Post-Quantum Key Agreement in TLS 1.3

[reneme]

With Botan 3.2.0 released yesterday we shipped experimental support for Post-Quantum Key Agreement in TLS 1.3 using Kyber as defined in draft-ietf-tls-hybrid-design.

Applications using the library's TLS implementation may enable PQC support simply by extending their TLS policy file (key_exchange_groups) with one or more of the supported key exchange schemes. Or set up their override of `Botan::TLS::Callbacks::key_exchange_groups() accordingly. The identifiers are compatible with the ones defined by OQS and Cloudflare. Support for FrodoKEM will be added in a Botan 3.3.0.

Policy algorithm name	Botan::TLS::Group_Params::...	TLS identifier
Kyber-512-r3	KYBER_512_R3_OQS	0x023A
Kyber-768-r3	KYBER_768_R3_OQS	0x023C
Kyber-1024-r3	KYBER_1024_R3_OQS	0x023D
x25519/Kyber-512-r3/cloudflare	HYBRID_X25519_KYBER_512_R3_CLOUDFLARE	0xFE30
x25519/Kyber-512-r3	HYBRID_X25519_KYBER_512_R3_OQS	0x2F39
x25519/Kyber-768-r3	HYBRID_X25519_KYBER_768_R3_OQS	0x6399
secp256r1/Kyber-512-r3	HYBRID_SECP256R1_KYBER_512_R3_OQS	0x2F3A
secp256r1/Kyber-768-r3	HYBRID_SECP256R1_KYBER_768_R3_OQS	0x639A
secp384r1/Kyber-768-r3	HYBRID_SECP384R1_KYBER_768_R3_OQS	0x2F3C
secp521r1/Kyber-1024-r3	HYBRID_SECP521R1_KYBER_1024_R3_OQS	0x2F3D

For a simple test, just compile Botan's CLI tool, create a TLS policy file (pqc_policy.txt):

allow_tls13 = true
allow_tls12 = false
key_exchange_groups = x25519/Kyber-768-r3

and run the CLI like this:

./botan tls_client --debug --policy=./pqc_policy.txt cloudflare.com

to perform a TLS 1.3 handshake secured by a hybrid of Kyber and X25519.

TLS with post-quantum key exchange is still experimental with both the protocol and the asymmetric algorithms not being published as final standards, yet. To ensure compatibility, we added an automated test (executed nightly) with the experimental deployments at Cloudflare, IBM, Google and OpenQuantumSafe.

[RB-UK-BMS]

Hello - i would like to use a different Quantum Key than Kyber from another origin.
This is for a commercial IOT application.
Would someone please DM me richard@Bluemeshsolutions.com
Many thanks - RB