Categoria: Crittografia
Complessità: Alta
Prerequisiti: Coppia chiavi ML-KEM, coppia chiavi classica
Tempo stimato: 20-30 minuti
Questo scenario descrive la crittografia ibrida con algoritmi classici (RSA/ECDH) e Post-Quantum (ML-KEM). La crittografia ibrida combina entrambi i metodi per essere protetti sia contro attacchi classici che quantistici.
Concetto:
using WvdS.Security.Cryptography.X509Certificates.Extensions.PQ; using System.Security.Cryptography; using var ctx = PqCryptoContext.Initialize(); // Chiavi destinatario (entrambi gli algoritmi) var recipientEcdh = ECDiffieHellman.Create(ECCurve.NamedCurves.nistP384); var recipientMlKem = ctx.GenerateKeyPair(PqAlgorithm.MlKem768); // === CIFRATURA === // 1. Key Exchange classico (ECDH) using var senderEcdh = ECDiffieHellman.Create(ECCurve.NamedCurves.nistP384); var ecdhSharedSecret = senderEcdh.DeriveKeyMaterial(recipientEcdh.PublicKey); // 2. PQ Key Encapsulation (ML-KEM) var (mlKemCiphertext, mlKemSharedSecret) = ctx.Encapsulate(recipientMlKem.PublicKey); // 3. Combinare chiavi via HKDF var combinedSecret = CombineSecrets(ecdhSharedSecret, mlKemSharedSecret); var encryptionKey = ctx.DeriveKey( combinedSecret, outputLength: 32, salt: null, info: Encoding.UTF8.GetBytes("hybrid-encryption-v1") ); // 4. Cifrare dati var plaintext = Encoding.UTF8.GetBytes("Messaggio segreto"); var nonce = RandomNumberGenerator.GetBytes(12); var ciphertext = new byte[plaintext.Length]; var tag = new byte[16]; using var aes = new OpenSslAesGcm(encryptionKey); aes.Encrypt(nonce, plaintext, ciphertext, tag); // 5. Assemblare messaggio cifrato var encryptedMessage = new HybridEncryptedMessage { EcdhPublicKey = senderEcdh.PublicKey.ExportSubjectPublicKeyInfo(), MlKemCiphertext = mlKemCiphertext, Nonce = nonce, Ciphertext = ciphertext, Tag = tag }; Console.WriteLine($"Cifrato: {encryptedMessage.Ciphertext.Length} Bytes");
// === DECIFRATURA === using var ctx = PqCryptoContext.Initialize(); // Caricare chiavi private destinatario var recipientEcdh = ctx.LoadEcdhPrivateKey("recipient-ecdh.key.pem", "Password!"); var recipientMlKem = ctx.LoadPrivateKey("recipient-mlkem.key.pem", "Password!"); // 1. Key Exchange classico var senderEcdhPubKey = ECDiffieHellman.Create(); senderEcdhPubKey.ImportSubjectPublicKeyInfo(encryptedMessage.EcdhPublicKey, out _); var ecdhSharedSecret = recipientEcdh.DeriveKeyMaterial(senderEcdhPubKey.PublicKey); // 2. PQ Key Decapsulation var mlKemSharedSecret = ctx.Decapsulate(recipientMlKem, encryptedMessage.MlKemCiphertext); // 3. Combinare chiavi var combinedSecret = CombineSecrets(ecdhSharedSecret, mlKemSharedSecret); var decryptionKey = ctx.DeriveKey( combinedSecret, outputLength: 32, salt: null, info: Encoding.UTF8.GetBytes("hybrid-encryption-v1") ); // 4. Decifrare dati var decrypted = new byte[encryptedMessage.Ciphertext.Length]; using var aes = new OpenSslAesGcm(decryptionKey); aes.Decrypt( encryptedMessage.Nonce, encryptedMessage.Ciphertext, encryptedMessage.Tag, decrypted ); var message = Encoding.UTF8.GetString(decrypted); Console.WriteLine($"Decifrato: {message}");
private static byte[] CombineSecrets(byte[] secret1, byte[] secret2) { // Concat e Hash - metodo semplice ma sicuro // Alternativa: HKDF parallelo e XOR var combined = new byte[secret1.Length + secret2.Length]; Buffer.BlockCopy(secret1, 0, combined, 0, secret1.Length); Buffer.BlockCopy(secret2, 0, combined, secret1.Length, secret2.Length); // HKDF Extract return HKDF.Extract(HashAlgorithmName.SHA256, combined); }
public class HybridEncryptedMessage { // Header public string Version { get; set; } = "1.0"; public string Algorithm { get; set; } = "ECDH-P384+ML-KEM-768/AES-256-GCM"; // Key Encapsulation public byte[] EcdhPublicKey { get; set; } // Chiave pubblica effimera ECDH public byte[] MlKemCiphertext { get; set; } // Ciphertext ML-KEM // Contenuto cifrato public byte[] Nonce { get; set; } // 12 bytes public byte[] Ciphertext { get; set; } // Variabile public byte[] Tag { get; set; } // 16 bytes // Serializzazione public byte[] Serialize() { using var ms = new MemoryStream(); using var writer = new BinaryWriter(ms); writer.Write(Version); writer.Write(Algorithm); writer.Write(EcdhPublicKey.Length); writer.Write(EcdhPublicKey); writer.Write(MlKemCiphertext.Length); writer.Write(MlKemCiphertext); writer.Write(Nonce.Length); writer.Write(Nonce); writer.Write(Ciphertext.Length); writer.Write(Ciphertext); writer.Write(Tag.Length); writer.Write(Tag); return ms.ToArray(); } }
| Combinazione | Classico | PQ | Livello sicurezza |
|---|---|---|---|
| Standard | ECDH P-384 | ML-KEM-768 | 192-bit ibrido |
| Alta sicurezza | ECDH P-521 | ML-KEM-1024 | 256-bit ibrido |
| Supporto legacy | RSA-4096 + ECDH P-256 | ML-KEM-512 | 128-bit ibrido |
| Minimale | X25519 | ML-KEM-512 | 128-bit ibrido |
| Settore | Min. sicurezza | Combinazione raccomandata |
|---|---|---|
| Settore finanziario | 192-bit | ECDH P-384 + ML-KEM-768 |
| Sanità | 128-bit | ECDH P-256 + ML-KEM-512 |
| Governo | 256-bit | ECDH P-521 + ML-KEM-1024 |
| Energia | 192-bit | ECDH P-384 + ML-KEM-768 |
| Relazione | Scenario | Descrizione |
|---|---|---|
| Componente | 7.2 Key Encapsulation | Dettagli ML-KEM |
| Applicazione | 7.3 Crittografia file | Utilizzo pratico |
| Correlato | 11.1 Generazione chiavi | Creare chiavi |
« ← Panoramica crittografia | ↑ Scenari | 7.2 Key Encapsulation → »
Wolfgang van der Stille @ EMSR DATA d.o.o. - Post-Quantum Cryptography Professional