Partial Post Quantum Cryptography migration of GitLab Community Edition source code with 3 main contributions
1. Devloped RubyCrypt - a simple scanner to assist the Cryptographic Inventory Compilation of Ruby apps
2. Configured git to use PQC signature (CRYSTALS-Dilithium) for commit signing
3. Included CRYSTALS-Dilithium to ssh_data, a common cryptographic Ruby gem used by GitLab (& GitHub):1. Introduction
2. Theoretical Background - Post Quantum Cryptography
2.1. Code-based Cryptography
2.1.1. McEliece Cryptosystem
2.2. Lattice-based Cryptography
2.2.1. CRYSTALS-Dilithium
3. Post Quantum Cryptography Migration of GitLab - a Case Study
3.1. Problem Statement
3.2. Related Work
3.2.1. Software Tools for Static Program Analysis
3.3. Chosen Approach
4. Implementation
4.1. Cryptographic Inventory Compilation
4.1.1. Results
4.2. Migration Planning
4.3. Migration Execution
4.3.1. PQC Commit Signatures in git
4.3.2. Including Dilithium to ssh_data
5. Conclusion and Outlook
6. References
List of Tables
List of Figures
List of Source Code
Acronyms
Notation / Partielle Migration des GitLab Community Edition Source Codes auf Verfahren der Post-Quanten-Kryptographie mit 3 Hauptergebnissen
1. Entwicklung von RubyCrypt - einem simplen Scanner zur Unterstützung der Inventarisierung verwendeter Kryptographie in Ruby-Anwendungen
2. Konfiguration von git zur Verwendung des quantensicheren Signaturalgorithmus CRYSTALS-Dilithium zur Signatur von Commits
3. Integration von CRYSTALS-Dilithium in ssh_data, ein populäres kryptographisches Ruby gem welches in GitLab (und GitHub) verwendet wird:1. Introduction
2. Theoretical Background - Post Quantum Cryptography
2.1. Code-based Cryptography
2.1.1. McEliece Cryptosystem
2.2. Lattice-based Cryptography
2.2.1. CRYSTALS-Dilithium
3. Post Quantum Cryptography Migration of GitLab - a Case Study
3.1. Problem Statement
3.2. Related Work
3.2.1. Software Tools for Static Program Analysis
3.3. Chosen Approach
4. Implementation
4.1. Cryptographic Inventory Compilation
4.1.1. Results
4.2. Migration Planning
4.3. Migration Execution
4.3.1. PQC Commit Signatures in git
4.3.2. Including Dilithium to ssh_data
5. Conclusion and Outlook
6. References
List of Tables
List of Figures
List of Source Code
Acronyms
Notation
| Identifer | oai:union.ndltd.org:DRESDEN/oai:qucosa:de:qucosa:91038 |
| Date | 23 April 2024 |
| Creators | Schröck, Florian |
| Contributors | Hochschule für Technik, Wirtschaft und Kultur Leipzig |
| Source Sets | Hochschulschriftenserver (HSSS) der SLUB Dresden |
| Language | English |
| Detected Language | English |
| Type | info:eu-repo/semantics/updatedVersion, doc-type:masterThesis, info:eu-repo/semantics/masterThesis, doc-type:Text |
| Rights | info:eu-repo/semantics/openAccess |
| Relation | info:eu-repo/grantAgreement/Bundesministerium für Bildung und Forschung/KMU-innovativ/https://www.forschung-it-sicherheit-kommunikationssysteme.de/projekte/amiquasy//Agile Migration auf quantensichere Systeme/AMiQuaSy |
Page generated in 0.0014 seconds