Hello :) I'd like to share some algorithms that we'll need for the next revision of OpenPGP and the upcoming PQC algorithms for OpenPGP, just to give you an early heads up because I know that implementing these things correctly takes a lot of time and effort, and we don't have the expertise to contribute the implementations, so we need your help to get there.
The revision of OpenPGP is currently in IETF last call, and we expect it to be published in its final form in the next two to six months or so. In terms of algorithms Nettle supports everything except for Argon2 (which would indeed be nice to get from Nettle) and the Brainpool curves (which are more in the nice to have category, as these are more of a regulatory requirement, and those who need that may want to reach for Botan which is sanctioned by the BSI). For reference, you can find the draft here: https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/ For the PQC in OpenPGP we'll need KMAC256, ML-KEM (derived from Kyber), ML-DSA (derived from Dilithium), and SLH-DSA (derived from SPHINCS+). Of those, ML-KEM and ML-DSA are going to be mandatory-to-implement, and SLH-DSA is a SHOULD. Now, the PQC algorithms are still not finalized by NIST, but this is the set of algorithms we settled on (and this is aligned with what other protocols, like x509/CMS, will do). Maybe a good next step would be to provide KMAC, which AIUI can be built on top of cSHAKE (which I don't think Nettle exposes, so we cannot build that on top of current Nettle). For reference, you can find the draft here: https://datatracker.ietf.org/doc/draft-wussler-openpgp-pqc/ Best, Justus
signature.asc
Description: PGP signature
_______________________________________________ nettle-bugs mailing list -- nettle-bugs@lists.lysator.liu.se To unsubscribe send an email to nettle-bugs-le...@lists.lysator.liu.se
