In anticipation of wide-spread quantum computing, we must start the transition from classical public-key cryptography primitives to post-quantum (PQ) alternatives.
PQ cryptography, like the rest of cryptography, includes many cryptosystems that can be used for communications in today’s Internet; Alice and Bob need to perform some computation, but they do not need to buy new hardware to do that.
Cloudflare, motivated to help build the Internet of tomorrow with the tools at hand today, releases the source code of a cryptographic library: a collection of cryptographic primitives written in Go, called CIRCL (Cloudflare Interoperable Reusable Cryptographic Library). This library includes a set of packages that target cryptographic algorithms for post-quantum (PQ), elliptic curve cryptography, and hash functions for prime groups. Cloudflare interest is in cryptographic techniques that can be integrated into existing protocols and widely deployed on the Internet as seamlessly as possible.
CIRCL contains SIKE (Supersingular Isogeny-based Key Encapsulation), one of the candidates in NIST post-quantum “competition”. SIKE is interesting because the key sizes produced by this algorithm is relatively small (comparing with other PQ schemes). Bob can generate SIKE keys, upload the public part somewhere in the Internet and then anybody can use it whenever he wants to communicate with Bob securely.
CIRCL makes playing with PQ key agreement very easy. The SIKE interface can be used to establish a shared secret between two parties for use in symmetric encryption. Alice generates a random secret key, and then uses Bob’s pre-generated public key to encrypt (encapsulate) it. The resulting ciphertext is sent to Bob. Then, Bob uses his private key to decrypt (decapsulate) the ciphertext and retrieve the secret key.