Everything wolfSSL is Preparing for Post-Quantum as of Spring 2024

We’ve done a lot to enable post quantum cryptography in our products over the last 3 years. The list below outlines everything we have available, in open source, for users right now. If you see something on the list that you have questions about, or think there is some further enablement that we should do, please email us at facts@wolfSSL.com and share your thoughts.

wolfCrypt

We now have our own in house developed implementations of the following post-quantum algorithms:

  • Kyber/ML-KEM
  • LMS/HSS
  • XMSS/XMSS^MT
  • Dilithium/ML-DSA (Coming soon!!)

We will be implementing more over the coming months. These implementations live up to the wolfCrypt standards: Minimum code size, maximum performance, and ability to run on bare metal, RTOS, and standard environments.

wolfSSL

For TLS 1.3 and DTLS 1.3, we know from Grover’s algorithm that the symmetric ciphers lose about half their security in the presence of a Cryptographically Relevant Quantum Computer (CRQC). Typically, AES-128 is considered sufficient. As such, if you want to preserve that level of security, simply move to AES-256 which is easy because we already support TLS_AES_256_GCM_SHA384.

Authentication and key exchange are a different story. These are asymmetric algorithms and we know from Shor’s algorithm that our modern methods are completely broken in the presence of a CRQC. As such, we support Kyber/ML-KEM in both hybrid and normal modes:

  • Kyber Level 1
  • Kyber Level 3
  • Kyber Level 5
  • ECDHE P-256 hybridized with Kyber Level 1
  • ECDHE P-384 hybridized with Kyber Level 3
  • ECDHE P-521 hybridized with Kyber Level 5

For authentication, we support Dilithium/ML-DSA as well as Falcon. We have chosen to use the method of hybridization that is specified in the most recent edition of the X.509 specification where an alternative public key and signature are specified as X.509 extensions; we call these dual-algorithm certificates. At the TLS 1.3 layer, which key(s) and signature(s) are used in the CertificateVerify handshake message is negotiated via TLS extensions.

We support authentication in both hybrid and normal modes:

  • Dilithium Level 2
  • Dilithium Level 3
  • Dilithium Level 5
  • Falcon Level 1
  • Falcon Level 5
  • ECDSA P-256 and Dilithium Level 2
  • ECDSA P-384 and Dilithium Level 3
  • ECDSA P-521 and Dilithium Level 5
  • ECDSA P-256 and Falcon Level 1
  • ECDSA P-521 and Falcon Level 5
  • RSA-3072 and Dilithium Level 2
  • RSA-3072 and Falcon Level 1

wolfMQTT

Note that our wolfMQTT product uses the TLS 1.3 implementation from wolfSSL so you can get these post-quantum features automatically.

wolfSSH

For wolfSSH, we support the hybrid key exchange known as ecdh-nistp256-kyber-512r3-sha256-d00@openquantumsafe.org which allows us to interop with the OQS fork of OpenSSH and the AWS Transfer Family SSH implementation.

wolfBoot

For wolfBoot, we have support for the stateful hash based signature schemes LMS/HSS and XMSS/XMSS^MT.

Open Source Integrations

In terms of open source project integrations, we have post-quantum integrations with these three web servers:

And for the web client side, we have also made cURL quantum-safe! See this video for instructions on how to build.

If you’ve got an application where making changes is difficult due to legacy software, we’ve got our post-quantum integration with stunnel to make your migration a breeze.

The Future

Our own implementation of Dilthium/ML-DSA is coming soon.
We have plans to add Curve25519 hybridized with Kyber in TLS 1.3, DTLS 1.3 and SSH. Want to get these plans accelerated? Send us a message letting us know your protocol preference!

If you have questions about our post-quantum efforts or any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now