Using Cgo to use post-quantum cryptography library

[Alex Howard]

I really want to use lattice based crypto in my web, application but the only available libraries for it are written in C & Java

Obviously I could (and will) write my own implementation in Go but that means I have to study advanced math for a few months first...

I heard you can link into C libraries with Go, does anyone know if it's possible to link ANY c libraries, and whether linking this is possible:

https://github.com/NTRUOpenSourceProject/ntru-crypto/tree/master/reference-code/C/Encrypt/src

[egon]

The keyword that you should be looking for is "cgo" (http://golang.org/cmd/cgo/, https://code.google.com/p/go-wiki/wiki/cgo), there are examples floating around in the internet. It is useful to examine some other project that uses bindings https://code.google.com/p/go-wiki/wiki/Projects.

+ egon

[egon]

PS. The NTRU is GPL licensed which means when you statically link to it, you need to release your code under GPL as well. Also it contains patents.

Also, I would not be comfortable using that library, I would just use "regular" crypto. Most likely cause for security vulnerability is implementation details/bugs not quantum computers.

+ egon

[Alex Howard]

I don't care about patents whatsoever for a decentralised application but I know Richard Stallman and want to avoid his wrath at all costs, as will be showing him my project so he can kick my ass for the many things that will be wrong with it in his eyes.

Encryption-wise I will be using this as an additional layer of security on top of regular symmetric encryption which I have already implemented. My security consultant advised me to use NTRU.

Thanks for the response, I assume from what you are saying that it is possible to link ANY C library.

[egon]

On Monday, 30 June 2014 16:37:50 UTC+3, Alex Howard wrote:

I don't care about patents whatsoever for a decentralised application but I know Richard Stallman and want to avoid his wrath at all costs, as will be showing him my project so he can kick my ass for the many things that will be wrong with it in his eyes.

Sure, I just mentioned it, it's easy to miss those things; and in some projects it could be important.

 

Encryption-wise I will be using this as an additional layer of security on top of regular symmetric encryption which I have already implemented. My security consultant advised me to use NTRU.

If a good security consultant advised then just disregard my opinion about NTRU. I'm just a little conservative regarding those things.

Thanks for the response, I assume from what you are saying that it is possible to link ANY C library.

"Any" would be probably too liberal, but essentially yes. There might be some modifications that you need, to make it compatible with cgo... but I personally haven't used cgo much, which means I can't say exactly what are the exact boundaries.