Scribd
Upload
98 views1 page

Post Quantum wolfSSL

The wolfSSL library is now safe against the “Harvest Now, Decrypt Later” post-quantum threat model with the addition of our new TLS 1.3 post-quantum groups.

Uploaded by

wolfSSL
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
98 views1 page

Post Quantum wolfSSL

The wolfSSL library is now safe against the “Harvest Now, Decrypt Later” post-quantum threat model with the addition of our new TLS 1.3 post-quantum groups.

Uploaded by

wolfSSL
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

Post-Quantum wolfSSL

The wolfSSL library is now safe against the “Harvest Now, Decrypt Later” post-quantum threat
model with the addition of our new TLS 1.3 post-quantum groups.

Hybrid Post Quantum Groups in TLS 1.3

Recently, we announced our wolfSSL libOQS integration and we have completed hybridization of
our KEMs with NIST-standardized ECDSA components to continue future-proofing encrypted
data streams. These hybridized algorithms continue to be FIPS compliant under the current
NIST standards.

One approach we are taking involves hybridizing post-quantum algorithms with cryptographic
algorithms that we actually trust. ECC with NIST standardized curves seem like good candidates,
especially since continued FIPS compliance is a priority.
To achieve hybridization, we followed the following design:
– The client’s key share is the classical public key concatenated with the post-quantum
public key.
– The server’s key share is the classical public key concatenated with the post-quantum
ciphertext.
– The shared secret is the classical shared secret concatenated with the post-quantum
shared secret.

Post Quantum cURL


wolfSSL is developing a test for post-quantum cURL to make cURL resistant to “harvest now;
decrypt later” attacks from a future quantum-enabled adversary. This protection is important if
you value confidentiality over the long term. This effort involves enabling the use of the new post-
quantum groups for TLS 1.3 in cURL when built with wolfSSL.

Research Results from the pq-wolfssl Team


The pq-wolfssl development team has done an excellent experimental post-quantum
integration, published in their paper “Mixed Certificate Chains for the Transition to Post-
Quantum Authentication in TLS 1.3”.

In the paper, the team “selected the open source TLS library wolfSSL (v4.7.0) for our
integrations of PQC, because it is suitable for embedded systems and supports TLS 1.3.”

wolfSSL 5.1.1: FALCON


The FALCON Signature Scheme is integrated in the wolfSSL v5.1.1 release! It is a post-quantum
algorithm that is a finalist of round 3 of the NIST PQC competition. It shows much promise in that
while its artifacts are large and key generation and signing are a bit slower than currently
standardized algorithms, signature verification times are much faster which bodes well for IoT
and constrained devices.

Learn More
For more information on wolfSSL’s post-quantum projects, please contact us at [email protected].
Please send any comments or feedback to [email protected]. Thanks!

wolfss l.com
github.com/wolfssl
Copyright © 2022 wolfSSL Inc. All Rights Reserved

You might also like