FFeature Request: Implement Quantum-Safe Encryption with Kyber to Prevent Future Decryption by Quantum Computers

[kyber1024]

Description of the issue As the development of quantum computing advances, the need for quantum-safe encryption becomes increasingly important. Traditional encryption methods like TLS are at risk of being broken by powerful quantum computers. One major concern is that censorship departments or other malicious actors may currently store TLS-encrypted data, intending to decrypt it in the near future once quantum computing capabilities are sufficiently advanced. To ensure the long-term security of data and communications, I propose the implementation of Kyber as an enhancement to TLS in Xray. Possible solussion Kyber, a lattice-based, post-quantum cryptographic algorithm, as an enhancement to the existing TLS 1.3 encryption in our tool. This would provide an additional layer of security that is resistant to quantum computing attacks, while maintaining the proven security of TLS 1.3. The integration should be seamless and optional, allowing users to choose between the standard TLS 1.3 encryption and the enhanced TLS 1.3 encryption with Kyber. In addition, there are existing practice on Kyber Reference: https://pq-crystals.org/kyber/index.shtml

[Fangliding]

when go tls supports it

[mayampi01]

@Fangliding It's time to work, dude. https://pkg.go.dev/crypto/tls#Config.CurvePreferences

[Fangliding]

@Fangliding It's time to work, dude. https://pkg.go.dev/crypto/tls#Config.CurvePreferences

I've already noticed it, but utls still not updated so rprx doesn't want to add it to core see https://github.com/XTLS/Xray-core/pull/3813#issuecomment-2351361367

[RPRX]

没有指纹伪装的话意义不大，等 uTLS 更新 @gaukas

[RPRX]

REALITY sessionid 仍用 X25519 共享密钥来加解密，因为相关代码仅作认证不加密应用数据，且客户端始终会发 X25519 临时公钥

[mmmray]

In https://github.com/XTLS/Xray-core/pull/3884: Let's try to use SSL In this issue: How about quantum-resistance?

[Fangliding]

implemented in #3991