------|
-| [BIKE](https://bikesuite.org/) | Bit flipping key encapsulation based on QC-MDPC (Quasi-Cyclic Moderate Density Parity-Check) [[ABB+20]](../../refs#abb20) | Public-key Encryption and Key-establishment | Round Three Alternative |
-| [CRYSTALS-Dilithium](https://pq-crystals.org/dilithium/) | Digital signature scheme based on the hardness of lattice problems over module lattices [[DKL+21]](../../refs#dkl21) | Digital Signature | Round 3 Finalist |
-| [Falcon](https://falcon-sign.info/) | Lattice-based signature scheme based on the short integer solution problem (SIS) over NTRU lattices [[FHK+20]](../../refs#fhk+20) | Digital Signature | Round 3 Finalist |
-| [FrodoKEM](https://frodokem.org/)| Key encapsulation from generic lattices [[NAB+20]](../../refs#nab+20) | Public-key Encryption and Key-establishment | Round Three Alternative |
-| [GeMSS](https://www-polsys.lip6.fr/Links/NIST/GeMSS.html) | Multivariate signature scheme producing small signatures [[CFP+19]](../../refs#cfp19) | Digital Signature | Round Three Alternative |
-| [HQC](http://pqc-hqc.org/) | Hamming quasi-cyclic code-based public key encryption scheme [[MAB+20]](../../refs#mab20) | Public-key Encryption and Key-establishment | Round Three Alternative |
-| [KYBER](https://pq-crystals.org/kyber/) | IND-CCA2-secure key-encapsulation mechanism (KEM) based on hard problems over module lattices [[ABD+21]](../../refs#abd21)| Public-key Encryption and Key-establishment | Round 3 Finalist | 
-| [Classic McEliece](https://classic.mceliece.org/) | Code-based public-key cryptosystem based on random binary Goppa codes [[CCU+20]](../../refs#ccu+20) | Public-key Encryption and Key-establishment | Round 3 Finalist | 
-| [NTRU](https://ntru.org/) | Public-key cryptosystem based on lattice-based cryptography [[CDH+19]](../../refs#cdh19) | Public-key Encryption and Key-establishment | Round 3 Finalist | 
-| [NTRU-Prime](https://ntruprime.cr.yp.to/) | Small lattice-based key-encapsulation mechanism (KEM) [[BBC+20]](../../refs#bbc20) | Public-key Encryption and Key-establishment | Round 3 Alternative | 
-| [Picnic](https://microsoft.github.io/Picnic/) | Digital signature algorithems based on the zero-knowledge proof system and symmetric key primitives [[CDG+17]](../../refs#cdg17) | Digital Signature | Round 3 Alternative |
-| [Rainbow](https://www.pqcrainbow.org/)| Public key cryptosystem based on the hardness of solving a set of random multivariate quadratic systems [[DS05]](../../refs#ds05) | Digital Signature | Round 3 Finalist |
-| [SABER](https://www.esat.kuleuven.be/cosic/pqcrypto/saber/) | IND-CCA2-secure Key Encapsulation Mechanism (KEM) based on the hardness of the Module Learning With Rounding problem (MLWR) [[DKR+19]](../../refs#dkr+19) | Public-key Encryption and Key-establishment | Round 3 Finalist |
-| [SIKE](https://sike.org/)| Isogeny-based key encapsulation suite based on pseudo-random walks in supersingular isogeny graphs [[CCH+20]](../../refs#cch20) | Public-key Encryption and Key-establishment | Round 3 Alternative |
-| [SPHINCS+](https://sphincs.org/) | A stateless hash-based signature scheme [[BHK+19]](../../refs#bhk19) | Digital Signature | Round 3 Alternative |
-||
-| [NewHope](https://newhopecrypto.org/) | Key-exchange protocol based on the Ring-Learning-with-Errors (Ring-LWE) problem [[ADPS16]](../../refs#adps16) | Public-key Encryption and Key-establishment | Round Two |
-| [qTESLA](https://qtesla.org/) | Signature schemes based on the hardness of the decisional Ring Learning With Errors (R-LWE) problem [[ABB+20]](../../refs#abb20) | Digital Signature | Round Two |

content/docs/migration/automation.md

----
-title: "Automation and Frameworks"
-date: 2021-05-05T22:41:49+02:00
-draft: false
-type: docs
-weight: 5
----
-- RFC6916 PKIs Process Formalization:
-  - [Algorithm Agility Procedure for the Resource Public Key Infrastructure (RPKI)](https://tools.ietf.org/html/rfc6916): RFC6916 formalizes the Migration Process for algorithm suites in the Resource Public Key Infrastructure [[GKT13]](../../refs#gkt13)
-- Muckle Protocol Security Analysis:
-  - [Many a Mickle Makes a Muckle: A Framework for Provably Quantum-Secure Hybrid Key Exchange](https://eprint.iacr.org/2020/099.pdf): Framework for the security analysis of hybrid authenticated key exchange protocols and Introduction of the Muckle protocol [[DHP20]](../../refs#dhp20)

content/docs/migration/performance.md

----
-title: "Performance Considerations"
-date: 2021-05-05T22:41:49+02:00
-draft: false
-type: docs
-weight: 2
----
-Evaluation of the performance of PQC algorithms in various facets, classified into thethree subcategories: *Algorithm Performance, Network Performance, and Hardware Performance*
-
-##### **Algorithm Performance**
-- PQC evaluation on chosen hardware:
-  - [On Feasibility of Post-Quantum Cryptography on Small Devices](https://www.sciencedirect.com/science/article/pii/S2405896318308474) Experimental post-quantum cryptography implementations on small devices with different platforms [[MPD+18]](../../refs#mpd18)
-  - [Towards Practical Deployment of Post-quantum Cryptography on Constrained Platforms and Hardware-Accelerated Platforms](https://link.springer.com/chapter/10.1007/978-3-030-41025-4_8) Evaluation of the NIST candidates regarding their suitability for the implementation on special hardware platforms [[MRD+20]](../../refs#mrd20)
-- Improvements to PQC algorithms:
-  - [Performance Optimization of Lattice Post-Quantum Cryptographic Algorithms on Many-Core Processors](https://ieeexplore.ieee.org/abstract/document/9238630?casa_token=j7T_SBR8ECgAAAAA:Skx0Ze-JY3YP5CSLn20TOmrWviAP_-aUZ0b9W_gpR5fDpO8AWLigR52JC4qZVPTbLlIzv-3p2g) 52% and 83% improvement in performance for the CRYSTALS-Kyber KEM SHA3 variant and AES variant through Vectorization [[KKP20]](../../refs#kkp20)
-  - [Memory-Efficient High-Speed Implementation of Kyber on Cortex-M4](http://link.springer.com/10.1007/978-3-030-23696-0_11) Optimized software implementation of Kyber for the ARM Cortex-M4 microcontroller [[BKS19]](../../refs#bks19)
-  - [CTIDH: Faster Constant-Time CSIDH](https://eprint.iacr.org/2021/633.pdf) Speed records for constant-time CSIDH (Commutative Supersingular Isogeny Diffie–Hellman) through combining a new key space with a new algorithm [[BBC+21]](../../refs#bbc21)
-- Lattice-based vs. Isogeny-based:
-  - [Towards Post-Quantum Security for Cyber-Physical Systems: Integrating PQC into Industrial M2M Communication](https://link.springer.com/chapter/10.1007/978-3-030-59013-0_15) Two solutions for the integration of PQ primitives into the industrial protocol Open Platform Communications Unified Architecture (OPC UA) [[PASC20]](../../refs#pasc20)
-  - [Incorporating Post-Quantum Cryptographyin a Microservice Environment](https://homepages.staff.os3.nl/~delaat/rp/2019-2020/p13/report.pdf) On the practical feasibility of using PQCin a microservice architecture [[WvdG20]](../../refs#wvdg20)
-- PQC in IoT:
-  - [From Pre-Quantum to Post-Quantum IoT Security: A Survey on Quantum-Resistant Cryptosystems for the Internet of Things](https://ieeexplore.ieee.org/abstract/document/8932459) A wide view of post-quantum IoT security and give useful guidelines [[FC20]](../../refs#fc20)
-
-##### **Hardware Performance**
-- CRYSTALS-Dilithium and qTesla:
-  - [NIST Post-Quantum Cryptography - A Hardware Evaluation Study](https://eprint.iacr.org/2019/047) A hardware-based comparison of the NIST  PQC candidates [[BSNK19]](../../refs#bsnk19)
-- Performance critial use cases:
-  - [Ultra-Fast Modular Multiplication Implementation for Isogeny-Based Post-Quantum Cryptography](https://ieeexplore.ieee.org/document/9020384) Improved unconventional-radix finite-field multiplication (IFFM) algorithm reducing computational complexity by about 20% [[TLW19]](../../refs#tlw19)
-- FPGA performance benefits:
-  - [Implementation and benchmarking of round 2 candidates in the NIST post-quantum cryptography standardization process using hardware and software/hardware co-design approaches](https://cryptography.gmu.edu/athena/PQC/GMU_PQC_2020_SW_HW.pdf) Methodology for implementing and benchmarking PQC candidates usingboth hardware and software/hardware co-design approaches [[DFA+20]](../../refs#dfa20)
-  - [Post-Quantum Cryptography on FPGA Based on Isogenies on Elliptic Curves](https://ieeexplore.ieee.org/abstract/document/7725935) Isogeny-based schemes can be implemented with high efficiency on reconfigurable hardware [[KAMJ17]](../../refs#kamj17)
-  - [Post-Quantum Secure Boot](https://ieeexplore.ieee.org/document/9116252) Post-quantum secure boot solution implemented fully as hardware for reasons of security and performance [[KGC+20]](../../refs#kgc20)
-- Hardware Security Modules (HSMs):
-  - [Post-Quantum Secure Architectures for Automotive Hardware Secure Modules](https://eprint.iacr.org/2020/026.pdf) Building a post-quantum secure automotive HSM is feasible and can meet the hard requirements imposed by a modern vehicle ECU [[WaSt20]](../../refs#wast20)
-
-##### **Network Performacne**
-- Measurments and benchmarks:
-  - [Benchmarking Post-Quantum Cryptography in TLS](https://eprint.iacr.org/2019/1447) Packet loss rates above 3–5% start to have a significantimpact on post-quantum algorithms that fragment across many packets [[PST19]](../../refs#pst19)
-  - [Real-world measurements of structured-lattices and supersingular isogenies in TLS](https://www.imperialviolet.org/2019/10/30/pqsivssl.html) Computational advantages of structured lattices make them a more attractive choice for post-quantum confidentiality [[Lang19]](../../refs#lang19)
-  - [Measuring TLS key exchange with post-quantum KEM](https://csrc.nist.gov/CSRC/media/Events/Second-PQC-Standardization-Conference/documents/accepted-papers/kwiatkowski-measuring-tls.pdf) [[KSL+19]](../../refs#ksl19)
-  - [Post-Quantum Authentication in TLS 1.3: A Performance Study](http://eprint.iacr.org/2020/071) Detailed performance evaluation of the NIST signature algorithm candidates and imposed latency on TLS 1.3 [[SKD20]](../../refs#skd20)
-- TLS, DTLS, IKEv2 and QUIC PQC integrations:
-  - [The TLS Post-Quantum Experiment](https://blog.cloudflare.com/the-tls-post-quantum-experiment/) Evaluating the performance and feasibility of deployment in TLS of two post-quantum key agreement ciphers [[KwVa19]](../../refs#kwva19)
-  - [Post-Quantum TLS on Embedded Systems: Integrating and Evaluating Kyberand SPHINCS+ with Mbed TLS](https://dl.acm.org/doi/abs/10.1145/3320269.3384725) Post-quantum key establishment with Kyber performs well in TLS on embedded devices compared to ECC variants [[BSKNS20]](../../refs#bskns20)
-  - [The Viability of Post-quantum X.509 Certificates](https://eprint.iacr.org/2018/063) Signature schemes standardized in NIST PQ Project can work with X.509certs in a post-quantum Internet [[KPDG18]](../../refs#kpdg18)
-  - [Post-quantum Key Exchange for the Internet and the Open Quantum Safe Project](https://link.springer.com/chapter/10.1007%2F978-3-319-69453-5_2)  [[StMo16]](../../refs#stmo16)
-- VPN evaluations:
-  - [Two PQ Signature Use-cases: Non-issues, challenges and potential solutions](https://eprint.iacr.org/2019/1276)  Dilithium and Falcon are the best available options but come with an impact on TLS performance [[KaSi19]](../../refs#kasi19)

content/docs/migration/process.md

----
-title: "Algorithm Migration Process"
-date: 2021-05-05T22:41:49+02:00
-draft: false
-type: docs
-weight: 4
----
-- Hybrid TLS & SSH Implementation:
-  - [Prototyping post-quantum and hybrid key exchange and authentication in TLS and SSH](https://csrc.nist.gov/CSRC/media/Events/Second-PQC-Standardization-Conference/documents/accepted-papers/stebila-prototyping-post-quantum.pdf): Hybrid approach: Two or more independent algorithms chosen from both post-quantum, and classical schemes [[CPS19]](../../refs#cps19)
-  - [Zur Integration von Post-Quantum Verfahren in bestehende Softwarepodukte](https://arxiv.org/pdf/2102.00157v1): Field report on the integration of thePQC methods McEliece and SPHINCS+ based on the eUCRITE API [[ZWH21]](../../refs#zwh21)
-- Hybrid Lattice-Based:
-  - [ImperialViolet - CECPQ1 results](https://www.imperialviolet.org/2016/11/28/cecpq1.html): Successful experiment using hybrid approach, no network problems and a median connection latency increase of one millisecond [[A.16]](../../refs#a.16)
-  - [Experimenting with Post-Quantum Cryptography](https://security.googleblog.com/2016/07/experimenting-with-post-quantum.html): Same experiment, see above [[Bra16]](../../refs#bra16)
-  - [Towards post-quantum security for cyber-physical systems: Integrating PQC into industrial m2m communication](http://link.springer.com/10.1007/978-3-030-59013-0_15): Tradeoffs in security: big key/certificate sizes results in problems and difficulties for various protocols.[[PS20]](../../refs#ps20)
-  - [Incorporating post-quantum cryptography in a microservice environment](https://homepages.staff.os3.nl/~delaat/rp/2019-2020/p13/report.pdf): Post-Quantum algorithms perform on a similar level to classical ones. The most feasible algorithms are lattice-based. [[WvdG20]](../../refs#wvdg20)
-- Hybrid PQ CECPQ2(b) & X25519:
-  - [The TLS Post-Quantum Experiment](https://blog.cloudflare.com/the-tls-post-quantum-experiment/): Experiment between google and cloudflare comparing three groups using post-quantum CECPQ2, CECPQ2b or non-post-quantum X25519.[[KV19]](../../refs#kv19)
-- Hybrid Certificates:
-  - [X.509-Compliant Hybrid Certificates for the Post-Quantum Transition](http://tubiblio.ulb.tu-darmstadt.de/115809/): Parallel usage of two independent cryptographic schemes within public key infrastructures enabling a stepwise transition to post-quantum secureand hybrid algorithms [[BBG+19]](../../refs#bbg19)
-- PQC protocol integration:
-  <!-- - [Post-Quantum Kryptographie - Classic McEliece](/docs/migration/McEliece.pdf) Introducing a new ASN.1 PQ key format and an evaluation of PQ integration for several cryptographic protocols [[Meun21]](../../refs#meun21) -->

content/docs/migration/security.md

----
-title: "Security Considerations"
-date: 2021-05-05T22:41:49+02:00
-draft: false
-type: docs
-weight: 3
----
-##### **Algorithm, Parameter Selection and Tradeoffs**
-- Key/sig. size problematic for protocols:
-  - [The Viability of Post-quantum X.509 Certificates](https://eprint.iacr.org/2018/063.pdf): Present suitable parameters for software signature use cases and good signature candidates for TLS 1.3 authentication. [[KPDG18]](../../refs#kpdg18)
-  - [Towards post-quantum security for cyber-physical systems: Integrating PQC into industrial m2m communication](http://link.springer.com/10.1007/978-3-030-59013-0_15): Tradeoffs in security: big key/certificate sizes results in problems and difficulties for various protocols.[[PS20]](../../refs#ps20)
-
-##### **Cryptanalysis**
-- PQC schemes broken by cryptanalysis:
-  - [Cryptanalysis of the Lifted Unbalanced Oil Vinegar Signature Scheme](https://eprint.iacr.org/2019/1490.pdf): A new type of attack called Subfield Differential Attack (SDA) on Lifted Unbalanced Oil and Vinegar (LUOV) [[DDS+20]](../../refs#dds20)
-  - [Quantum cryptanalysis on some generalized Feistel schemes](https://eprint.iacr.org/2017/1249.pdf): Quantum distinguishers to introduce generic quantum key-recovery attacks [[DLW19]](../../refs#dlw19)
-  - [A reaction attack against cryptosystems based on LRPC codes.](https://eprint.iacr.org/2019/845.pdf): Analyze cryptosystems based on Low-Rank Parity-Check (LRPC) codes. [[SSPB19]](../../refs#sspb19)
-- New security assessment methods:
-  - [Quantum Cryptanalysis in the RAM Model: Claw-Finding Attacks on SIKE.](https://eprint.iacr.org/2019/103.pdf): New models of computation which allow a direct comparison between classical and quantum algorithms [[JS19]](../../refs#js19)
-  - [A classification of differential invariants for multivariate post-quantum cryptosystems](http://link.springer.com/10.1007/978-3-642-38616-9_11): Present an extension of a recent measure of security against a differential adversary. The technique assures security against any first-order differential invariant adversary. [[PST13]](../../refs#pst13)
-- Code-based PQC algorithms for PRNG:
-  - [Testing of Code-Based Pseudorandom Number Generators for Post-Quantum Application](https://www.researchgate.net/publication/342456148_Testing_of_Code-Based_Pseudorandom_Number_Generators_for_Post-Quantum_Application): Code-based pseudorandom generator, improvement of Fischer-Stern generator [[KKS+20]](../../refs#kks20)
-
-##### **Side-Channel Attacks**
-- Side-Channel Attacks:
-  - [Physical security in the post-quantum era: A survey on side-channel analysis, random number generators, and physically unclonable functions](https://arxiv.org/abs/2005.04344): Overview of several PQC-related side-channel attacks[[CCA+21]](../../refs#cca21)
-- Minimize attack vectors:
-  - [Physical protection of lattice-based cryptography: Challenges and solutions](https://pure.qub.ac.uk/files/156772945/paper.pdf): Attack and countermeasure for gaussian sampler of lattice-based schemes. [[KOV+18]](../../refs#kov18)
-  - [A side-channel resistant implementation of saber](https://eprint.iacr.org/2020/733.pdf): State of the art in terms of side channel attacks against lattice based cryptosystems and their respective countermeasures. [[VBDK+20]](../../refs#vbdk20)
-  - [Side-Channel Analysis and Countermeasure Design on ARM-based Quantum-Resistant SIKE](https://ieeexplore.ieee.org/document/9181442): Side-Channel resistant implementation of saber, using masking as a countermeasure [[ZYD20]](../../refs#zyd20)
-- Successfull attack on Himq-3:
-  - [A complete cryptanalysis of the post-quantum multivariate signature scheme himq-3](https://link.springer.com/chapter/10.1007%2F978-3-030-61078-4_24): Singularity Attack: Successfully breaks signatures of the multivarite public key scheme Himq-3 [[DDW20]](../../refs#ddw20)

content/docs/migration/standards.md

----
-title: "New Standards"
-date: 2021-05-06T00:11:20+02:00
-draft: false
-type: docs
-weight: 6
----
-- NIST Report on Round 3 Finalists:
-  - [Status report on the second round of the NIST post-quantum cryptography standardization process](https://nvlpubs.nist.gov/nistpubs/ir/2020/NIST.IR.8309.pdf): Third round finalists for public-key encryption / key-establishment algorithms and digital signatures [[MAA+20]](../../refs#maa20)
-- Review of NIST Candidates:
-  - [Standardisierung von post-quanten-kryptografie und empfehlungen des bsi](https://www.bsi.bund.de/DE/Service-Navi/Veranstaltungen/Deutscher-IT-Sicherheitskongress-30-Jahre-BSI/deutscher-it-sicherheitskongress-30-jahre-bsi_node.html): Overview of the current state of standardization of post Quantum cryptography with respect to the BSI recommendations. [[HKW21]](../../refs#hkw21)
-- Open Quantum Project:
-  - [Post-quantum Key Exchange for the Internet and the Open Quantum Safe Project](https://eprint.iacr.org/2016/1017.pdf): Open Quantum Project, libqos library: exemplary cryptographic applications like OpenSSL. Comparing NIST Round 2 PQC candidate implementations using OpenSSL [[SM16]](../../refs#sm16)
-- DNSSEC PQC Draft:
-  - [Retrofitting post-quantum cryptography in internet protocols: a case study of DNSSEC](https://dl.acm.org/doi/10.1145/3431832.3431838): Evaluate three PQC-Algorithms that are suitable for DNSSEC within certain constraints [[MdJvH+20]](../../refs#mdjvh20)
-- Decentralized Cert. Management:
-  - [Next-generation web public-key infrastructure technologies](https://eprints.qut.edu.au/128643): New decentralized approach to certificate management based on generic blockchains (DPKIT), compatible with existing PKIs. [[HM19]](../../refs#hm19)