Happy New Year!
I'm focusing on PQ migration from an engineer's point of view and I just got stuck on experimenting with PQ in Golang, in crypto/x509 package to be precise.
After some iterations of thinking how to PQ-ize existing applications written in Go using x509 package, I got into a stage where I would like to create my own crypto package fork. Then I remember "hey, Cloudflare already did something like that".
My goal is to have a Go source, that:
- Has PQ-capable x509 package.
- Here I'm talking mostly about ML-DSA or pure Dilithium algorithms
- I see that hybrid modes are already implemented (PureEdDilithium?), but I would like to also do pure PQ
- I see that ML-DSA is already implemented in CIRCL. Is this fork outdated?
- PQ-TLS capabilities are good to have
- I see that it is already implemented
- Maybe some crypto-agility?
- I started a discussion about crypto-agility in here and I may have ideas and motivation to make Go crypto package more
So I would like to lift off from this library and start working towards my goals. Before I do that, I want to ask what is the current stage or progress in development of this repository.
Is there someone already working on something listed in my goals? Would you be interested in reviewing and possibly accepting some PRs, that will implement:
- Update CIRCL dependency to 1.5.0, thus enabling ML-DSA
- Integrate more (non-hybrid, pure ML-DSA and Dilithium) algorithms into x509 and enable all functionality where the current official go/crypto/x509 fails with "Unsupported algorithm" error
- Work towards more crypto-agile crypto library. For example, creating
crypto.Verifier with method Verify (same as there is crypto.Signer) and all relevant crypto subpackages could accept this new interface instead of having hard-coded switch statements based on public key type.
Please note that the list of goals and possible PRs is not complete as I just started delving into PQ-capable Go recently.
Looking forward for you answers :)
Happy New Year!
I'm focusing on PQ migration from an engineer's point of view and I just got stuck on experimenting with PQ in Golang, in crypto/x509 package to be precise.
After some iterations of thinking how to PQ-ize existing applications written in Go using x509 package, I got into a stage where I would like to create my own crypto package fork. Then I remember "hey, Cloudflare already did something like that".
My goal is to have a Go source, that:
So I would like to lift off from this library and start working towards my goals. Before I do that, I want to ask what is the current stage or progress in development of this repository.
Is there someone already working on something listed in my goals? Would you be interested in reviewing and possibly accepting some PRs, that will implement:
crypto.Verifierwith methodVerify(same as there iscrypto.Signer) and all relevant crypto subpackages could accept this new interface instead of having hard-coded switch statements based on public key type.Please note that the list of goals and possible PRs is not complete as I just started delving into PQ-capable Go recently.
Looking forward for you answers :)