Hi Scott, an NTRU Encryption-based IKEv2 key exchange is actually what the strongSwan open source VPN software has been offering with the ntru plugin for more than a year:
https://wiki.strongswan.org/projects/strongswan/wiki/NTRU For the four security strengths of 112, 128, 192 and 256 bits strongSwan is using the private-use DH groups 1030..1033 in conjunction with the strongSwan Vendor ID. If you combine the NTRU key exchange with lattice-based BLISS signatures in the AUTH payload https://wiki.strongswan.org/projects/strongswan/wiki/BLISS than you arrive at a 100% Quantum Resistant IKEv2 protocol without the use of any PSKs. So the future has already arrived ;-) Best regards Andreas On 08/20/2015 04:26 PM, Scott Fluhrer (sfluhrer) wrote: > > > I believe that there is an easier alternative; the problem is that > IKEv2 is relying on the security of the (EC)DH exchange, and that is > breakable with a Quantum Computer. A cleaner approach would be to > replace the DH exchange with something that does the same > functionality, but in a Quantum Resistant manner. NTRU (using an > ephemeral key) can do precisely this (and performs quickly enough, > and with small enough KE payloads not to cause fragmentation); we > could negotiate NTRU as "yet another 'DH group'". That way, we don't > need to have this as a separate option to be negotiated. ====================================================================== Andreas Steffen [email protected] strongSwan - the Open Source VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
