Post Quantum cryptography in Golang

[D P]

Hi Golang devs,

When would NIST standardized post quantum cryptography schemes (Falcon, Dilithium, Kyber) be implemented into Golang natively? Is there a timeline for this. 

https://csrc.nist.gov/Projects/post-quantum-cryptography/selected-algorithms-2022

[Filippo Valsorda]

Hello,

We're experimenting with Kyber, as KEMs are the most urgent concern to protect against collect-now-decrypt-later attacks. It's unlikely we'll expose an API in the standard library before NIST produces a final specification, but we might enable draft hybrid key exchanges in crypto/tls in the meantime, maybe behind a GOEXPERIMENT flag.

I have no precise timeline for this.

[D P]

Thanks for the info Filippo.

The NIST draft specifications have been made available yesterday.

1. FIPS 203, Module-Lattice-Based Key-Encapsulation Mechanism Standard  (Kyber)
2. FIPS 204, Module-Lattice-Based Digital Signature Standard  (Dilithium)
3. FIPS 205, Stateless Hash-Based Digital Signature Standard  (SPHINCS+)

[Rob Pike]

Surely the phrase should be post-non-quantum?

-rob

--
You received this message because you are subscribed to the Google Groups "golang-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to golang-dev+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/golang-dev/476ca8f8-315f-43da-99b4-a6b4a96900acn%40googlegroups.com.

[D P]

Dear Filippo,

>>>but we might enable draft hybrid key exchanges in crypto/tls in the meantime, maybe behind a GOEXPERIMENT flag.

Could you please share some timeline when this experimental hybrid mode will be available? We have an use-case for hybrid mode, but prefer something that comes with golang (even if under experimental flag), instead of building ourselves.

On Friday, August 18, 2023 at 10:59:15 PM UTC-7 Filippo Valsorda wrote:

[D P]

Hi community, 

The NIST official PQC FIPS standards were released about 2 weeks ago. When can we expect a production grade version of GOLANG that conforms to these standards?

https://www.federalregister.gov/documents/2024/08/14/2024-17956/announcing-issuance-of-federal-information-processing-standards-fips-fips-203-module-lattice-based

[Jason Aten]

I have not used it, but CloudFlare has done some post quantum work in Go: https://github.com/cloudflare/circl

[Russ Cox]

On Sun, Aug 25, 2024 at 12:45 PM D P <dogepr...@gmail.com> wrote:

Hi community, 

The NIST official PQC FIPS standards were released about 2 weeks ago. When can we expect a production grade version of GOLANG that conforms to these standards?

https://www.federalregister.gov/documents/2024/08/14/2024-17956/announcing-issuance-of-federal-information-processing-standards-fips-fips-203-module-lattice-based

A year ago Filippo wrote back to you saying:

> We're experimenting with Kyber, as KEMs are the most urgent concern to protect against collect-now-decrypt-later attacks. It's unlikely we'll expose an API in the standard library before NIST produces a final specification, but we might enable draft hybrid key exchanges in crypto/tls in the meantime, maybe behind a GOEXPERIMENT flag.

That happened. Go 1.23, released a couple weeks ago, includes a production Kyber implementation that is enabled by default in crypto/tls. Quoting the release notes:

> The experimental post-quantum key exchange mechanism X25519Kyber768Draft00 is now enabled by default when Config.CurvePreferences is nil. The default can be reverted by adding tlskyber=0 to the GODEBUG environment variable.

Best,

Russ

 

[D P]

Thanks for the info. We are looking for ML-DSA and SLH-DSA implementations of the final NIST standards as well.

[Jason E. Aten]

On Monday, September 2, 2024 at 8:04:45 PM UTC+1 D P wrote:

Thanks for the info. We are looking for ML-DSA and SLH-DSA implementations of the final NIST standards as well.

While these are not official Google or Go-team blessed implementations that you are asking for, there are some resources available today.

It appears that ML-DSA in CIRCL (from Cloudflare) is just waiting for someone to publish complete test vectors before merging. If this is blocking for you, then perhaps you could contribute to that effort and get it across the finish line. If it is not blocking, then you might find merging the existing pull/480 Pull Request into your own fork of use.

See https://github.com/cloudflare/circl/pull/480  ; also

https://github.com/cloudflare/circl/issues/473 may be worth watching.

That ML-DSA implementation is by Dr. Bas Westerbaan https://bas.westerbaan.name/ of the SPHINCS⁺ team and Cloudflare.

For SLH-DSA, which is based on SPHINCS+, see

https://sphincs.org/software.html  which points to

https://github.com/kasperdi/SPHINCSPLUS-golang

; and example use can be viewed: https://asecuritysite.com/golang/sp

Since the above claims to implement v3, see the last page of the standard, https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.205.pdf for a description of the changes between v3 and v3.1 which FIPS205 is based on. It would be appear to be a small amount of work to update that repo to the final standard.

[Q C (QC)]

Thanks, we are already using pqclean implementations, but were looking for a production ready native way in GoLang. 

It's great that PQ KEM is supported in GoLang 1.24. Would PQ DSA algorithms be supported in GoLang 1.25 (or any tentative release plans?)