diff --git a/content/docs/agility/development.md b/content/docs/agility/development.md index 6d6cc8dd3c5a0d59297d3e4ef7135177436a3fcc..e91440de876c827fbc6fd49f82c571239cd3b816 100644 --- a/content/docs/agility/development.md +++ b/content/docs/agility/development.md @@ -6,18 +6,17 @@ draft: false type: docs weight: 2 --- -- eUCRITE API - - [Security Issues on the CNG Cryptography Library (Cryptography API: Next Generation)](https://ieeexplore.ieee.org/document/6603762) This paper introduces structure, features, and programming techniques of CNG, which was released as a substitute of the previous CAPI (Cryptography API) library from Microsoft. - - [Zur Benutzbarkeit und Verwendung von API-Dokumentationen](https://dl.gi.de/handle/20.500.12116/33515) Showcases requirements for a good security API. [[HZHW20]](../../refs#hzhw20) - Research on CA mechanism - - [On the importance of cryptographic agility for industrial automation](https://www.degruyter.com/document/doi/10.1515/auto-2019-0019/html) This work motivates cryptographic agility by discussing the threat of quantum computers to moderncryptography. [[PN19]](../../refs#pn19) + - [On the importance of cryptographic agility for industrial automation](https://www.degruyter.com/document/doi/10.1515/auto-2019-0019/html) This work motivates cryptographic agility by discussing the threat of quantum computers to modern cryptography [[PN19]](../../refs#pn19) + - [Security issues on the CNG cryptography library (Cryptography API: Next Generation)](https://ieeexplore.ieee.org/document/6603762) Next Generation from Microsoft to exchange cryptographic algorithms without any change to the code of the program [[LLP+13]](../../refs#llp13) + - [API Usability of Stateful Signature Schemes](https://link.springer.com/chapter/10.1007/978-3-030-26834-3_13) Easy-to-use API design for stateful signature schemes [[ZWH19]](../../refs#zwh19) - CA as design principle - - [PQFabric: A Permissioned Blockchain Secure from Both Classical and Quantum Attacks](https://arxiv.org/abs/2010.06571) Proposes a redesign of Fabric's credential-management procedures and related specifications in order to incorporate hybrid digital signatures, protecting against both classical and quantum attacks using one classical and one quantum-safe signature. [[HPDM20]](../../refs#hpdm20) - - [Public Key Infrastructure and Crypto Agility Concept for Intelligent Transportation Systems](http://www.thinkmind.org/index.php?view=article&articleid=vehicular_2015_1_30_30028) This paper proposes a multi-domain PKI architecture for intelligent transportation systems, which considers the necessities of road infrastructure authorities and vehicle manufacturers, today. [[UWK15]](../../refs#uwk15) + - [PQFabric: A Permissioned Blockchain Secure from Both Classical and Quantum Attacks](https://arxiv.org/abs/2010.06571) Proposes a redesign of Fabric's credential-management procedures and related specifications in order to incorporate hybrid digital signatures, protecting against both classical and quantum attacks using one classical and one quantum-safe signature [[HPDM20]](../../refs#hpdm20) + - [Public Key Infrastructure and Crypto Agility Concept for Intelligent Transportation Systems](http://www.thinkmind.org/index.php?view=article&articleid=vehicular_2015_1_30_30028) This paper proposes a multi-domain PKI architecture for intelligent transportation systems, which considers the necessities of road infrastructure authorities and vehicle manufacturers, today [[UWK15]](../../refs#uwk15) - Eval crypto libs - - [Comparing the Usability of Cryptographic APIs](https://ieeexplore.ieee.org/document/7958576) This paper is the first to examine both how and why the design and resulting usability of different cryptographic libraries affects the security of code written with them. [[ABF+17]](../../refs#abf17) + - [Comparing the Usability of Cryptographic APIs](https://ieeexplore.ieee.org/document/7958576) This paper is the first to examine both how and why the design and resulting usability of different cryptographic libraries affects the security of code written with them [[ABF+17]](../../refs#abf17) - Eval code examples for crypto libs - - [Usability and Security Effects of Code Examples on Crypto APIs](https://ieeexplore.ieee.org/document/8514203) Platform for cryptographic code examples that improves the usability and security of created applications by non security experts. [[MW18]](../../refs#mw18) - - [Fluid Intelligence Doesn't Matter! Effects of Code Examples on the Usability of Crypto APIs](https://arxiv.org/abs/2004.03973) Researches whether similarity and Gf also have an effect in the context of using cryptographic APIs.[[MW20]](../../refs#mw20) + - [Usability and Security Effects of Code Examples on Crypto APIs](https://ieeexplore.ieee.org/document/8514203) Platform for cryptographic code examples that improves the usability and security of created applications by non security experts [[MW18]](../../refs#mw18) + - [Fluid Intelligence Doesn't Matter! Effects of Code Examples on the Usability of Crypto APIs](https://arxiv.org/abs/2004.03973) Researches whether similarity and Gf also have an effect in the context of using cryptographic APIs [[MW20]](../../refs#mw20) - Eval docum. system for crypto libs - - [Zur Benutzbarkeit und Verwendung von API-Dokumentationen](https://dl.gi.de/handle/20.500.12116/33515) Showcases requirements for a good security API. [[HZHW20]](../../refs#hzhw20) + - [Zur Benutzbarkeit und Verwendung von API-Dokumentationen](https://dl.gi.de/handle/20.500.12116/33515) Showcases requirements for a good security API [[HZHW20]](../../refs#hzhw20) diff --git a/content/docs/migration/McEliece.pdf b/content/docs/migration/McEliece.pdf new file mode 100644 index 0000000000000000000000000000000000000000..99df81ff3c866f15aeeef235837e2d45527b870e Binary files /dev/null and b/content/docs/migration/McEliece.pdf differ diff --git a/content/docs/migration/performance.md b/content/docs/migration/performance.md index 7961d5ba071f401e174ecb33aefd8684a83d5acb..67f57270e030e6a7056e7621039121749e1b4a83 100644 --- a/content/docs/migration/performance.md +++ b/content/docs/migration/performance.md @@ -14,6 +14,7 @@ Evaluation of the performance of PQC algorithms in various facets, classified in - Improvements to PQC algorithms: - [Performance Optimization of Lattice Post-Quantum Cryptographic Algorithms on Many-Core Processors](https://ieeexplore.ieee.org/abstract/document/9238630?casa_token=j7T_SBR8ECgAAAAA:Skx0Ze-JY3YP5CSLn20TOmrWviAP_-aUZ0b9W_gpR5fDpO8AWLigR52JC4qZVPTbLlIzv-3p2g) 52% and 83% improvement in performance for the CRYSTALS-Kyber KEM SHA3 variant and AES variant through Vectorization [[KKP20]](../../refs#kkp20) - [Memory-Efficient High-Speed Implementation of Kyber on Cortex-M4](http://link.springer.com/10.1007/978-3-030-23696-0_11) Optimized software implementation of Kyber for the ARM Cortex-M4 microcontroller [[BKS19]](../../refs#bks19) + - [CTIDH: Faster Constant-Time CSIDH](https://eprint.iacr.org/2021/633.pdf) Speed records for constant-time CSIDH (Commutative Supersingular Isogeny Diffie–Hellman) through combining a new key space with a new algorithm [[BBC+21]](../../refs#bbc21) - Lattice-based vs. Isogeny-based: - [Towards Post-Quantum Security for Cyber-Physical Systems: Integrating PQC into Industrial M2M Communication](https://link.springer.com/chapter/10.1007/978-3-030-59013-0_15) Two solutions for the integration of PQ primitives into the industrial protocol Open Platform Communications Unified Architecture (OPC UA) [[PASC20]](../../refs#pasc20) - [Incorporating Post-Quantum Cryptographyin a Microservice Environment](https://homepages.staff.os3.nl/~delaat/rp/2019-2020/p13/report.pdf) On the practical feasibility of using PQCin a microservice architecture [[WvdG20]](../../refs#wvdg20) diff --git a/content/docs/migration/process.md b/content/docs/migration/process.md index a92a3356f945aefc6069c731fb5a46e7553990e1..7e75e056094f1e4d695544dd9aea4aa11a4397e1 100644 --- a/content/docs/migration/process.md +++ b/content/docs/migration/process.md @@ -17,3 +17,5 @@ weight: 4 - [The TLS Post-Quantum Experiment](https://blog.cloudflare.com/the-tls-post-quantum-experiment/): Experiment between google and cloudflare comparing three groups using post-quantum CECPQ2, CECPQ2b or non-post-quantum X25519.[[KV19]](../../refs#kv19) - Hybrid Certificates: - [X.509-Compliant Hybrid Certificates for the Post-Quantum Transition](http://tubiblio.ulb.tu-darmstadt.de/115809/): Parallel usage of two independent cryptographic schemes within public key infrastructures enabling a stepwise transition to post-quantum secureand hybrid algorithms [[BBG+19]](../../refs#bbg19) +- PQC protocol integration: + - [Post-Quantum Kryptographie - Classic McEliece](/docs/migration/McEliece.pdf) Introducing a new ASN.1 PQ key format and an evaluation of PQ integration for several cryptographic protocols [[Meun21]](../../refs#meun21) diff --git a/content/docs/projects/eUCRITE.md b/content/docs/projects/eUCRITE.md index 4ecd932d8dbdd42b74433b5b33e353ca5fb65b91..80d2f381268e0dba98ff9839102e3a5b836d5cec 100644 --- a/content/docs/projects/eUCRITE.md +++ b/content/docs/projects/eUCRITE.md @@ -5,6 +5,6 @@ draft: false type: docs weight: 1 --- -The [eUCRITE API](https://use-a-pqclib.h-da.io/eucrite-documentation/) is a PQC library interface, that provides quantum-resistant cryptographic schemes in abstract manner. It provides not only PQC-based encryption, but also signature schemes. The end-user has the choice between three different security levels based on the strenght and performance of the chosen algorithems. This abstraction aims at supporting crypt-agility and is expected to make using PQC-schemes easier. Collaborations on our cryptographic API, and a special update mechanism for said API are also under development. +The [eUCRITE API](https://use-a-pqclib.h-da.io/eucrite-documentation/) is a PQC library interface, that provides quantum-resistant cryptographic schemes in abstract manner. It provides not only PQC-based encryption, but also signature schemes. The end-user has the choice between three different security levels based on the strenght and performance of the chosen algorithems. This abstraction aims at supporting crypt-agility and is expected to make using PQC-schemes easier [[Zei20]](../../refs#zei20). Collaborations on our cryptographic API, and a special update mechanism for said API are also under development.  diff --git a/content/docs/refs.md b/content/docs/refs.md index 92fa9230cc366078958c2e8a0c2403eb614dfe14..122e44ca8ffb35e78e9dec50e98a8cc50da1b757 100644 --- a/content/docs/refs.md +++ b/content/docs/refs.md @@ -39,6 +39,9 @@ weight: 10 ###### [BBC+20] [D. Bernstein, B. Brumley, M. Chen, C. Chuengsatiansup, T. Lange, A. Marotzke, N. Tuveri, C. van Vredendaal, and B. Yang. Ntru prime: round 3 20201007. 2020](https://ntruprime.cr.yp.to/nist/ntruprime-20201007.pdf) +###### [BBC+21] +[G. Banegas, D. J. Bernstein, F. Campos, T. Chou, T. Lange, M. Meyer, B. Smith and J. Sotáková. CTIDH: faster constant-time CSIDH. 2021. Cryptology ePrint Archive, Report 2021/633](https://eprint.iacr.org/2021/633) + ###### [BBG+19] [Bindel, N., Braun, J., Gladiator, L., Stöckert, T., & Wirth, J. (2019). X. 509-compliant hybrid certificates for the post-quantum transition. Journal of Open Source Software, 4(40), 1606](https://joss.theoj.org/papers/10.21105/joss.01606) @@ -184,7 +187,7 @@ weight: 10 [A. Langley. 2019. Real-world measurements of structured-lattices and supersin-gular isogenies in TLS](https://www.imperialviolet.org/2019/10/30/pqsivssl.html) ###### [LLP+13] -[K. Lee, Y. Lee, J. Park, K. Yim, and I. You. Security issues on the cng cryptography library (cryptography api: Next generation). In Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS), 2013 Seventh International Conference on, pages 709–713. IEEE, 2013.](https://ieeexplore.ieee.org/document/6603762) +[K. Lee, Y. Lee, J. Park, K. Yim and I. You, "Security Issues on the CNG Cryptography Library (Cryptography API: Next Generation)," 2013 Seventh International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, 2013, pp. 709-713, doi: 10.1109/IMIS.2013.128](https://ieeexplore.ieee.org/document/6603762) ###### [MAA+20] [D. Moody, G. Alagic, D. C Apon, D. A. Cooper, Q. H. Dang, J. M. Kelsey, Y.Liu, C. A. Miller, R. C. Peralta, R. A. Perlner, A. Y. Robinson, D. C. Smith-Tone,and J. Alperin-Sheriff. 2020. Status report on the second round of the NISTpost-quantum cryptography standardization process.](https://doi.org/10.6028/NIST.IR.8309) @@ -198,6 +201,9 @@ weight: 10 ###### [MdJvH+20] [M. Müller, J. de Jong, M. van Heesch, B. Overeinder, and R. van Rijswijk-Deij. Retrofitting post-quantum cryptography in internet protocols: a case study of DNSSEC. 50(4):49–57, 2020. doi:10.1145/3431832.3431838.](https://dl.acm.org/doi/10.1145/3431832.3431838) +###### [Meun21] +[Robin Meunier. Post-Quantum Kryptographie - Classic McEliece. 2021 Master Thesis. Darrmstadt University of Applied Sciences. Faculty of Computer Science.]((/docs/migration/McEliece.pdf)) + ###### [MPD+18] [L. Malina, L. Popelova, P. Dzurenda, J. Hajny, and Z. Martinasek. 2018. On Feasibility of Post-Quantum Cryptography on Small Devices (15th IFAC Conference on Programmable Devices and Embedded Systems PDeS 2018), Vol. 51. 462–467](https://www.sciencedirect.com/science/article/pii/S2405896318308474) @@ -230,7 +236,7 @@ weight: 10 ###### [OPP19] [D. Ott, C. Peikert, and participants. 2019. Identifying Research Challengesin Post Quantum Cryptography Migration and Cryptographic Agility. (Sept.2019).](https://cra.org/crn/2019/10/research-challenges-in-post-quantum-cryptography-migration-and-cryptographic-agility/) -###### Our paper + ###### [PASC20] [S. Paul and P. Scheible. 2020. Towards Post-Quantum Security for Cyber-Physical Systems: Integrating PQC into Industrial M2M Communication. InComputerSecurity – ESORICS 2020. Vol. 12309. Springer International Publishing, 295–316](https://link.springer.com/chapter/10.1007/978-3-030-59013-0_15) @@ -285,6 +291,9 @@ weight: 10 ###### [Zei20] [A. Zeier. 08.12.2020. eucrite 1.0 API.](https://use-a-pqclib.h-da.io/eucrite-documentation/) +###### [ZWH19] +[A. Zeier, A. Wiesmaier, and A. Heinemann. API Usability of Stateful Signature Schemes. In The 14th International Workshop on Security (IWSEC), LNCS 11689, pages 1–20. Springer Switzerland, August 2019](https://link.springer.com/chapter/10.1007/978-3-030-26834-3_13) + ###### [ZWH21] [A. Zeier, A. Wiesmaier, and A. Heinemann. Zur Integration von Post-Quantum Verfahren in bestehende Softwarepodukte. In German Federal Office for Information Security (BSI), editor, Tagungsband zum 17. Deutschen IT-Sicherheitskongress, pages 381 – 391. SecuMedia Verlag, Ingelheim, Germany, March 2021.](https://arxiv.org/pdf/2102.00157v1) diff --git a/content/docs/related.md b/content/docs/related.md index 415b89835eac75c981f6a93bff68f0a47b97bb86..4523a196df8a4294bc93bd51ae208e52218dbe5b 100644 --- a/content/docs/related.md +++ b/content/docs/related.md @@ -11,7 +11,6 @@ A collection of survey papers and references dealing with general challenges and *A full reference list can be found in the [references](../refs) section. All references are listed in alphabetical order.* - [Identifying Research Challenges in Post Quantum Cryptography Migration and Cryptographic Agility](http://arxiv.org/abs/1909.07353): A wide range of topics and challenges at a high abstraction level grouped into categories of PQC migration and crypto-agility [[OPp19]](../refs#opp19) -- [Our Paper] [[paper]](../refs#paper) - [Getting Ready for Post-Quantum Cryptography](https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04282021.pdf): Challenges Associated with Adopting and Using Post-Quantum Cryptographic Algorithms [[BPS20]](../refs#bps20). - [Practical Post-Quantum Cryptography](https://www.sit.fraunhofer.de/fileadmin/dokumente/studien_und_technical_reports/Practical.PostQuantum.Cryptography_WP_FraunhoferSIT.pdf?_=1503992279): White paper from the Fraunhofer Institute for Secure Information Technology SIT addressing challenges of PQC migration and comparison of PQC algorithms [[NIWA17]](../refs#niwa17). - [From Pre-Quantum to Post-Quantum IoT Security](https://ieeexplore.ieee.org/document/8932459): Challenges for PQC in IoT and comparison of the performance of PQC algorithms [[FC20]](../refs#fc20).