Hi, we'd like to inform the IPsecme mailing list that version 5.5.1 of the strongSwan open source IKE daemon
https://www.strongswan.org/ implements the lattice-based NewHope key exchange algorithm proposed by Erdem Alkim, Léo Ducas, Thomas Pöppelmann and Peter Schwabe in their 2015 paper "Post-quantum key exchange – a new hope" https://eprint.iacr.org/2015/1092.pdf NewHope is already being used by Google's experimental Canary Chrome browser in combination with a Curve25519 ECDH key exchange. strongSwan implements an experimental NewHope key exchange only and has assigned the DH group 1040 from the private-use range to the algorithm. The following all-out quantum-resistant IKEv2 example scenario uses AES encryption with a 256 bit symmetric key, a NewHope key exchange and a BLISS signature, both with a post-quantum cryptographic strength of 128 bits: https://www.strongswan.org/testing/testresults/swanctl/rw-newhope-bliss/ The NewHope key exchange is a direct replacement for a traditional Diffie-Hellman exchange, the only drawback being that the IKE_SA_INIT request/response messages will have a size of about 2000-2500 bytes and thus with a typical MTU of 1500 bytes will get fragmented as the following IKEv2 daemon log shows https://www.strongswan.org/testing/testresults/swanctl/rw-newhope-bliss/carol.daemon.log Lattice-based BLISS signatures and certificates are even larger, leading to IKE_AUTH request/response messages with a size between 3200-4000 bytes but with IKEv2 fragmentation in place they do not pose any problems. Best regards Andreas Steffen BTW - As soon as the Safecurves RFC number will be known, a strongSwan version with Curve25519 support will be released. ====================================================================== Andreas Steffen [email protected] strongSwan - the Open Source VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]==
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
