wolfSSL, in partnership with Security Innovation, has support for the “Quantum-safe hybrid” ciphersuite. Having this ciphersuite supported in the wolfSSL embedded TLS library allows two parties to use any existing ciphersuite and “quantum-safe” any traffic protected by that ciphersuite. Adding in the quantum resistant section to the master secret increases protection against attackers who record the traffic and later develop quantum computers.
The super-fast NTRU algorithm, featuring efficient key generation, encryption, and decryption, is a quantum computer resistant algorithm currently being used with the quantum-safe ciphersuite. By using a one-time NTRU key to encrypt extra secret material, the handshake allows users to continue using their existing ciphersuites (which may be necessary for certificate support or because they have regulations that require it) while at the same time benefiting from the true long-term security that NTRU gives. Because NTRU is fast, the additional processing load from the use of this ciphersuite is low.
To view and use the quantum safe handshake extensions, first download and install NTRU (an Open Source version can be found at https://github.com/NTRUOpenSourceProject/ntru-crypto). Then download the most recent version of wolfSSL (https://www.wolfssl.com/download/) and compile using ./configure –with-ntru –enable-qsh. The draft for QSH is located here https://tools.ietf.org/html/draft-whyte-qsh-tls13-00.
If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.