Implementation in Go language of a secure-wire (like TLS) using safe post-quantum cryptography. It has a simple and light key-agreement protocol which includes some future proof features. i.e. client puzzle challenge, pragmatic one-time-pad, triple AES-256 (more on this later), FrodoKEM, Kyber & SIDH Sike.
bin/pqswtun: Drop-in replacement for ssh/ssl tunnels and TLS connections.bin/pqswpat: Broadcast server and client, can be used to build zero-knowledge servers. i.e. a chat- As a library: Can be useful if you want to build a service and would prefer to avoid TLS.
Some usage walkthroughs and examples here.
For details on the key-agreement protocol and some technical decisions, please read the cryptographic details and implementation document (you will also find the main features and attack prevention mechanisms in both the cryptographic protocol design and implementation). Please find the protocol message details in the protocol document.
- FrodoKEM (640, 976, 1344 in both AES and Shake variants).
- Sike (Fp434, Fp503 & Fp751)
- Kyber (512, 768, 1024)
Eduardo E.S. Riccardi, you can contact me via linkedin, or you could find my email address here.
I am a crypto-enthusiast. For feedback and bug-fixes: you are probably right if you have found a crypto mistake here. I claim no expertise, no PhD in Mathematics, or 25 years of experience in cryptography. I would be happy to fix this, your feedback is welcomed. Absolutely no warranty of any kind, form or type is given, implicitly or explicitly.
- File based potps
- Increment puzzle difficulty on auth failure
- Kill signal or file change detection to reload config
- Potps offset can be any uint64, then it is % its size, to hide its real size.