RLWE for Open SSL

The library specifies four ciphersuites * RLWE-ECDSA-AES128-GCM-SHA256 * RLWE-RSA-AES128-GCM-SHA256 * RLWE-ECDHE-ECDSA-AES128-GCM-SHA256 * RLWE-ECDHE-RSA-AES128-GCM-SHA256 The first two consist of a RLWE key exchange, as described in [4], authentication based on ECDSA or RSA digital signatures, authenticated encryption (with associated data) (AEAD) based on AES-128 in GCM (Galois Counter Mode); and key derivation and hashing based on SHA-256. The last two offer hybrid ciphersuites that are as above, except the key exchange includes both RLWE and ECDH key exchange; the pre-master secret is the concatenation of the ECDH shared secret and the RLWE shared secret. All these ciphersuites require TLSv1.2 because of the use of AES-GCM. REFERENCES ---------- [1] C. Peikert, "Lattice cryptography for the internet", in Post-Quantum Cryptography - 6th International Workshop (PQCrypto 2014), LNCS 8772, pp. 197-219. Springer, 2014. [2] E. Alkim, L. Ducas, T. Pöppelmann and P. Schwabe, "Post-quantum key exchange - a new hope", IACR Cryptology ePrint Archive, Report 2015/1092, 2015. [3] LatticeCrypto library. MSR. https://www.microsoft.com/en-us/download/details.aspx?id=52371. [4] Joppe W. Bos, Craig Costello, Michael Naehrig, Douglas Stebila. "Post-quantum key exchange for the TLS protocol from the ring learning with errors problem," in Proc. IEEE Symposium on Security and Privacy (S&P) 2015, pp. 553-570. IEEE, May 2015. [5] https://openssl.org/source/old/1.0.2/openssl-1.0.2g.tar.gz