PRODUCTS

wolfSSL Support for Post-Quantum

wolfSSL, the world’s first cryptography provider supporting CNSA 2.0 compliance, leads in robust post-quantum cryptography solutions, including ML-KEM (Kyber) key encapsulation and ML-DSA (Dilithium) digital signatures. For more information on wolfSSL's Post-Quantum Cryptography solutions, contact us at facts@wolfSSL.com today!

Download wolfSSL and stay ahead of the quantum curve.

Highlights

  • CNSA 2.0-compliant post-quantum algorithms like Kyber and Dilithium, meeting FIPS 203 & 204 standards.
  • Hash-based SPHINCS+, LMS, and XMSS signatures for both stateful and stateless options.
  • Performance-optimized for x86_64 and ARM architectures, ideal for embedded systems with a small footprint and bare-metal support.
  • Fully integrated in wolfCrypt, with (D)TLS 1.3 and MQTT support for seamless PQC adoption.
  • Available in wolfBoot, wolfSSH, cURL, and Apache Web Server for flexible PQC support.

 

Algorithm Support in wolfCrypt

KEM (Key Encapsulation Mechanism)

Implementation of ML-KEM (Kyber)

Parameter sets:

  • ML-KEM-512
  • ML-KEM-768
  • ML-KEM-1024 (CNSA 2.0 compliant)
  • Optimizations for x86_64 and ARM

General Signature Schemes

Implementation of ML-DSA (Dilthium)

Parameter sets:

  • ML-DSA-44
  • ML-DSA-65
  • ML-DSA-87 (CNSA 2.0 compliant)
  • Optimizations for x86_64 and ARM

FALCON via integration with liboqs

Parameter sets:

  • Falcon-512
  • Falcon-1024

Stateless Hash-Based Signature Schemes

SPHINCS+ via integration with liboqs

Parameter sets:

  • SPHINCS+-SHAKE-128f-simple
  • SPHINCS+-SHAKE-192f-simple
  • SPHINCS+-SHAKE-256f-simple
  • SPHINCS+-SHAKE-128s-simple
  • SPHINCS+-SHAKE-192s-simple
  • SPHINCS+-SHAKE-256s-simple

Stateful Hash-Based Signature Schemes

Implementation of LMS/HSS (CNSA 2.0 compliant)

  • RFC 8554

Implementation of XMSS/XMSS^MT (CNSA 2.0 compliant)

  • RFC 8391

Protocol Support

(D)TLS 1.3, MQTTv5, and MQTT-SN

Supported Groups Extension Codepoints

  • KYBER_LEVEL1
  • KYBER_LEVEL3
  • KYBER_LEVEL5 (CNSA 2.0 compliant)
  • P256_KYBER_LEVEL1 (hybrid with FIPS 140-3)
  • P384_KYBER_LEVEL3 (hybrid with FIPS 140-3)
  • P521_KYBER_LEVEL5 (hybrid with FIPS 140-3; CNSA 2.0 compliant)

Sigalgs Extension Codepoints

  • DILITHIUM_LEVEL1
  • DILITHIUM_LEVEL3
  • DILITHIUM_LEVEL5 (CNSA 2.0 compliant)
  • X9.146 CKS Extensions for signature algorithm negotiation

Symmetric Ciphers

  • TLS_AES_128_GCM_SHA256 (FIPS 140-3 Compliant)
  • TLS_AES_256_GCM_SHA384 (FIPS 140-3 and CNSA 2.0 Compliant)

X.509 2019 Edition

  • Alternative Subject Public Key Extension
  • Alternative Signature Algorithm Extension
  • Alternative Signature Value Extension

SSHv2

ecdh-nistp256-kyber-512r3-sha256-d00@openquantumsafe.org (hybrid with FIPS 140-3)

Post-Quantum Integrations against wolfSSL/wolfCrypt

  • wolfMQTT
  • wolfBoot (LMS/HSS, XMSS/XMSS^MT, ML-DSA and ECDSA hybrid,
    ML-DSA)
  • wolfSSH
  • wolfHSM
  • cURL Web Client
  • Apache Web Server
  • Lighttpd Web Server
  • Nginx Web Server
  • Stunnel
  • STM32CubeIDE

Learn more about Post-Quantum Integrations in our blog post here and here.

wolfSSL Post-Quantum Products in Production

  • ExpressVPN’s Lightway Protocol using (D)TLS 1.3 with Post-Quantum Algorithms Protecting Millions of Devices
    Learn more!

Release Plan

  • ACVP certification of our post-quantum algorithms
  • Integrations against more open source projects to make them quantum-safe
  • Add Curve25519 hybridized with ML-DSA in wolfSSL, wolfSSH and wolfMQTT
  • Support for PKI artifact generation using post-quantum algorithms in wolfCLU
  • Post-quantum algorithm support in wolfHSM
  • LMS support in wolfSSL PKCS11 consumer
  • LMS support in wolfPKCS11
  • Implement FrodoKEM for the european market
  • Monitor “post-quantum on-ramp for signatures” and implement the winners

Resources

Documentation & examples

Post-Quantum Cryptography Video Series
Explore our full video series on Post-Quantum Cryptography in the YouTube playlist here.