-
Notifications
You must be signed in to change notification settings - Fork 203
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Post Quantum Is All The Rage These Days #407
Comments
They are also being broken still. I wouldn't necessary recommend spending much time putting them into xCA (at least yet). |
Starting to see a push towards PQC for practical use and I have started to see Kyber and Dilithium support in commercial HSMs. Some examples:
Unfortunately, this would require use of OpenSSL 3 algorithm providers as far as I can tell. |
ML-KEM (Kyber), ML-DSA (Dilithium), and SLH-DSA (Sphincs+) have now been approved by NIST. Given that OpenSSL 3 shows in the ChangeLog in 2023, can we hope that these PQC algorithms will be supported soon with a provider like OQS? |
I know I should be following NIST more closely than I have. Are people implementing one of these constructions?
Any idea what the certificates will look like? PQ? Classical? Hybrid? If hybrid, are both signatures first-class-citizens? Enquiring minds want to know. |
For reference: Some relevant open implementations I'm aware of, but are either official references or not suitable for production
Now that the NIST standards are officially published, hopefully we'll see open, production-ready and audited implementations next year. |
Certificate-related interop testing is performed in this community, mainly during IETF hackathons: https://github.com/IETF-Hackathon/pqc-certificates. There are multiple implementations (e.g., pure-PQ, or hybrids). |
There is a lot of talk about Post-Quantum / Quantum-Resistant Cryptography, and leadership at a company I am talking with has asked about a proof-of-concept for a PKI that uses Post Quantum algorithms. Personnel there have experience with XCA for offline roots and offline bridge CAs.
Would it be feasible to build a version of XCA that offers Falcon/CRYSTALS-Dilithium for signatures, possibly even being able to build on the work done by "Open Quantum Safe" (https://github.com/open-quantum-safe), either in a hybrid-mode with ECDSA/EdDSA (two signatures, one ECC, one PQ) or in a "pure" Post Quantum way?
Looking forward to helping this company understand and demonstrate what a PQ PKI might look like.
The text was updated successfully, but these errors were encountered: