This repository contains authentication software to use on the quantum link layer in BB84 QKD protocol.
Quantum safe authentication is implemented using PQC primitives.
Directory signature_authentication contains authentication software demo using only post-quantum digital signature scheme CRYSTALS-Dilithium.
Directory mac_authentication contains authentication software demo using post-quantum key encapsulation algorithm Kyber and message authentication codes (hmac).
We recommend using the mac_authentication alternative, as it is tested to be more efficient.
DISCLAIMER: this repository does not contain any code to perform the actual BB84 key distillation with error correction and privacy amplification steps. The scripts in this repository are only used to demonstrate the quantum-safe authentication of the classical channel.
Please refer to this publication for more background and details on the contents of this repository.
- Clone this repository
- Run
docker build . -t authentication-demo
This step will take a few minutes.
- Run
docker run -it --name authentication_container authentication-demo
This should start the Alice side of the demo inside the container and print you some output.
- Open a new terminal tab and run
docker exec -it authentication_container bash -c "./start.sh bob"
Note: If you omitted --name authentication_container from the previous command you should run docker ps --all to check the container_name.
This should start the Bob side of the demo inside the container and print you some output. Now Bob connects Alice and the demo should be running.
If you don't want to use Docker, below are some instructions for local set up.
This software has external dependencies. The main dependencies are open-source libraries liboqs, liboqs-python and oqsprovider. More information on these libraries is available here.
This software is tested using versions liboqs=0.7.2 and oqsprovider=0.4.0 and liboqs-python=0.7.2 on a system running Ubuntu 22.04 with OpenSSL version 3.0.2. This software is not guaranteed to work with other versions of liboqs, liboqs-python, oqsprovider and OpenSSL.
Below some instructions on how to install these dependencies.
Example for building and installing liboqs in /usr/local:
wget https://github.com/open-quantum-safe/liboqs/archive/refs/tags/0.7.2.zip
unzip 0.7.2.zip
cd liboqs-0.7.2
sudo cmake -DBUILD_SHARED_LIBS=ON -DCMAKE_INSTALL_PREFIX=/usr/local -S . -B _build
sudo cmake --build _build && sudo cmake --install _build
cd ..
oqsprovider can be built for example via the following:
wget https://github.com/open-quantum-safe/oqs-provider/archive/refs/tags/0.4.0.zip
unzip 0.4.0.zip
cd oqs-provider-0.4.0
cmake -DOPENSSL_ROOT_DIR=~/.local -DCMAKE_PREFIX_PATH=~/.local -S . -B _build
cmake --build _build
cd ..
mkdir oqs-test && cd oqs-test
export PROVIDERPATH="/home/user/oqs-provider-0.4.0/_build/oqsprov"
openssl genpkey -out pqc.key -algorithm dilithium3 -provider-path $PROVIDERPATH -provider oqsprovider -provider default
wget https://github.com/open-quantum-safe/liboqs-python/archive/refs/tags/0.7.2.zip
unzip 0.7.2.zip
python3 -m venv venv
source venv/bin/activate
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/lib
cd liboqs-python-0.7.2
python3 setup.py install
Clone this repository and see the section "Usage" below.
This is how you launch the mac_authentication demo:
- Open a new terminal tab.
- Execute the commands below:
source venv/bin/activate
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/lib
cd mac_authentication
python3 alice.py
This launches the alice.py program on port localhost:65530. Alice will wait connection from Bob.
- Now, open another terminal tab
- Execute the commands below:
source venv/bin/activate
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/lib
cd mac_authentication
python3 bob.py
This launches the bob.py program which connects to Alice on localhost:65530 and starts the authenticated "key distillation" over the classical channel.
Scripts use automatically created ./tmp/ directory for temporary file storage.