When will post quantum resistant HTTPS protocols be a thing? (lemmy.world)

submitted 10 months ago* (last edited 10 months ago) by Asudox@lemmy.world to c/asklemmy@lemmy.ml

24 comments fedilink hide all child comments

Some services are slowly developing post quantum resistant protocols for their services like Signal or Tutanota. When will this be a thing for the web?

you are viewing a single comment's thread
view the rest of the comments

[-] CanadaPlus 7 points 10 months ago

Wouldn't HTTPS automatically support it once TLS does?

[-] Godort@lemm.ee 3 points 10 months ago

It depends if the new encryption methods are compatible with the key exchange mechanism.

[-] Spotlight7573@lemmy.world 1 points 10 months ago

Considering this proposal is used for the key exchange, they definitely need to update both the client side and server side part to be able to make use of it. That's the kind of thing that may take years but luckily it can fall back to older methods.

It also needs to be thoroughly vetted so that's why it's a hybrid approach. If the quantum resistant algorithm turns out to have problems (like some others have), they're still protected by the traditional part like they would have been, with no leaking of all the data.

[-] CanadaPlus 1 points 10 months ago* (last edited 10 months ago)

So how does it work? I guess they exchange keys both ways and then hash them together?

Honestly lattice encryption has been vetted for three decades now. We still can't say for sure P is not NP, but I'm far more worried about someone getting a quantum computer early than a sudden breakthrough on breaking either kind of algorithm.

[-] Spotlight7573@lemmy.world 2 points 10 months ago

Looks like it just concatenates them:

The shared secret is calculated as the concatenation of the X25519 shared secret (32 bytes) and the Kyber768Draft00 shared secret (32 bytes). The resulting shared secret value is 64 bytes in length.

https://www.ietf.org/archive/id/draft-tls-westerbaan-xyber768d00-02.html>

[-] CanadaPlus 1 points 10 months ago* (last edited 10 months ago)

Huh. I guess whatever algorithm comes next is resistant to half of the secret being compromised, then.

Edit: It looks like they concatenate things from the two algorithms a few times in the process, so maybe they figure it would be difficult to isolate a vulnerability assuming either one is strong.

[-] justastranger@sh.itjust.works 1 points 10 months ago

Luckily the majority of websites and Internet traffic go to the three cloud companies

[-] CanadaPlus 1 points 10 months ago* (last edited 10 months ago)

Key exchange works pretty much the same way as with prime/DLP-based algorithms. It's just different math (and more data!) being used.

Source: Math background, I know how the magic works. At least in theory.

this post was submitted on 24 Sep 2023

67 points (97.2% liked)

Asklemmy

43027 readers

1644 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy 🔍

If your post meets the following criteria, it's welcome here!

Open-ended question
Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
Not ad nauseam inducing: please make sure it is a question that would be new to most members
An actual topic of discussion

Looking for support?

Looking for a community?

Lemmyverse: community search
sub.rehab: maps old subreddits to fediverse options, marks official as such
!lemmy411@lemmy.ca: a community for finding communities

~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~

founded 5 years ago

MODERATORS