Skip to content

Releases: qompassai/Nautilus

QompaSSL 2.0 Release

13 Sep 05:09
@PhaedrusFlow PhaedrusFlow
v2.0
1d141d7
This commit was signed with the committer’s verified signature.
PhaedrusFlow Matt Porter
GPG key ID: C74C8202241A0751
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
QompaSSL 2.0 Release Latest
Latest

QompaSSL 2.0: Fork of OpenSSL 3.3.2 with Enhanced Post-Quantum and Artificial Intelligence-Ready Cryptography

Release Date: 2024-09-12 22:06:57

This release includes libssl.so and libcrypto.so compiled with an extensive set of classical, quantum-resistant, and post-quantum algorithms, based on OpenSSL 3.3.2. QompaSSL 2.0 is specifically tailored for securing Artificial Intelligence (AI) systems and preparing for the post-quantum era. Who's using these protocols currently? Great Question!

Industry Adoption and Real-World Applications:

  1. Healthcare and Medical Systems:

    • Roche: Implementing post-quantum cryptography to secure sensitive medical data and research information [1].
    • Anthem: Exploring quantum-resistant algorithms to protect health records and patient data [2].

  2. Financial Services:

    • JPMorgan Chase: Collaborating with Toshiba to develop quantum-resistant blockchain technology [3].
    • Visa: Researching post-quantum cryptography for secure financial transactions [4].

  3. Technology and Cloud Services:

    • Google: Implementing post-quantum key exchange in Chrome to test new cryptographic algorithms [5].
    • IBM: Offering quantum-safe cryptography services in its cloud platform [6].

  4. Government and Defense:

    • U.S. Department of Defense: Mandating quantum-resistant cryptography for future systems [7].
    • European Telecommunications Standards Institute (ETSI): Developing standards for quantum-safe cryptography [8].

  5. Telecommunications:

    • AT&T: Collaborating on quantum-resistant network security solutions [9].

These industry leaders are at the forefront of adopting post-quantum cryptography, demonstrating the growing importance of quantum-resistant security measures across various sectors.

References:
[1] https://www.roche.com/stories/quantum-computers-calculating-the-unimaginable
[2] https://news.ncsu.edu/2020/02/health-care-anthem-joins-q-hub/
[3] https://www.jpmorgan.com/technology/technology-blog/jpmc-toshiba-ciena-build-first-quantum-key-distribution-network-critical-blockchain-application
[4] https://usa.visa.com/about-visa/visa-research/research-areas.html
[5] https://security.googleblog.com/2016/07/experimenting-with-post-quantum.html
[6] https://www.ibm.com/blogs/research/2019/08/quantum-safe-cryptography/
[7] https://www.defense.gov/News/News-Stories/Article/Article/3682355/pentagon-official-lays-out-dod-vision-for-ai/
[8] https://www.etsi.org/technologies/quantum-safe-cryptography
[9] https://techblog.comsoc.org/2022/10/07/att-will-be-quantum-ready-by-the-year-2025-but-may-not-be-fully-quantum-secured/

Change Log

This release includes libssl.so and libcrypto.so compiled with an extensive set of classical, quantum-resistant, and post-quantum algorithms, based on OpenSSL 3.3.2. QompaSSL 2.0 builds upon the foundation of QompaSSL 1.3, further enhancing its capabilities for securing Artificial Intelligence (AI) systems and preparing for the post-quantum era.

Key Enhancements in QompaSSL 2.0:

  1. Expanded Algorithm Support:

    • Added support for additional post-quantum algorithms, including NTRU and Classic McEliece variants.
    • Introduced new hybrid combinations, such as secp256k1 with Kyber and Dilithium.

  2. Optimized Configurations:

    • Refined SSL/TLS configurations to prioritize stronger algorithms and support a wider range of use cases.
    • Introduced separate configurations for FIPS compliance and post-quantum focused setups.

  3. Performance Improvements:

    • Implemented optimizations for faster execution of post-quantum algorithms.
    • Enhanced support for hardware acceleration, including better utilization of AES-NI and AVX instructions.

  4. AI-Specific Enhancements:

    • Improved support for homomorphic encryption primitives, enabling more efficient secure AI computations.
    • Optimized random number generation for AI model initialization and cryptographic key generation.

  5. Enhanced Protocol Support:

    • Added QUIC (Quick UDP Internet Connections) protocol support for low-latency, secure communication in AI data transfer
    • Asynchronous operation support for non-blocking cryptographic operations in AI systems

  6. Hardware-Accelerated Cryptography:

    • Added RDRAND instruction support for hardware-based random number generation, crucial for AI and cryptographic applications
    • Optimized use of AES-NI (Advanced Encryption Standard New Instructions) and AVX (Advanced Vector Extensions) instructions for faster encryption in AI data processing

  7. Compliance and Standards:

    • Maintained FIPS (Federal Information Processing Standards) mode for regulatory compliance in sensitive AI applications
    • Explicit support for TLS (Transport Layer Security) 1.2 and 1.3 with post-quantum cipher suites

Comparison with Previous Version:

  1. Algorithm Coverage: QompaSSL 2.0 supports a broader range of post-quantum and hybrid algorithms, providing more options for quantum-resistant security.

  2. Configuration Flexibility: The new version offers more granular control over algorithm selection and prioritization, allowing for better customization to specific use cases.

  3. AI Readiness: Enhanced optimizations and AI-specific features make QompaSSL 2.0 more suitable for securing AI workflows and data.

  4. Future-Proofing: With the inclusion of additional post-quantum algorithms, QompaSSL 2.0 is better prepared for potential future NIST standardization decisions.

Enterprise and Consumer Use Cases for Post-Quantum Cryptography and AI:

  1. Secure AI Model Training: Protect sensitive training data and model parameters with quantum-resistant encryption during distributed learning.
  2. Long-Term Data Security: Ensure that data encrypted today remains secure against future quantum computer attacks, crucial for AI systems handling sensitive long-term data.
  3. Secure Federated Learning: Enable privacy-preserving collaborative AI model training across multiple parties using post-quantum secure multi-party computation.
  4. Quantum-Resistant Model Deployment: Protect AI models in transit and at rest with post-quantum algorithms to prevent theft and tampering.
  5. Secure AI Inference: Implement homomorphic encryption techniques to perform computations on encrypted data, allowing AI inferences without exposing raw data.
  6. Future-Proof IoT Security: Prepare Internet of Things (IoT) devices and AI edge computing for the post-quantum era with lightweight, quantum-resistant cryptographic protocols.
  7. Regulatory Compliance: Meet forward-looking cybersecurity regulations that require quantum-resistant cryptography for AI systems in critical infrastructure.

This build provides a comprehensive suite of cryptographic algorithms, with a strong focus on post-quantum and hybrid schemes, tailored for the unique security needs of AI systems. It updates the base to OpenSSL 3.3.2, incorporating the latest security improvements while adding crucial features for quantum-resistant, AI-ready cryptography.

We maintain our commitment to high security standards while expanding the feature set to meet the evolving cryptographic needs of the AI era. As always, we include test results to foster transparency and trust. We remain grateful to the cryptography community and the OpenSSL developers for their invaluable contributions to the field.

Assets 3
Loading

QompaSSL Release v1.1

19 Aug 07:52
@PhaedrusFlow PhaedrusFlow
v1.1x86_64
ebf3429
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
QompaSSL Release v1.1

QompaSSL 1.1: A Fork of OpenSSL with classical, quantum and post quantum protocols

Release Date: 2024-08-19 00:52:12

  • This release includes libssl.so and libcrypto.so compiled with an extensive set of classical and post-quantum algorithms.

What is libcrypto.so?

This is the core cryptographic library of OpenSSL.
It provides implementations of various cryptographic algorithms, including symmetric and asymmetric encryption, digital signatures, hash functions, and random number generation.
Basically, It's the foundation for all cryptographic operations in OpenSSL.

What is libssl.so?

This library implements the SSL (Secure Sockets Layer) and TLS (Transport Layer Security) protocols, relying on libcrypto.so for the underlying cryptographic operations.This results in the SSL/TLS handshake, certificate handling, and secure communication.

Changes and Improvements with 1.1:

  1. Build Environment:
    • Maintained: Arch Linux x86_64

2. Security Enhancements:

  • Maintained: No weak SSL ciphers, no deprecated features, no SSL3/TLS1.0/TLS1.1, TLS 1.3 enabled, FIPS mode enabled, no heartbeat extension
  • Added: TLS security level set to 2 (-DOPENSSL_TLS_SECURITY_LEVEL=2)

3. Cryptographic Algorithms:

  • Maintained: ChaCha, ARIA, BLAKE2, SM4, Camellia, SEED, Whirlpool, GOST, SM2, SM3
  • Added: IDEA, MDC2, RC5
  • Maintained: EC_NISTP_64_GCC_128 optimization

4. Post-Quantum Algorithms:

a. Key Encapsulation Mechanisms (KEMs):
- Maintained: Kyber (512, 768, 1024), FrodoKEM (640, 976, 1344), BIKE, HQC, McEliece
- Added: Explicit support for more McEliece variants
b. Signature Schemes:
- Maintained: Falcon (512, 1024), Dilithium (2, 3, 5), SPHINCS+
c. Hybrid Schemes:
- Expanded: More combinations of classical and post-quantum algorithms, including additional McEliece hybrids

5. Performance and Debugging:

  • Maintained: Dynamic engine loading, KTLS support, SSL tracing, Crypto debugging and backtrace
  • Added: Zlib and dynamic zlib support

6. Additional Protocols and Features:

  • Maintained: SRP, OCB mode, TFO, COMP, DTLS
  • Added: CMS (Cryptographic Message Syntax), RFC3779 support

7. Elliptic Curves:

  • Maintained: Standard NIST curves, secp256k1, X25519

New Configuration Highlights:

  • Explicit disabling of static engines (-DOPENSSL_NO_STATIC_ENGINE)
  • Comprehensive set of post-quantum and hybrid algorithms defined in DOQS_DEFAULT_GROUPS
  • Addition of several classical algorithms (IDEA, MDC2, RC5)
  • Enhanced support for CMS and RFC3779

This build continues to provide a wide range of cryptographic algorithms, with an expanded focus on post-quantum and hybrid schemes. It maintains the high security standards of the previous release while adding new capabilities and algorithm support. We also include test results with the inclusion of test_results81824.txt (not all of which were passes!) It is our intent of fostering trust via transparency and with gratitude to the great minds who developed these encryption protocols and OpenSSL. It is humbling to stand on the shoulders of such giants.

Loading

QompaSSL Release v1.0_Ubuntu

12 Aug 03:29
@PhaedrusFlow PhaedrusFlow
v1.0_Ubuntu
7c582d6
Compare
Choose a tag to compare
QompaSSL Release v1.0_Ubuntu

QompaSSL: OpenSSL with classical,post-quantum, and hybrid protocols

Release Date: 2024-08-11 20:29:12

This release includes libssl.so and libcrypto.so compiled on an Ubuntu 24.04 machine with aarch64 processor (NVIDIA AGX Orin Dev Kit).
Security Enhancements:
No weak SSL ciphers
No deprecated features
No SSL3, TLS 1.0, or TLS 1.1
TLS 1.3 enabled
FIPS mode enabled
No heartbeat extension (OPENSSL_NO_HEARTBEATS)

Cryptographic Algorithms:
ChaCha
ARIA
BLAKE2
SM4 (Chinese block cipher)
EC_NISTP_64_GCC_128 (optimized elliptic curve operations)
Camellia
SEED
Whirlpool
GOST (Russian algorithms)
SM2 and SM3 (Chinese algorithms)
Key Encapsulation Mechanisms (KEMs):
Kyber (512, 768, 1024)
FrodoKEM (640, 976, 1344)
BIKE (BIKE1L1CPA, BIKE1L3CPA, BIKE1L5CPA)
HQC (128, 192, 256)
McEliece (348864, 460896, 6688128, 6960119, 8192128)
Signature Schemes:
Falcon (512, 1024)
Dilithium (2, 3, 5)
SPHINCS+ (SHA256-128f-robust, SHA256-192f-robust, SHA256-256f-robust)
Hybrid Schemes (combining traditional and post-quantum):
p256_kyber512
p384_kyber768
p521_kyber1024
p256_falcon512
p384_falcon512
p521_falcon1024
p256_dilithium2
p384_dilithium3
p521_dilithium5
x25519_kyber512
x25519_kyber768
x25519_kyber1024
x25519_falcon512
x25519_falcon1024
x25519_dilithium2
x25519_dilithium3
x25519_dilithium5
x25519_mceliece348864
x25519_mceliece460896
x25519_mceliece6688128
x25519_mceliece6960119
x25519_mceliece8192128
secp256k1_kyber512
secp256k1_kyber768
secp256k1_kyber1024
Performance and Debugging:
Dynamic engine loading
Kernel TLS (KTLS) support
SSL tracing enabled
Crypto debugging and backtrace
Additional Protocols and Features:
SRP (Secure Remote Password) protocol
OCB mode
TFO (TCP Fast Open)
AFALG (Linux kernel crypto API)
COMP (compression)
DTLS (Datagram TLS)
Elliptic Curves:
Standard NIST curves (P-256, P-384, P-521)
secp256k1 (used in Bitcoin)
X25519
This custom build includes a wide range of cryptographic algorithms, post-quantum schemes, and performance enhancements. It prioritizes security by disabling older, less secure protocols and enabling newer, more secure options. The build also includes support for various national standards (e.g., Chinese SM2/SM3/SM4, Russian GOST) and emerging post-quantum cryptography schemes.

Loading

QompaSSL Release v1.0_Arch

12 Aug 03:10
@PhaedrusFlow PhaedrusFlow
v1.0_Arch
5e708b1
Compare
Choose a tag to compare
QompaSSL Release v1.0_Arch

QompaSSL: OpenSSL with classical, post-quantum, and hybrid encryption protocols

Release Date: 2024-08-11 19:59:27

This release includes libssl.so and libcrypto.so compiled on an x86_64 Arch Linux Machine.

Architecture and Platform:
Linux x86_64
Security Enhancements:
No weak SSL ciphers
No deprecated features
No SSL3, TLS 1.0, or TLS 1.1
TLS 1.3 enabled
FIPS mode enabled
No heartbeat extension (OPENSSL_NO_HEARTBEATS)

Cryptographic Algorithms:
ChaCha
ARIA
BLAKE2
SM4 (Chinese block cipher)
EC_NISTP_64_GCC_128 (optimized elliptic curve operations)
Camellia
SEED
Whirlpool
GOST (Russian algorithms)
SM2 and SM3 (Chinese algorithms)
Key Encapsulation Mechanisms (KEMs):
Kyber (512, 768, 1024)
FrodoKEM (640, 976, 1344)
BIKE (BIKE1L1CPA, BIKE1L3CPA, BIKE1L5CPA)
HQC (128, 192, 256)
McEliece (348864, 460896, 6688128, 6960119, 8192128)
Signature Schemes:
Falcon (512, 1024)
Dilithium (2, 3, 5)
SPHINCS+ (SHA256-128f-robust, SHA256-192f-robust, SHA256-256f-robust)
Hybrid Schemes (combining traditional and post-quantum):
p256_kyber512
p384_kyber768
p521_kyber1024
p256_falcon512
p384_falcon512
p521_falcon1024
p256_dilithium2
p384_dilithium3
p521_dilithium5
x25519_kyber512
x25519_kyber768
x25519_kyber1024
x25519_falcon512
x25519_falcon1024
x25519_dilithium2
x25519_dilithium3
x25519_dilithium5
x25519_mceliece348864
x25519_mceliece460896
x25519_mceliece6688128
x25519_mceliece6960119
x25519_mceliece8192128
secp256k1_kyber512
secp256k1_kyber768
secp256k1_kyber1024
Performance and Debugging:
Dynamic engine loading
Kernel TLS (KTLS) support
SSL tracing enabled
Crypto debugging and backtrace
Additional Protocols and Features:
SRP (Secure Remote Password) protocol
OCB mode
TFO (TCP Fast Open)
AFALG (Linux kernel crypto API)
COMP (compression)
DTLS (Datagram TLS)
Elliptic Curves:
Standard NIST curves (P-256, P-384, P-521)
secp256k1 (used in Bitcoin)
X25519
This custom build includes a wide range of cryptographic algorithms, post-quantum schemes, and performance enhancements. It prioritizes security by disabling older, less secure protocols and enabling newer, more secure options. The build also includes support for various national standards (e.g., Chinese SM2/SM3/SM4, Russian GOST) and emerging post-quantum cryptography schemes.

Loading