Voice and video communication over IP secured with post-quantum encryption!
Johan Pascal, Software Security Consultant and author of BZRTP, freelance.
Current advancements in quantum computing represent an increasing threat to the cryptographic algorithms used today, for example in secure Voice over IP (VoIP) applications and instant messaging. Although a quantum computer has not yet been officially announced, some governments recommend protecting data against such attacks by 2030. Encrypted data shared today could soon be stored and decrypted thanks to this revolutionary innovation.
In 2017, the National Institute of Standards and Technology (NIST) launched an international competition to standardize “post-quantum algorithms.” These algorithms are designed to withstand attacks from a versatile quantum computer. In the long term, they are intended to replace the current algorithms used in many secure protocols based on cryptographic key exchange mechanisms.
The Linphone application is likely the first open-source communication software in the world to have implemented the NIST finalist algorithm in the encryption key category, CRYSTALS-Kyber, to date. A key milestone: the development of a modified version of the standardized ZRTP encryption protocol.
🇬🇧 This conference is in English.
FOSDEM 2023 - Secure voice/video over IP communications thanks to post-quantum encryption!
Some challenges we faced
- Achieving the same level of efficiency even though the cryptographic keys are much larger.
- Remaining resilient against classical attacks.
- Ensuring interoperability with the encryption features of previous versions.
👉 The steps taken
- Integration of KEM into the ZRTP protocol: Creation of a modified version of ZRTP that accepts a Key Encapsulation Mechanism (KEM) key exchange algorithm.
- Hybridization: Design of an encryption engine combining traditional (EC)DH encryption and post-quantum encryption. Modification of the ZRTP protocol to negotiate two different key exchange algorithms simultaneously and securely combine the results.
- Fragmentation: Addition of a mechanism to fragment ZRTP packets.
- Integration into Linphone: Incorporation of the new ZRTP library with post-quantum capabilities, along with configuration settings to enable/disable post-quantum mode.
- Performance testing: Implementation of performance tests to evaluate the new setup.
💡 Agenda
0:00 – Introduction
0:17 – Summary
0:40 – Context
15:26 – Focus and Conclusion
19:19 – Additional Resources
19:45 – Q&A
🎙️ Speaker
Johan Pascal, Software Security Consultant and author of BZRTP, freelance
📍 Date and Location
February 4, 2023, at the Fosdem conference in Brussels.
