Kyber and Dilithium Real Life Lessons (Q22a)
The cryptographic algorithms of CRYSTALS Kyber and Dilithium gained more reception recently by being selected as algorithm of choice by the CNSA 2.0 specification. The mentioned algorithms are new without much use in real-life scenarios. Both algorithms are intended to replace all long-standing existing asymmetric algorithms such as RSA, ECDSA, and (EC)Diffie-Hellman. Yet, they are not drop-in replacements implying that careful assessments must be applied how to integrate Kyber and Dilithium in the existing scenarios and use cases. The goal of this talk is to provide the lessons learned by the author during his personal experience on the development of an efficient and effective application of these new algorithms in two separate contexts. One as part of a cryptographic library implemented in the C form and second context where the algorithms are implemented in the hardware-specific assembler form as part of a key management software that is intended to support a hardware security module. The discussion also covers the guidance on supporting these algorithms in user space library as well as Linux kernel space library. The later half of the talk outlines the use of Kyber and Dilithium in a real-life key management framework.