Re: For your consideration: post-quantum cryptography support for libssh

[Brian Mcqueen <bmcqueen@xxxxxxxxxxxx>]

I'm not an owner, nor a contributor, but I'm a user, and I think it would be wise to consider this.  Thanks for working on it.

B

From: Kevin Kane <kkane@xxxxxxxxxxxxx>
Date: Monday, May 10, 2021 at 8:36 AM
To: libssh@xxxxxxxxxx <libssh@xxxxxxxxxx>
Subject: RE: For your consideration: post-quantum cryptography support for libssh
Hello again all,

I’m passing this before your eyes once more to see if there’s any interest in this work here. Please take a look over the below and let me know your thoughts. Thanks!

From: Kevin Kane <kkane@xxxxxxxxxxxxx>
Sent: Tuesday, April 13, 2021 11:42 AM
To: libssh@xxxxxxxxxx
Subject: For your consideration: post-quantum cryptography support for libssh

Hello libssh community,

I’m from the Security and Cryptography team at Microsoft Research, which is leading Microsoft’s efforts in post-quantum cryptography (https://aka.ms/pqcrypto<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Faka.ms%2Fpqcrypto&data=04%7C01%7Cbmcqueen%40linkedin.com%7C5a03f6a8d5164d278e2b08d913c96fe6%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637562578162923146%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=wTRWYm8F%2BsDKItutsvdRxB5zEul84dKBJORqEzA9kpI%3D&reserved=0>). For those of you unaware of it, post-quantum cryptography is cryptography used by classical computers, but for which no known attack by quantum computers exists. Such attacks are known to exist for classical asymmetric algorithms like RSA and elliptic curve cryptography, which become fatally broken if a large enough quantum computer is ever successfully built. We very much hope to complete a standard and have implementations out and in use before that happens!

Our team has submitted algorithms for consideration to NIST’s Post-Quantum Cryptography standardization process (https://csrc.nist.gov/projects/post-quantum-cryptography<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcsrc.nist.gov%2Fprojects%2Fpost-quantum-cryptography&data=04%7C01%7Cbmcqueen%40linkedin.com%7C5a03f6a8d5164d278e2b08d913c96fe6%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637562578162933141%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=P6MCY8Uf6lj4tSqXsoN0ecoy7ol3qU4Te5lQlbNvedM%3D&reserved=0>) and also in collaboration with the Open Quantum Safe project (https://openquantumsafe.org/<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fopenquantumsafe.org%2F&data=04%7C01%7Cbmcqueen%40linkedin.com%7C5a03f6a8d5164d278e2b08d913c96fe6%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637562578162943140%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=%2F2lSd91Sx0Tm2Vkzq7V5ntn338Ur%2F%2BQCcrspZhy2Svw%3D&reserved=0>), have brought together a library that contains the code for most of the candidate algorithms (https://github.com/open-quantum-safe/liboqs<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fopen-quantum-safe%2Fliboqs&data=04%7C01%7Cbmcqueen%40linkedin.com%7C5a03f6a8d5164d278e2b08d913c96fe6%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637562578162943140%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=4S%2BQ5lSDpJgNfzzEDefTmHfpcX2Ju%2FkDOkSChBm10uE%3D&reserved=0>) as well as a fork of OpenSSH that uses the algorithms from the library for key exchange, user key authentication, and host key authentication (https://github.com/open-quantum-safe/openssh<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fopen-quantum-safe%2Fopenssh&data=04%7C01%7Cbmcqueen%40linkedin.com%7C5a03f6a8d5164d278e2b08d913c96fe6%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637562578162953130%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=9rutgsxLPsKZqEedsyaNvOSqB%2FoxAfX3rrs0cAY14XQ%3D&reserved=0>).

These algorithms are still experimental, though at this point we are in round 3 and the remaining candidates have undergone considerable scrutiny. We hope for a standard from NIST later this year. In advance of that, though, we feel it’s important to get them out there into the developer community, so people can start using these algorithms, in preparation for the eventual transition to them.

To provide another implementation of the SSH protocol using post-quantum cryptography, I’ve extended libssh to provide the same support to use the algorithms in liboqs, and achieve parity and interoperability with the fork of OpenSSH. I’m writing to gauge your interest in this work and get some feedback, and so I’ve put up a merge request so you can take a look. I’ve built it so that it’s entirely opt-in, and requires particular CMake flags in order to activate, so the regular build is unchanged. This should certainly be considered work-in-progress.

I’ve squashed all the work into a single commit for the purposes of the merge request, which you can look at here: WIP: Add support for post-quantum and hybrid key exchange and digital signature algorithms (!169) · Merge requests · libssh project / libssh-mirror · GitLab<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgitlab.com%2Flibssh%2Flibssh-mirror%2F-%2Fmerge_requests%2F169&data=04%7C01%7Cbmcqueen%40linkedin.com%7C5a03f6a8d5164d278e2b08d913c96fe6%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637562578162963124%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=fLykGb19IZELb8oSv8H9FSNfmJ9fu%2BV7lkqHtptBl%2F0%3D&reserved=0>

But I’ve also pushed the branch I was working on as I went, which has about twenty commits, if you want to look at it in smaller chunks: Files · pqcrypto-unsquashed · Kevin Kane / libssh-mirror · GitLab<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgitlab.com%2Fkevinmkane%2Flibssh-mirror%2F-%2Ftree%2Fpqcrypto-unsquashed&data=04%7C01%7Cbmcqueen%40linkedin.com%7C5a03f6a8d5164d278e2b08d913c96fe6%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637562578162963124%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=g6YixeKD90jWoDYME9Pk2asMAGRPNv%2F523kzisMUS%2BM%3D&reserved=0>

There is a README.oqs in the root directory that has build instructions, and is where I recommend starting: https://gitlab.com/kevinmkane/libssh-mirror/-/raw/pqcrypto/README.oqs<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgitlab.com%2Fkevinmkane%2Flibssh-mirror%2F-%2Fraw%2Fpqcrypto%2FREADME.oqs&data=04%7C01%7Cbmcqueen%40linkedin.com%7C5a03f6a8d5164d278e2b08d913c96fe6%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637562578162973121%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=GkotJa4nWQsZYgLog2lh4MkK3QFEZS%2BpWHXKWksRjgY%3D&reserved=0>

Please take a look, and let me know your thoughts and feedback. Thanks!

Kevin M. Kane, Ph.D.
Principal Software Engineer
Security and Cryptography
Microsoft Research

https://aka.ms/kkane/<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Faka.ms%2Fkkane%2F&data=04%7C01%7Cbmcqueen%40linkedin.com%7C5a03f6a8d5164d278e2b08d913c96fe6%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637562578162973121%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=bRydZbhT6FZVwSjX2trHpFWSKT1wocsWrr8TJALqgpE%3D&reserved=0>
kkane@xxxxxxxxxxxxx<mailto:kkane@xxxxxxxxxxxxx>

[MSFT_logo_Gray DE sized SIG1.png]