Zur Integration von Post-Quantum Verfahren in bestehende Softwareprodukte

TL;DR

This paper explores the challenges of integrating post-quantum cryptography algorithms into existing software, demonstrating practical implementation issues and proposing solutions using an abstract cryptographic library.

Contribution

It provides a practical case study of integrating two PQC algorithms into real-world software and discusses the use of an abstract library to mitigate implementation errors.

Findings

Identified incompatibilities between PQC algorithms and existing standards.

Successfully integrated PQC algorithms into email client and TLS library.

Highlighted the importance of abstract libraries for correct PQC implementation.

Abstract

Currently, PQC algorithms are being standardized to address the emerging threat to conventional asymmetric algorithms from quantum computing. These new algorithms must then be integrated into existing protocols, applications and infrastructures. Integration problems are to be expected, due to incompatibilities with existing standards and implementations on the one hand, but also due to a lack of knowledge among software developers about how to handle PQC algorithms. To illustrate incompatibilities, we integrate two different PQC algorithms into two different existing software products (the InboxPager email client for the Android OS and the TLS implementation of the Bouncy Castle crypto library). Here, we rely on the highly-abstract crypto library eUCRITE, which hides technical details about the correct usage of classical and PCQ algorithms and thus prevents some potential implementation errors.