View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0011526 | GNUnet | transport service | public | 2026-06-17 11:41 | 2026-06-20 12:26 |
| Reporter | schanzen | Assigned To | |||
| Priority | normal | Severity | minor | Reproducibility | have not tried |
| Status | new | Resolution | open | ||
| Target Version | 1.0.0 | ||||
| Summary | 0011526: PQ-secure TCP/UDP encryption | ||||
| Description | We must update our crypto. In order to stay true to the steganographic noise requirement (Elligator) we could use a KEM combiner that uses a PQKEM which has ciphertexts that are indistinguishabled from noise. The choices are: ML-KEM (the compressed ciphertext is still kind of distinguishable) NTRU-HRSS FrodoKEM FrodoKEM ciphertexts are much larger (10-15x), but it is more common. PQclear implements both. | ||||
| Tags | No tags attached. | ||||
|
|
Probably sntrup is better than NTRU-HRSS |
|
|
Actually we may also have the option of using https://www.ietf.org/archive/id/draft-veitch-kemeleon-00.html with ML-KEM. ECC is pretty much set to X25519. So we need to decide on the combiner, and the PQ algorithm taking into accoutn KEM ciphertext size (we have a limitation on UDP datagram size). The ML-KEM ciphertext is 1,088 bytes. Sntrup are slightly smaller. Combiner options: - X-Wing - Chempat (https://www.ietf.org/archive/id/draft-josefsson-chempat-04.html) PQ KEM: - sntrup - ML-KEM libsodium already implements X-Wing with ML-KEM-768 and X25519. Both w/e Elligator and Kemeleon. Still, it may be possible to retrofit this somehow. Sntrup would have to be vendored (e.g. from OpenSSH, which ships a single C source file). Implementing Chempat is trivial I believe, but only really necessary if we want a generic combiner. |
