Aaron Rainbolt <arraybolt3@xxxxxxxxx> writes: > Are there any plans to integrate a post-quantum-secure signature > algorithm in OpenSSH, such as SLH-DSA (SPHINCS+)? I don't know, but I made initial experiments with it: https://blog.josefsson.org/2024/12/23/openssh-and-git-on-a-post-quantum-sphincs/ There is a specification for it: https://datatracker.ietf.org/doc/html/draft-josefsson-ssh-sphincs-00 Niels Möller implemented SLH-DSA recently and did some performance statistics: https://lists.lysator.liu.se/mailman/hyperkitty/list/nettle-bugs@xxxxxxxxxxxxxxxxxxxx/message/FQU6J4OGIKCE46SXOYG4HFZ67MVOGDIL/ After that I am inclined to add more algorithm options: it seems fast verification (thus the "slow" variant) may be more relevant to software signing code paths, and the 128-bit variants may be relevant for online interactive use. I'm still mixed about the cost to add both SHAKE and SHA2, I picked SHA2 because it is faster. If there is interest, I'm happy to make another iteration of these patches. /Simon
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
