The articles regarding Post Quantum Cryptography (PQC) are special as I cannot provide running implementations "cross platform wide" because the libraries for the new algorithms are not widely available (e.g. like for Libsodium or JWT) or need a lot of additional work to get them run.
Instead I'm concentrating on selected algorithms and frameworks to show how the "new world of cryptography" looks like. That may sound pompous but after reading this article you may think as me.
Before we are going into details I give a short overview about the general theme.
Wikipedia gives a short explanation: "Computers that perform quantum computations are known as quantum computers." That sounds harmless but as they get a result on a formula for all inputs it sound possible that a quantum computer is been able to factorize large prime numbers or solve the elliptic curve discrete logarithm problem.
That means in fact: all cryptographic functions that use RSA- or Elliptic Curve-based algorithms may become UNSECURE at the moment a QC is on the market.
There are several algorithms on the market that propose to be quantum computer safe but I recommend to have a close look to a running competition that is held by the National Institute of Standards and Technology (NIST). In 2017 they started a "Call for Proposals" and actually (March 2021) we are in round 3 of the selection process. In the end they will propose one or two "winner algorithms" that will become the de facto standard algorithms (like "AES" some years before). The website NIST Post-Quantum Cryptography PQC Round 3 Submissions informs you about the algorithms that are in the final round.
A general and platform-wide availability of the algorithms will be given when the winners are named (for e.g. the well known Bouncy Castle cryptographic library [version 1.68] does not cover most of the final candidates).
The following table just gives a very shortened overview and I strongly recommend that you do a self study.
| Purpose | algorithm | safe before QC | safe after QC | some informations |
|---|---|---|---|---|
| hashing | MD5 | ❌ | ❌ | the algorithm is broken so do not use it |
| hashing | SHA-1 | ❌ | ❌ | the algorithm was broken in one case so do not use it |
| hashing | SHA-256 | ✅ | ✅ | better use SHA3-256 |
| symmetric encryption | DES | ❌ | ❌ | the algorithm is deprecated so do not use it |
| symmetric encryption | TDES | ❌ | ❌ | the algorithm is deprecated in next future so do not use it |
| symmetric encryption | AES 128 | ✅ | ❌ | the algorithm will get unsecure with QC so change to AES 256 |
| symmetric encryption | AES 256 | ✅ | ✅ | the usage of HMAC secured mode like GCM is recommended |
| symmetric encryption | ChaCha20 | ✅ | ❓ | no information available |
| symmetric encryption | XSalsa20 stream cipher | ✅ | ❓ | no information available |
| signature | RSA PKCS#1.5 padding | ✅ | ❌ | as the signature is deterministic better use RSA PSS padding |
| signature | RSA PSS padding | ✅ | ❌ | the signature will get broken with QC |
| signature | ECDSA | ✅ | ❌ | the signature will get broken with QC |
| signature | Ed25519 curve | ✅ | ❓ | no information available |
| signature | CRYSTALS-DILITHIUM | ✅ | ✅ | NIST round 3 candidate |
| signature | FALCON | ✅ | ✅ | NIST round 3 candidate |
| signature | Rainbow | ✅ | ✅ | NIST round 3 candidate |
| public key encryption | RSA PKCS#1.5 padding | ✅ | ❌ | as the signature is deterministic better use RSA PSS padding |
| public key encryption | RSA OAEP padding | ✅ | ❌ | the signature will get broken with QC |
| public key encryption | ECIES | ✅ | ❌ | the signature will get broken with QC |
| public key encryption | Classic McEliece | ✅ | ✅ | NIST round 3 candidate |
| public key encryption | NTRU | ✅ | ✅ | NIST round 3 candidate |
| public key encryption | SABER | ✅ | ✅ | NIST round 3 candidate |
| key exchange (KEM) | Diffie-Hellman RSA | ✅ | ❌ | the KEM will get broken with QC |
| key exchange (KEM) | Diffie-Hellman EC | ✅ | ❌ | the KEM will get broken with QC |
| key exchange (KEM) | X25519 curve | ✅ | ❓ | no information available |
| key exchange (KEM) | CRYSTALS-KYBER | ✅ | ✅ | NIST round 3 candidate |
| key exchange (KEM) | Sike | ✅ | ✅ | NIST round 3 candidate |
For all of them you find an online running implementation - take them as a case study. Keep in mind that I could not check the correctness of the algorithms and results so please do not rely on the programs.
If you are looking for a cross-platform library that is capable of all round 3 candidates then I'm recommending to visit the Open Quantum Safe (OQS) project and the GitHub repository https://github.com/open-quantum-safe. The libraries could be perfect for my Cross platform cryptography project but unfortunately they do not provide any libraries in compiled form. My limited resources did not allow me to investigate in the compiling and binding technology so I have to leave out this great opportunity.
Update: In the meantime I could get the Open Quantum Safe library with Java binding running so I'm been able to provide some (rough) information - kindly visit the page Post Quantum Cryptography (PQC) with library Liboqs overview.
Last update: Mar. 19th 2021
Back to the main page: readme.md