Post-quantum Encryption

8v55

Is there any intention to integrate post-quantum secure encryption algorithms for phones running GrapheneOS?

de0u

8v55 I expect this will happen "naturally", i.e., I expect Google and others will, over time, contribute various ciphers and hashes which will end up in AOSP, which GrapheneOS will naturally incorporate. I think that is substantially more likely than that the GrapheneOS project will start implementing cryptographic primitives.

Edit: note that there is a substantial "network effect" present: if GrapheneOS were the sole platform to deploy a new quantum-resistant crypto suite, what would it be useful for? Web servers wouldn't encrypt web pages with it, encrypted message apps wouldn't encrypt messages with it, etc.

Please note that I do not speak for the GrapheneOS project.

bayesian

8v55
Most of the stuff that GOS uses is symmetric encryption which is still a NP problem in quantum computers with a √n reduction. So a 256-bit cypher can be viewed as having the security of a 128-bit cypher which still is quite good.

Now for asymmetric encryption, especially elliptic curves, then that can become a P problem. But as far as I know device encryption is done by an AES symmetric cypher in GOS. So you might be fine

GrapheneOS

8v55 de0u bayesian

Android disk encryption should already be post-quantum secure without changes.

Vanadium supports hybrid post-quantum secure key exchange via the standard Chromium support. We enabled it early in Vanadium but it's enabled by default now. If you check URL bar info button for the site in Vanadium and select "Connection is secure" for more information you'll see hybrid X25519Kyber key exchange being used for Google, Cloudflare, etc. It's not widely supported for server software and requires a special module since it's still a draft so we don't support it for our own web servers yet. it would be a maintenance burden and a potential security issue due to requiring bleeding edge code that's not particularly widely used or part of the upstream projects such as OpenSSL yet. We can enable it as soon as it's supported by the stable release of OpenSSL without requiring an extra module.