[Resending to openvpn-devel now that I'm subscribed to it.] Hello all,
Thanks to Jon for making the introduction. My team works on post-quantum (PQ) cryptography, which is algorithms used by regular computers but which are resistant to attack by a sufficiently powerful quantum computer. This OpenVPN fork is an example application we released so the public could experiment with it. The following sites have information on what we're doing: Our openvpn, openvpn-build, and openvpn-gui forks are subprojects of the following repo: https://github.com/Microsoft/PQCrypto-VPN I just realized there are no back-pointers from the subprojects back to the main repo. I've just corrected that. On this site are scripts and instructions for doing our custom build of OpenVPN for Windows and Linux, to use the PQ crypto-enabled fork of OpenSSL we use, and how to properly configure it for PQ crypto. We also provide instructions for building an image for a Raspberry Pi to be used as a wifi access point that tunnels all traffic to a remote server protected by PQ key exchange. We also have released pre-built Linux x64 and Windows binaries. Our current build process works but there is plenty of room for improvement. A more in-depth description of the PQ VPN is here: https://www.microsoft.com/en-us/research/project/post-quantum-crypto-vpn/ And our introduction to post-quantum cryptography overall is here: https://www.microsoft.com/en-us/research/project/post-quantum-cryptography/ As Jon said, these algorithms are experimental and so it would be inappropriate to introduce them into production code until the standardization and thorough analysis by the cryptographic community are completed. When that happens, we want to be ready to quickly integrate these algorithms into existing software. My colleagues are already contributing to a PQ crypto-enabled fork of OpenSSL (https://github.com/open-quantum-safe/openssl), and similarly we believe there is value in maintaining a PQ-enabled fork of OpenVPN, so that both are ready when there is consensus on a standard. I will be updating the fork to track the forward progress of both the PQ-enabled OpenSSL fork and OpenVPN as time allows, but I welcome the participation of anyone who's interested in helping with the updates or making other improvements, as well as any suggestions you may have on future directions for this work. -----Original Message----- From: Jon Kunkee Sent: Tuesday, July 3, 2018 4:20 PM To: Samuli Seppänen <sam...@openvpn.net>; Илья Шипицин <chipits...@gmail.com>; Kevin Kane <kk...@microsoft.com> Cc: openvpn-devel <openvpn-devel@lists.sourceforge.net> Subject: Upstreaming pqcrypto changes from microsoft/openvpn Hi, (Retitling thread from RE: [Openvpn-devel] Topics for the community meeting (Wed, 13th June 2018)) > do you know this activity https://github.com/Microsoft/openvpn/ ? > there are interesting things There are *very* interesting things there! > Do you know if Kevin (or his manager/team) plans to push his work upstream > (i.e. to us) at some point? Samuli and Илья, I'd like to introduce you to Kevin Kane. He is the current maintainer of the Microsoft\openvpn pqcrypto branch on Github. He is working on developing encryption standards that are resistant to quantum-mechanics-based attacks. This includes taking existing products and adding experimental implementations of the experimental standards to them—including OpenVPN and OpenSSL. Over time these new techniques will be studied, refined, tested, and otherwise hammered on in the furnace of open-source cryptography until they gain some measure of trust. Both the experimental and untested nature of his work mean that no, his code isn’t ready to be merged into OpenVPN/master…yet! In the meantime, he would love to work with someone from the OpenVPN community—or even the organization itself—to make the connection official and to refine his additions. Some of the needed refinement requires familiarity with the overall build system, while a forward-looking cryptographer or protocol guru might take interest in what's developing under the hood. I don't know much about the current status of the project, but Kevin is happy to answer questions and would love to hear from you. Thanks, Jon ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
