科技回声

11 条评论

tgkudelski超过 1 年前

Hello from Kudelski Security. This is super timely, because we recently had to discontinue one of the other only existing Go libraries for quantum-resistant cryptography in Go! Full story at <a href="https://research.kudelskisecurity.com/2024/02/01/the-kyberslash-vulnerability-and-the-crystals-go-library-a-retrospective-story/" rel="nofollow">https://research.kudelskisecurity.com/2024/02/01/the-kybersl...</a>

评论 #39217993 未加载

hattmall超过 1 年前

So what is the actual state of Quantum computing in regards to the level that would make something like this necessary?Is it become like AI where instead of actually coming into existence the definition is mostly just changing to bring forth a new product under a previously existing name?

评论 #39216701 未加载

评论 #39216682 未加载

评论 #39216678 未加载

评论 #39215943 未加载

评论 #39219112 未加载

评论 #39215997 未加载

评论 #39218225 未加载

teleforce超过 1 年前

Perhaps relevant to the discussions is this friendly book on crypto systems implementation in the latest version of Go by John Arundel. Inside the last section there is a passing mention on post quantum crypto. Perhaps if John can update the book later with this library once the NIST PQ is standardized.Explore Go: Cryptography (Go 1.22 edition):<a href="https://bitfieldconsulting.com/books/crypto" rel="nofollow">https://bitfieldconsulting.com/books/crypto</a>

bennettnate5超过 1 年前

Correct me if I'm wrong, but if it's written in pure Go, wouldn't that make it susceptible to timing/power side channel attacks?

评论 #39216741 未加载

评论 #39215655 未加载

评论 #39218216 未加载

mooreds超过 1 年前

Anyone aware of such implementations for other languages (java, c#, etc)?

评论 #39215192 未加载

评论 #39216628 未加载

tux3超过 1 年前

Neat that it can also work as draft00/kyber v3 =)How hard would it be to support a fast Kyber 90's mode, without SHA-3? (I suppose you would have to break the abstraction for that one).

评论 #39215626 未加载

mauricesvp超过 1 年前

Unrelated, but c'mon Filo, the 32 bit syscall table is still 'coming soon' :')

评论 #39218594 未加载

gnfargbl超过 1 年前

I have no ability to judge the quality of this algorithm or implementation, but I do thoroughly approve of the usage of unicode in variable names:<pre><code> ρ, σ := G[:32], G[32:] </code></pre> Somehow much better than seeing "rho", "sigma".

评论 #39215950 未加载

评论 #39215940 未加载

评论 #39216178 未加载

评论 #39216519 未加载

vbezhenar超过 1 年前

The same guy that brought us <a href="https://github.com/FiloSottile/age">https://github.com/FiloSottile/age</a>I really like this tool.

评论 #39216409 未加载

评论 #39216925 未加载

评论 #39216526 未加载

评论 #39216132 未加载

dorianmariefr超过 1 年前

Spec: <a href="https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.203.ipd.pdf" rel="nofollow">https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.203.ipd.pdf</a> (linked from the article)

评论 #39215440 未加载

lopkeny12ko超过 1 年前

Whatever happened to "don't roll your own crypto"? Isn't this work best left to OpenSSL for example.

评论 #39217008 未加载

评论 #39217007 未加载

评论 #39216997 未加载

评论 #39220224 未加载

评论 #39217193 未加载

评论 #39217222 未加载

评论 #39218627 未加载

评论 #39216996 未加载

11 条评论

tgkudelski超过 1 年前

评论 #39217993 未加载

hattmall超过 1 年前

评论 #39216701 未加载

评论 #39216682 未加载

评论 #39216678 未加载

评论 #39215943 未加载

评论 #39219112 未加载

评论 #39215997 未加载

评论 #39218225 未加载

teleforce超过 1 年前

bennettnate5超过 1 年前

Correct me if I'm wrong, but if it's written in pure Go, wouldn't that make it susceptible to timing/power side channel attacks?

评论 #39216741 未加载

评论 #39215655 未加载

评论 #39218216 未加载

mooreds超过 1 年前

Anyone aware of such implementations for other languages (java, c#, etc)?

评论 #39215192 未加载

评论 #39216628 未加载

tux3超过 1 年前

Neat that it can also work as draft00/kyber v3 =)How hard would it be to support a fast Kyber 90's mode, without SHA-3? (I suppose you would have to break the abstraction for that one).

评论 #39215626 未加载

mauricesvp超过 1 年前

Unrelated, but c'mon Filo, the 32 bit syscall table is still 'coming soon' :')

评论 #39218594 未加载

gnfargbl超过 1 年前

评论 #39215950 未加载

评论 #39215940 未加载

评论 #39216178 未加载

评论 #39216519 未加载

vbezhenar超过 1 年前

The same guy that brought us <a href="https://github.com/FiloSottile/age">https://github.com/FiloSottile/age</a>I really like this tool.

评论 #39216409 未加载

评论 #39216925 未加载

评论 #39216526 未加载

评论 #39216132 未加载

dorianmariefr超过 1 年前

Spec: <a href="https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.203.ipd.pdf" rel="nofollow">https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.203.ipd.pdf</a> (linked from the article)

评论 #39215440 未加载

lopkeny12ko超过 1 年前

Whatever happened to "don't roll your own crypto"? Isn't this work best left to OpenSSL for example.

Show HN: filippo.io/mlkem768 – Post-Quantum Cryptography for the Go Ecosystem

11 条评论

Show HN: filippo.io/mlkem768 – Post-Quantum Cryptography for the Go Ecosystem

11 条评论