(Some of this code is based off https://github.com/dstebila/openssl-rlwekex.)
This software implements a key exchange protocol from the learning with errors (LWE) problem. It additionally contains optimizations for reducing the bandwidth of the protocol. For further details, see the extended abstract available at: https://github.com/google/jalic/blob/master/lwe-key-exchange.pdf
The software is written in plain C (C99) compiled with GCC on the Linux (x86_64) platform.
To compile:
cd openssl-lwekex
./configure
make depend
make
To get timing information for key generation and key derivation:
apps/openssl speed lwekex
To see message sizes during protocol execution, first run a server:
apps/openssl s_server -cert ../testcert.pem -accept 4433
Then, a client:
apps/openssl s_client -connect localhost:4433 -cipher LWE-RSA-AES128-GCM-SHA256 -msg
In the output, message bytes are annotated with their length as follows:
...
e5 44 34 4d f9 f4 ec 32 6d 85 19 19 95 90 39 2e
ad 1f 13 d2 78 a9 d4 0b c0 43 97 e2 15 9a fd c0
40 d0 ad 05 de df a4 55 b8 0c
>>> TLS 1.2 Handshake [length 0004], ServerHelloDone
0e 00 00 00
>>> TLS 1.2 Handshake [length 270a], ClientKeyExchange
10 00 27 06 27 00 c0 8d 3f e0 14 ff f7 bf 57 4f
5e 08 2d 6b a1 d0 5b 68 2e 71 5b ea ab 3e d0 5b
fe 7d b7 3f 2a cd 97 8c 11 7e 5e 91 00 f6 c3 82
6c 57 0c 2d c3 5f ae d6 5c 5c ac 4f 7e ef d7 bd
39 4c a7 99 27 fb 0f 8f 52 9d d5 5b ff a8 fa 43
c1 3e 4a c2 73 92 15 46 9c 94 73 20 59 70 6b 1b
...
The message length in the client's key exchange step is 0x270a
or 9994 bytes.
To run one key exchange that tests the quality of sampling and the correctness of key exchange, run:
test/lwekextest
To run a continuous test that tests reconciliation error rates, run:
test/lwekextest cont
To switch between constant and non-constant time, appropriately set the flag
CONSTANT_TIME
to 1
or 0
respectively in
openssl-lwekex/crypto/lwekex/lwekex_locl.h
.