WSO2Con2025 Logo

March 18-20 | Barcelona, Spaain

 
2024/10/23
 
23 Oct, 2024

Post-Quantum Hybrid Encryption with Ballerina

  • Udara Pathum
  • Senior Software Engineer - WSO2

As highlighted in the Quantum-Safeness of WSO2 Products blog, there is an urgent need for alternative asymmetric encryption methods. Post-quantum algorithms (Q) are gradually gaining prominence but require time to establish trust within the industry. Therefore, combining classical (C) and post-quantum (Q) Key Encapsulation Mechanisms (KEMs) ensures resilience against classical and quantum attacks.

The Ballerina Swan Lake Update 9 release adds support for post-quantum secure end-to-end encryption. This update also introduces new APIs for the C + Q hybrid encryption algorithm: RSA-KEM-ML-KEM-768-HPKE.

RSA-KEM-ML-KEM768-HPKE is a hybrid public key encryption algorithm (HPKE) that combines the conventional RSA-KEM with the post-quantum ML-KEM-768. It serves as a robust alternative to traditional public key encryption methods, promising protection against both traditional and post-quantum threats.

C+Q Hybrid Public Key Encryption (HPKE)

Two key pairs are used for this hybrid encryption scheme: the RSA key pair and the ML-KEM-768 key pair. An RSA key pair consists of an RSA private key and an RSA public key as defined in Section 3 of RFC 8017: PKCS #1. An ML-KEM-768 key pair consists of an ML-KEM-768 private key and an ML-KEM-768 public key as defined in Section 5.1 of FIPS 203: ML-KEM Standard.


Figure 1: Hybrid Public Key Encryption with RSA and (ML-KEM) Kyber

Let’s assume a scenario where the sender (S) wants to send encrypted data to the receiver (R) using C+Q Hybrid Public Key Encryption.

  1. R initiates by generating two distinct key pairs: one using RSA and the other with ML-KEM-768.
  2. R then forwards both public keys to S, ensuring S’s access to the necessary encryption keys.
  3. S, upon receipt of the public keys, proceeds to generate two keys utilizing two Key Encapsulation Mechanisms (KEMs): RSA-KEM and ML-KEM-768. These keys are concatenated to form the shared-secret for symmetric encryption.
  4. Using the shared-secret, S encrypts the data and transmits both the shared-secret and the encrypted data to R for decryption.

Upon receiving the encrypted data and the shared-secret from the sender (S), the receiver (R) undertakes the following steps to decrypt the information:

  1. R retrieves the shared secret (SS) from the received data, obtained by decrypting the concatenated keys using the RSA private key and ML-KEM-768 private key pairs.
  2. With the shared secret (SS) now obtained, R decrypts the encrypted data utilizing symmetric encryption, effectively revealing the original message.
  3. The decrypted data is now accessible to R, completing the secure exchange initiated by S.

Post-Quantum HPKE with Ballerina

Implementing the described encryption and decryption process in Ballerina can be done via a series of steps.

Key Pair Generation

Both RSA and ML-KEM-768 key pairs need to be generated separately by the receiver.

RSA: Tools such as OpenSSL or Keytool can be used to create a PKCS12 keystore containing an RSA key pair. Here’s a general outline of the process:

ML-KEM-768: Use the Java tool provided in Kyber Keystore Generator to generate an ML-KEM-768 key pair.

Encryption

In this setup, a Ballerina client serves as the Sender. It uses two public certificates to encrypt a payload. Subsequently, the encrypted payload (ciphertext) along with the shared secret (`encapsulatedSecret`) are dispatched to the receiver.

Decryption

On the other end, a Ballerina server plays the role of the Receiver. Upon receiving the encrypted payload from Sender, it employs its private keys for payload decryption.

By supporting post-quantum algorithms, Ballerina allows developers to protect data against post-quantum threats. The integration of hybrid encryption schemes enables robust security by combining classical and post-quantum algorithms, offering resilience against both classical and post-quantum attacks. This balanced approach allows organizations to transition towards quantum-resistant cryptography gradually, ensuring their data security strategy is future-proof as post-quantum standards continue to evolve.

English