| From: | Filip Janus <fjanus(at)redhat(dot)com> |
|---|---|
| To: | Pgsql Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Channel binding for post-quantum cryptography |
| Date: | 2025-10-20 07:12:52 |
| Message-ID: | CAFjYY+JCCQeh03nzVG6Rs9MUgU_kOvhMbNaaS6kn_c4CcAZkTg@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi hackers,
While working on testing post-quantum cryptography integration in my
system, I discovered that PostgreSQL has an issue with channel binding when
using ML-DSA cryptographic algorithms.
The problem is caused by a difference between the currently used algorithms
and post-quantum ones. For example, commonly used algorithms like RSA have
a defined digest algorithm, but ML-DSA does not.
PostgreSQL's channel binding implementation expects all signature
algorithms to have a traditional digest mapping, but post-quantum
algorithms such as ML-DSA use their hash function internally as part of the
signature process.
As a result, the connection fails with the following error:
could not find digest for NID UNDEF
The issue can be worked around by disabling channel binding.
Although the RFC is not entirely clear on how to handle this situation, in
my patch I propose using SHA-256 as the default digest in such cases.
-Filip-
| Attachment | Content-Type | Size |
|---|---|---|
| 0001-Support-post-quantum-signature-algorithms-in-SCRAM-c.patch | application/octet-stream | 4.6 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Smith | 2025-10-20 07:19:37 | Re: Should we say "wal_level = logical" instead of "wal_level >= logical" |
| Previous Message | Michael Paquier | 2025-10-20 06:53:37 | Re: Preserve index stats during ALTER TABLE ... TYPE ... |