View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0011526 | GNUnet | transport service | public | 2026-06-17 11:41 | 2026-06-22 17:30 |
| Reporter | schanzen | Assigned To | |||
| Priority | normal | Severity | minor | Reproducibility | have not tried |
| Status | new | Resolution | open | ||
| Target Version | 1.0.0 | ||||
| Summary | 0011526: PQ-secure TCP/UDP encryption | ||||
| Description | We must update our crypto. In order to stay true to the steganographic noise requirement (Elligator) we could use a KEM combiner that uses a PQKEM which has ciphertexts that are indistinguishabled from noise. The choices are: ML-KEM (the compressed ciphertext is still kind of distinguishable) NTRU-HRSS FrodoKEM FrodoKEM ciphertexts are much larger (10-15x), but it is more common. PQclear implements both. | ||||
| Tags | No tags attached. | ||||
|
|
Probably sntrup is better than NTRU-HRSS |
|
|
Actually we may also have the option of using https://www.ietf.org/archive/id/draft-veitch-kemeleon-00.html with ML-KEM. ECC is pretty much set to X25519. So we need to decide on the combiner, and the PQ algorithm taking into accoutn KEM ciphertext size (we have a limitation on UDP datagram size). The ML-KEM ciphertext is 1,088 bytes. Sntrup are slightly smaller. Combiner options: - X-Wing - Chempat (https://www.ietf.org/archive/id/draft-josefsson-chempat-04.html) PQ KEM: - sntrup - ML-KEM libsodium already implements X-Wing with ML-KEM-768 and X25519. Both w/e Elligator and Kemeleon. Still, it may be possible to retrofit this somehow. Sntrup would have to be vendored (e.g. from OpenSSH, which ships a single C source file). Implementing Chempat is trivial I believe, but only really necessary if we want a generic combiner. |
|
|
As long as we use hybrids, we can encrypt the T KEM ciphertext with the key from the PQ KEM in order to make it look random That is called OEINC https://eprint.iacr.org/2025/408.pdf |
|
|
We may want an obfuscating hybrid KEM (OKEM) and a regular hybrid KEM in our APIs depending on layer/use case. |
|
|
We probably want to combine this in a communicator with https://github.com/Yawning/obfs4/blob/master/doc/obfs4-spec.txt / https://github.com/NullHypothesis/scramblesuit/blob/master/doc/scramblesuit-spec.txt but the OKEM is the first step. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2026-06-17 11:41 | schanzen | New Issue | |
| 2026-06-17 11:43 | schanzen | Relationship added | child of 0011527 |
| 2026-06-17 12:01 | schanzen | Note Added: 0028924 | |
| 2026-06-20 12:26 | schanzen | Note Added: 0028947 | |
| 2026-06-22 10:29 | schanzen | Note Added: 0028953 | |
| 2026-06-22 10:55 | schanzen | Note Edited: 0028953 | |
| 2026-06-22 14:22 | schanzen | Note Edited: 0028953 | |
| 2026-06-22 14:23 | schanzen | Note Added: 0028956 | |
| 2026-06-22 17:30 | schanzen | Note Added: 0028961 |
