Cloudflare has open-sourced CIRCL (Cloudflare Interoperable, Reusable Cryptographic Library), a collection of algorithms for post-quantum (PQ), elliptic curve cryptography, and hashing for prime groups.
CIRCL, says Cloudflare, is a proof of concept of new approaches to cryptography that aim to start the transition from current public-key cryptography to a post-quantum era where quantum hardware will implement Shor algorithm and easily break RSA and ECC ciphers.
Over the years, lots of ideas have been put on the table by cryptographers (for example, homomorphic encryption, multi-party computation, and privacy preserving constructions). Recently, we’ve seen those concepts picked up and exercised in a variety of contexts.
The Post-quantum era is not here yet, though, so CIRCL’s goal is to help researchers explore and understand better working approaches and algorithms. CIRCL includes two PQ algorithms, one for key exchange (SIDH) and the other for key encapsulation (SIKE), which are aimed to extend TLS for use in a PQ-scenario. Both SIDH and SIKE produce key sizes that are smaller than those produced by other PQ algorithms, which makes them interesting, but their performance is not great, says Cloudflare.
In addition, CIRCL also includes classical-level algorithms for key exchange, and digital signatures. In particular, X25519 and X448 are already part of RFC–7748, while FourQ is a new experimental key exchange and digital signature algorithm that provides top-of-class performance at the 128-bit security level, says Cloudflare.
CIRCL is written in Go, with critical parts written in Go assembly. Among the reasons that Cloudflare engineers list for this decision are Go simplicity, its suitability for system programming and support for assembly-level optimizations.
CIRCL will continue to evolve, says Cloudflare, with many additional applications, such as homomorphic encryption, multi-party computation, and privacy-preserving protocols, that are already on its roadmap.
Post-quantum cryptography is a field of growing interest where many companies and academic institutions are doing research, in spite of the still experimental state of quantum tech. Most notably, Google started to experiment the integration of post-quantum algorithms in Chrome a few years ago, and Microsoft has been working with NIST to advance post-quantum cryptography efforts.