Category: Post-Quantum

Here at wolfSSL we love it when our partners achieve great things. We’d like to give a big shout out to our friends at Crypto4A for achieving a huge milestone by getting their CAVP (Cryptographic Algorithm Validation Program) validation. The details can be found here.

In summary, they got a Hardware validation for the QASM Cryptographic Module which stores, protects and manages cryptographic keys. Of very special note, their validation includes post-quantum algorithms LMS, ML-DSA, ML-KEM and SLH-DSA.

This is the same product that wolfSSL and Crypto4A use in an interoperability demonstration at the ICMC Conference in 2023. In that demonstration, the QASM signed a firmware image with LMS and wolfBoot was used to verify the firmware image against an LMS public key and signature and then booted the firmware. Preparations are underway for another demonstration where the QASM will be used to generate an ML-DSA certificate chain which will be used in a TLS 1.3 post-quantum connection using the wolfSSL library. The cryptographic operations will be done on an NXP iMX-93.

You can soon expect to see CAVP validation for wolfSSL’s post-quantum algorithm implementations in wolfCrypt as well. Want to see that effort accelerated and given a higher priority? Let us know and register your interest by sending a message to facts@wolfssl.com!

If you have questions about any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.

Download wolfSSL Now

In case you were wondering, the answer is a resounding YES!! We’ve been hard at work making post-quantum algorithms first class citizens in our products. Have a look at the list of post-quantum related changes made in our latest release of wolfSSL 5.7.4:

• Replaced the use of pqm4 with wolfCrypt’s implementations of Kyber (ML-KEM) and Dilithium (ML-DSA) on STM32 platforms (PR 7924)
• Configurable support for reduced dynamic memory allocation in wolfCrypt’s Dilithium (ML-DSA) implementation (PR 7727)
• Configurable support for Dilithium (ML-DSA) precalculated vectors (PR 7744)
• Allow Kyber (ML-KEM) to be built with FIPS 140-3 outside the boundary (PR 7788)
• Allow Kyber (ML-KEM) assembly optimizations to be used in the Linux kernel module (PR 7872)
• Update Dilithium and Kyber to ML-DSA and ML-KEM (PR 7877)

As you can see, not only is post-quantum cryptography still on the roadmap, it is a priority!

If you have questions about any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.

Download wolfSSL Now

Lightning-fast Kyber (ML-KEM) implementations as specified in FIPS-203 are now here as of wolfSSL release 5.7.4:

• ARM32 v4 to v8 base assembly instructions for Kyber (ML-KEM); PR 8040
  • Even faster NEON instructions are under development!
• Aarch64 implementations of Kyber (ML-KEM) functions; PR 7998
• SHA-3 assembly implementations used by Kyber (ML-KEM); PR 7998
• ARMv7E-M/ARMv7-M assembly instructions for Kyber (ML-KEM); PR 7706

If you’re worried about the performance and speed of post-quantum Kyber (ML-KEM); you shouldn’t be! Even without these lightning fast optimizations, ML-DSA beats ECDH. You can see our benchmarks comparing ECDH against ML-DSA on ARM Cortex M4 here. Now, we give it that extra bit of oomph that leaves our competition in the dust!

Come on out and try it for yourself!

If you have questions about any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.

Download wolfSSL Now