Java TLS that does not rely on DLP or prime factorization

Question

I'm writing a file server in Java on Windows using encryption that is resistant to Shor's algorithm.

My stumbling block is the SSL/TLS. From what I can gather, I can't use the standard java libraries as the socket encryption uses a Diffie-Hellman key exchange, which relies on the discrete logarithm problem.

I've looked into Salsa20, a new (ish) stream cipher, but the problem of securely exchanging keys remains. I've also looked at cyaSSL but the Java service provider doesn't support windows, and using C is not an option.

Can anyone provide any direction?

Answer 1

There are two general approaches:

1. Use a pre-shared key

   No key exchange, no quantum problems. But now you need to distribute the shared key out-of-band, so it probably doesn't solve the problem.

2. Use a quantum proof key-exchange

   For example here is a spec for NTRU (only a draft, no real standard, and beware of patents)

   But in general asymmetric post-quantum crypto doesn't seem production ready.

Answer 2

The outlook is bleak.

There are some Asymetrical crypto systems that are based on intractable problems that aren't DLP or factoring problems. The GGH Cryptosystem is based on the hard problem of closest vectors, for example. You'll find there are a lot of signature schemes that are resistant to quantum cryptography, but not a lot of encryption systems, and the ones that do exist seem to all have some problem with their security.

As far as plugging GGH and Lamport Signatures into Java as an provider for SSL, that's another problem entirely. You'll have to learn about how the JCE works and do a lot of legwork.