think-do-tank
Published in

think-do-tank

Quantum-Proof Cryptography made easy with Zenroom

Whether or not the “Post-Quantum Encryptogeddon” is actually coming, it might be good to boost your defenses. Here is how.

An image of a microchip with the text “Quantum Computers  —  Ruining encryption since 2014”
All our work on quantum proof safety has been kindly supported by NLNet Foundation and the NGI Assure project.

It is best to start using Quantum-Proof Cryptography as soon as possible! And of course, our crypto software “Zenroom” already does this.

Now let’s dive into Zenroom’s Quantum-Proof features!

Signature

Create a private key

  • In the given phase you declare who you are, so feel free to substitute “Alice” with your name, but make sure to remember it for later.
  • In the when phase, you compute the Dilithium private key that is saved in your keyring.
  • In the then phase you simply print your keyring.

Generate the public key

  • In the Given phase, firstly state who you are and secondly upload your Keyring. If you are using your keyring, change “Alice” with the name used in the previous script.
  • In the When phase the dilithium public key is computed.
  • In the Then phase the dilithium public key is printed.

Sign a message

  • In the given phase you state who you are, then upload your keyring and finally upload the message to be signed. If you are using your keyring, change “Alice” with the name used in the first script.
  • In the when phase the dilithium signautre of the message is computed.
  • In the then phase the dilithium signature and the message are printed.

Verify the signature

  • In the Given phase you upload the signer’s dilithum public key, the message and the dilithium signature. If you have changed “Alice” with your name in the previous steps, then do the same here.
  • In the When phase Alice’s dilithium signature of the message is verified. If you are using a different name, substitute “Alice” with the name you are using here as well.
  • In the Then phase, if the verification succeeded, the string “Verification_of_Dilithium_signature_succeeded!” will be printed.

Key encapsulation mechanism

Create the private and public key

Create the KEM

  • In the given phase you upload Alice’s kyber public key.
  • In the when phase the Kyber pair {Shared-Secret, Ciphertext} is computed and saved under the names kyber secret and kyber ciphertext and grouped inside a dictionary named kyber kem.
  • In the then phase the kyber secret and the kyber ciphertext are printed.

Retrieve the secret

  • In the given phase, declare who you are, upload your keyring, the kyber ciphertext and the kyber secret computed by Bob in the previous step.
  • In the when phase the kyber secret is retrieved from the kyber ciphertext and a check is performed to see if it matches the secret computed by Bob.
  • In the then phase the kyber secret is printed.

Benchmarks

Sizes of private and public keys in bytes.

Signature

Time (µs) and memory (B) consumed by Dilithium2 and ECDSA, computing the private and the public keys.
Time (µs) and memory (B) consumed by Dilithium2 and ECDSA singature and verification.

Key Encapsulation Mechansim

Time (µs) and memory (B) consumed by ECDH, Kyber512 and Streamlined NTRU Prime computing the private and public keys.
Time (µs) and memory (B) consumed by ECDH, Kyber512 and Streamlined NTRU Prime encapsulation/encryption and decryption.

Conclusion

Credits:

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store