Post Quantum media encryption

Last modified by Sylvain Berfini on 2022/07/19 12:45

Starting SDK release 5.2 the post quantum media encryption is available when using ZRTP.

Building the feature

By default the option is disable, so you have to manually enable it using cmake:

cmake .. -DENABLE_PQCRYPTO=ON

You can check if the feature is available at runtime using this method:

linphone_core_get_post_quantum_available();

Using a post quantum algorithm

First of all, you must have enabled ZRTP as your media encryption if it isn't done already:

linphone_core_set_media_encryption(core, LinphoneMediaEncryptionZRTP);

Now, in the audio call statistics, you can check and display various information about ZRTP algorithms in use:

linphone_call_stats_get_zrtp_cipher_algo()
linphone_call_stats_get_zrtp_key_agreement_algo()
linphone_call_stats_get_zrtp_hash_algo()
linphone_call_stats_get_zrtp_auth_tag_algo()
linphone_call_stats_get_zrtp_sas_algo()

These informations are only available if the authentication token isn't null!

By default ZRTP won't use post quantum algorithm, so you have to configure it.

You can do it in your configuration file, like this:

[sip]
zrtp_key_agreements_suites=MS_ZRTP_KEY_AGREEMENT_K255_KYB512

Or in code:

linphone_core_set_zrtp_key_agreement_suites(core, key_agreement_algorithms);

Note that both way asks for a list of algorithms, sorted in preference order (first one most preferred).

You can check the list of supported ZRTP key agreement algorithms in theĀ LinphoneZrtpKeyAgreement enum.

We strongly recomment to use hybrid algorithms (K255_XXX, K448_XXX, etc...) instead of single algorithms (KYB1, SIK1, etc...).

If you want to know if a key agreement algorithm is a post quantum one or not, you can use the following method:

linphone_call_stats_is_zrtp_key_agreement_algo_post_quantum(call_stats);