All,

Not sure if this is the right audience (If it is not let me know if there is a better place to ask the following question)

 

We have been looking at future security requirements for CPE devices, and we think that we need the following functionality that is currently not really available in the current crypto libraries.

-        Support for Quantum computing secure algorithms  (Post Quantum of PQ algorithms)

-        Support for Hybrid keys ( PQ plus Classic algorithm), preferable in any configuration.

-        Modularized public key crypto algorithms implementation, to simplify adding new algorithms

-        Updating public key architecture to simplify off-loading private key operations to a Trusted Execution environment or other security HW.  

 

We initially looked at openssl, but found the openssl difficult to work with, so we decided to look at Mbedtls, which has a more lightweight design.

 

We modified the mbedtls ‘pkey’ code to make it more modularized (building on the pkwrap design), and added to support for Hybrid keys, which was relatively easy to do.

Updating the TLS library to support hybrid keys has however been a big challenge. The TLS code is very interwoven with the ‘pkey’ code, and seems to have almost unique implementation for each type of key, making it difficult to follow and modify. Adding support for other (PQ) algorithms within that design will be challenge.

 

Before spending too much time on this we would like to know if there is an interest in the MBEDTLS community for a redesign of the code to support hybrid keys, PQ algorithms and modularized public key architecture.

 

Thanks,

Robert