~~NOTOC~~ {{wvds:title>Glossary}} ===== Glossary: Post-Quantum Cryptography ===== ==== Cryptographic Methods ==== === ML-KEM (Module-Lattice Key Encapsulation) === | Standard | FIPS 203 | | Purpose | Key exchange | | Security | Post-Quantum secure | ML-KEM replaces classical methods like RSA or ECDH for key exchange. It's based on the "Learning with Errors" (LWE) problem, which is hard to solve even for quantum computers. **Operations:** * **KeyGen** - Generate key pair (Public + Private) * **Encaps** - Create Shared Secret + Ciphertext from Public Key * **Decaps** - Extract Shared Secret from Ciphertext + Private Key === ML-DSA (Module-Lattice Digital Signature) === | Standard | FIPS 204 | | Purpose | Digital signatures | | Security | Post-Quantum secure | ML-DSA replaces RSA/ECDSA for digital signatures. Also lattice-based. **Operations:** * **Sign** - Sign message with Private Key * **Verify** - Verify signature with Public Key === AES-256-GCM === | Standard | NIST SP 800-38D | | Purpose | Authenticated encryption | | Key Length | 256 bits | AES-GCM provides simultaneous encryption AND integrity protection. The GCM mode creates an Authentication Tag that detects tampering. **Components:** * **Key** - 256-bit key * **Nonce** - 12-byte initialization vector (NEVER reuse!) * **AAD** - Additional Authenticated Data (unencrypted but authenticated) * **Tag** - 16-byte Authentication Tag ---- ==== Security Concepts ==== === Nonce (Number Used Once) === | Size | 12 bytes (96 bits) | | Critical | NEVER reuse! | A nonce is a number that may only be used once per key. With AES-GCM, nonce reuse leads to complete compromise: **Nonce Reuse = Catastrophe** If the same nonce is used twice with the same key, an attacker can reconstruct both plaintexts! The WvdS Crypto Service automatically protects against nonce reuse through tracking. === AAD (Additional Authenticated Data) === Data that is NOT encrypted but protected by the Authentication Tag. Typical use: * Metadata (timestamp, sender ID) * Routing information * Version numbers === Zeroize === Security-critical data (keys, plaintexts) is actively overwritten with zeros after use. This prevents memory dumps from containing sensitive data. ---- ==== Standards & Compliance ==== === FIPS (Federal Information Processing Standards) === US standards for cryptographic modules: | FIPS 140-3 | Security requirements for crypto modules | | FIPS 203 | ML-KEM (Kyber) | | FIPS 204 | ML-DSA (Dilithium) | === BSI TR-03116-4 === Technical guideline from BSI for cryptographic requirements in eHealth systems. Defines allowed algorithms and key lengths. === NIS2 === EU directive on network and information security. Article 21 requires "state of the art" cryptography for critical infrastructure. ---- ==== Hardware ==== === HSM (Hardware Security Module) === Dedicated hardware for cryptographic operations. Keys never leave the HSM in plaintext. === TPM (Trusted Platform Module) === Chip on the motherboard for: * Secure Boot verification * Key storage * Platform attestation ---- [[.:start|< Back to Overview]]