En tête technical corner
Post quantum encryption
The post quantum encryption engine can be used to activate post quantum encryption for audio and video calls in VoIP applications based on Linphone or Liblinphone.
Current developments in the field of quantum computer science bring a growing threat against the existing cryptographic algorithms, which are for example used in secure Voice over IP and instant messaging applications. The encrypted data shared today could be stored and decrypted in the near future by post quantum computers.
That is why the National Institute of Standards and Technology (NIST) launched in 2017 an international competition to standardise "post quantum algorithms". Such algorithms are expected to be resilient to an attack made by a generalist post quantum computer. They are meant to replace in the long term the algorithms that are used today in many secure protocols relying on cryptographic key exchange mechanisms. (https://csrc.nist.gov/Projects/post-quantum-cryptography/post-quantum-cryptography-standardization).
The NIST recently announced on July 5th 2022 the first winners of this 6-year competition. The algorithm selected for general encryption is Cristals-KYBER: "For general encryption, used when we access secure websites, NIST has selected the Crystals-KYBER algorithm. Among its advantages are comparatively small encryption keys that two parties can exchange easily, as well as its speed of operation." See https://www.nist.gov/news-events/news/2022/07/nist-announces-first-four-quantum-resistant-cryptographic-algorithms.
The Linphone application is most likely the very first open source software in the world to have integrated the Cristals-KYBER algorithm to secure voice and video communications. For that purpose, the Linphone team developed a modified version of ZRTP, the well-known encryption protocol .
- integration of Key Encryption Mechanism (KEM) in the ZRTP protocol: the modified version of ZRTP accepts a key exchange algorithm of the type Key Encapsulation Mechanism
- hybridation : combines a classic (EC)DH and a post quantum encryption. The modified version of ZRTP is able to negotiate two different key exchange algorithms at the same time and securely combine results. To purpose is to remain resilient to classic attacks.
- fragmentation of the resulting ZRTP packets to reduce their size. The purpose is to reach the same level of effectiveness even though cryptographic keys are much larger
- compatibility with Linphone apps and interoperability with previous versions of Linphone
PostQuantumCryptoEngine is dual licensed. It can be licensed and distributed:
- Under a GNU/GPLv3 license for free (open source)
- Under a proprietary license, for use in closed source applications. Contact us for costs and other service information.
Souce Code and activation
The source code of the post quantum encryption engine is available from our GitLab.
Developers who develop their app above Linphone must activate this feature in their app. It can be done directly in source code or via remote provisioning.
Developers who leverage the Liblinphone library (linphone-sdk) must activate the post quantum encryption module at compilation time. Pre-compiled binaries of linphone-sdk do not include this module.
Find more information on our public wiki.