this post was submitted on 28 Mar 2024
11 points (100.0% liked)

Programming

17313 readers
37 users here now

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Rules

  • Follow the programming.dev instance rules
  • Keep content related to programming in some way
  • If you're posting long videos try to add in some form of tldr for those who don't want to watch videos

Wormhole

Follow the wormhole through a path of communities [email protected]



founded 1 year ago
MODERATORS
 

Hi, I'm working on a PQC key establishment and authentication protocol. Currently it works like this:

  1. Client and server each generate ECDSA and Dilithium identity keys and share them between each other, with usb for example.
  2. Client sends to the server single-use ECDH public key, single-use Kyber public key, timestamp, ECDSA and Dilithium signature of everything before it.
  3. Server verifies the message using clients identity keys, generates 2 secrets, one from ECDH and one from Kyber and then it uses blake3 kdf to derive a key from both secrets. Then it sends response with single-use ECDH public key, Kyber ciphertext, timestamp, ECDSA and Dilithium signature of everything before it.
  4. Client verifies the message using servers identity keys, and generates 2 secrets, one from ECDH and one from Kyber ciphertext and then it uses blake3 kdf to derive a key from both secrets.

Kyber: kyber1024 ECDH: secp256k1 ECDSA: secp256k1

I will use the key for XChaCha20-blake3 aead. I don't know yet how will I generate and keep track of used/unused nonces.

Building this was interesting and fun, but I want more. How can I improve this key exchange, make it more secure, faster, and smaller? Both messages are huge (6268 bytes), because of Kyber and Dilithium.

Any ideas for what application could be this used?

top 1 comments
sorted by: hot top controversial new old
[–] solrize 1 points 7 months ago

At step 1, you use a secure wired connection. In that case why not just set up a shared secret key? Drop the fancy PQ and PK stuff altogether and use something like DUKPT if you want forward secrecy.