Post-Quantum Hybrid Solutions

Here at wolfSSL, when it comes to post-quantum algorithms, we are careful to provide conservative approaches. We are aware that these algorithms are new and developments are still on-going as cryptographers continue analyzing these algorithms. As such, we always encourage hybridizing with conventional algorithms. Here are the hybrids we offer:

Hybrid Key exchange via concatenation in TLS 1.3 and DTLS 1.3

  • ECDHE P-256 Kyber Level 1
  • ECDHE P-384 Kyber Level 3
  • ECDHE P-521 Kyber Level 5

Hybrid authentication via dual key/sig certificates in TLS 1.3

  • ECDSA P-256 and Dilithium Level 2
  • ECDSA P-384 and Dilithium Level 3
  • ECDSA P-521 and Dilithium Level 5
  • ECDSA P-256 and Falcon Level 1
  • ECDSA P-521 and Falcon Level 5
  • RSA-3072 and Dilithium Level 2
  • RSA-3072 and Falcon Level 1

MQTT protocol relies on TLS, so wolfMQTT has support for everything above.

ECDHE P-256 hybridized with Kyber Level 1 in wolfSSH

  • ecdh-nistp256-kyber-512r3-sha256-d00@openquantumsafe.org

Go ahead and try them out today!

And finally, we are also developing support for X25519 in wolfSSH. Soon to come after that will be X25519 hybridized with Kyber in wolfSSH. Let your voice be heard! Let us know if you want to try this out. The more interest there is out there, the higher it will rise in priority!

If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now