[W.I.P] adding ML-KEM512 to the iron-session seal and unseal functions. #933
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Added in compression to help key size using the compressData function which uses the browser's native compression. - Changed from 1024 to 512, to further help cookie size limits. - Introduced a more optimised PQSealResult to use a more compact format. - Added post-quantum seal errors to present a better DX. - Added tests to deal with post-quantum seal and unseal. - Added constants for ML-KEM expected sizes. - Added a function to check the ML-KEM version based on the publicKey/ciphertext lengths, which defaults to 512. - Combine all components using a more compact format for the PQSeal Results. -
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Recently I attended a conference talking about secure implementation's regarding PQC Encryption, due to the latest trends and also the threat of "harvest now, decrypt later" I decided to try and rewrite an implementation of the iron-session lib which uses post quantum encryption under the hood, and falls back to iron-seal if not, this prevents any "harvest now, decrypt later" risk for when quantum computers become more available. Under the hood the session uses ML-KEM512 (formerly known as Kyber-512), a NIST-approved post-quantum key encapsulation mechanism, which provides 128-bit security that's resistant to attacks from quantum computers.
Users can also opt-in with a single flag (usePostQuantum: true) with no breaking changes, this allows people to use the lib as per usual without any breaking changes unless they want to enable it.
This is very much a work in progress, this is the first working build I have which passes every test:
I have tried to update the README as much as possible, and also added a "When to use it" section. Any feedback or advice would be brilliant.