wolfSSL, in partnership with Security Innovation, has added support for the proposed “Quantum-safe hybrid” ciphersuite. Having this cipher suite supported in the wolfSSL embedded TLS library allows two parties to use any existing ciphersuite and “quantum-safe” any traffic protected by that ciphersuite. This means that an attacker who records the traffic and later develops a quantum computer cannot go back and crack the session.
The super-fast NTRU algorithm, featuring efficient key generation, encryption, and decryption, is a quantum computer resistant algorithm currently being used with the quantum-safe ciphersuite. By using a one-time NTRU key to encrypt extra secret material, the handshake allows users to continue using their existing ciphersuites (which may be necessary for certificate support or because they have regulations that require it) while at the same time benefiting from the true long-term security that NTRU gives. Because NTRU is fast, the additional processing load from the use of this ciphersuite is low. The ciphersuite is provably as secure as classical ciphersuites. Users can use it without concern that it is reducing their security, making this genuinely a zero-risk, near-zero-cost approach to obtaining protection against government or other actors, now and in the future.
“We`re excited to continue our partnership with wolfSSL and applaud wolfSSL`s vision in being first to market with this innovative, future-proof approach,” said William Whyte, Chief Scientist at Security Innovation. “wolfSSL has a name for being best in the field for embedded devices; with this approach, WolfSSL is enabling their customers to protect data on any device, not just now but for years to come.”
To view and use the quantum safe handshake extensions first download and install NTRU (which an Open Source version can be found at https://github.com/NTRUOpenSourceProject/ntru-crypto) then download the most recent wolfSSL from GitHub ( https://github.com/wolfSSL/wolfssl ) and compile using ./configure –with-ntru. The QSH ciphersuite specification will be available from the IETF website the week of July 19th. A security proof for the approach is provided in https://eprint.iacr.org/2015/287.
For more information about the implementation or use contact wolfSSL at facts@wolfssl.com