This demo was announced 2020.04.16 on the pqc-forum mailing list, updated 2020.04.23 from OpenSSL 1.1.1f to OpenSSL 1.1.1g, updated 2021.06.08 from OpenSSL 1.1.1g to OpenSSL 1.1.1k, including additional support for sntrup857, updated 2021.09.30 from OpenSSL 1.1.1k to OpenSSL 1.1.1l, alongside an update of the instructions to use stunnel 5.60 and glib-networking 2.60.4, updated 2021.11.02 to cover usage of tls_timer and suggestions regarding its use for experiments, and updated 2021.12.14 from OpenSSL 1.1.1l to OpenSSL 1.1.1m. Our patches work for versions of OpenSSL from 1.1.1f to 1.1.1m. This is a demo of OpenSSLNTRU web browsing taking just 156317 Haswell cycles to generate a new one-time sntrup761 public key for each TLS 1.3 session. This demo uses (i) the Gnome web browser (client) and stunnel (server) using (ii) a patched version of OpenSSL 1.1.1l using (iii) a new OpenSSL ENGINE using (iv) a fast new sntrup761 library. The TLS 1.3 integration in OpenSSLNTRU uses the same basic data flow as the CECPQ2 experiment carried out by Google and Cloudflare. Compared to the cryptography in CECPQ2, the cryptography in OpenSSLNTRU has a higher security level and better performance. Furthermore, OpenSSLNTRU's new software layers decouple the fast-moving post-quantum software ecosystem from the TLS software ecosystem. OpenSSLNTRU also supports a second NTRU Prime parameter set, sntrup857, optimizing computation costs at an even higher security level.

2022