If you’re part of the Web PKI community and haven’t heard of Merkle Tree Certificates then you must have been hiding under a rock for the past year! These are the new format of certificates that are being pushed by Google and Cloudflare to solve the issue of large public keys and signatures in ML-DSA […]
Read MoreMore TagCategory: Post-Quantum
LMS versus XMSS versus SLH-DSA for Secure Boot
Here at wolfSSL we always stay on top of our customer’s requirements. By now you’ve heard us talk about the NSA’s (National Security Agency) CNSA 2.0 (Commercial National Security Algorithm Suite 2.0) ad nauseum. Well, let’s focus in on it again and zero in on that first line: It states that for Software and Firmware […]
Read MoreMore TagwolfBoot for CNSA 2.0 Secure Boot on Zynq UltraScale+ MPSoC
Executive Summary Problem: Zynq UltraScale+ MPSoC secure boot authenticates the FSBL with RSA-4096 in immutable BootROM. CNSA 2.0 requires post-quantum algorithms for long-term software and firmware verification. RSA-4096 is not quantum-resistant, so the BootROM cannot be the final CNSA 2.0 firmware-authentication answer. Solution: Use wolfBoot as the system-level post-quantum authorization layer. Keep AMD secure boot […]
Read MoreMore TagwolfCrypt Is Quantum-Safe and has a FIPS 140-3 CAVP cert!
We’re proud to announce that wolfCrypt Post Quantum has officially received CAVP validation from NIST, listed under certificate #A8437. This validation covers the CNSA 2.0 compatible algorithm library contained within the wolfSSL TLS bundle (v7.0.0), and is a critical milestone on the path to a full FIPS 140-3 module validation for our post-quantum module. Certificate […]
Read MoreMore TagwolfSSH Continues on the Post-Quantum Hybrid Key Exchange Journey
Go checkout the master branch of wolfSSH. Two new hybrid KEX methods have been added. Both are defined in draft-ietf-sshm-mlkem-hybrid-kex: mlkem768x25519-sha256 — ML-KEM-768 paired with X25519 mlkem1024nistp384-sha384 — ML-KEM-1024 paired with NIST P-384 This joins mlkem768nistp256-sha256 which has been there for a long time. Why hybrid The “harvest now, decrypt later” threat model means ciphertext […]
Read MoreMore TagPQC in cURL
When curl is built with wolfSSL as the TLS backend, you can get ML-KEM and ML-DSA post-quantum algorithm support in TLS 1.3, provided wolfSSL was configured with –enable-curl, –enable-mlkem and –enable-mldsa. Getting started with wolfSSL? Download the latest libraries here and start exploring. The following ML-KEM groups are available: Pure ML-KEM (post-quantum only) ML_KEM_512 ML_KEM_768 […]
Read MoreMore TagPerformance and Portability: Post-Quantum Cryptography with wolfSSL and Vulkan
Post-quantum standards like ML-DSA introduce significant compute challenges. These lattice-based schemes rely on high-degree polynomial math that can overwhelm traditional CPUs, making GPU acceleration essential for high-volume environments. The primary bottlenecks occur during Key Generation and Signing. In ML-DSA, signature generation is particularly intensive due to rejection sampling. This process requires the algorithm to repeatedly […]
Read MoreMore TagAccelerating ML-DSA Key Generation with wolfSSL and CUDA
With the formalization of ML-DSA for post-quantum usage, lattice-based cryptography introduces a significant compute challenge. Unlike traditional ECC or RSA, ML-DSA relies on complex polynomial math across hundreds of dimensions, creating a performance wall for high-volume systems. To address this compute issue, wolfSSL can utilize CUDA to accelerate these lattice operations, offloading the heavy math […]
Read MoreMore TagPQC in the linux kernel
The linux kernel’s ctcrypto subsystem is powerful and flexible, containing the kernel’s internal implementations for familiar algorithms such as RSA and ECDSA, along with an API framework that allows registering cryptographic providers for other crypto-consuming modules. A quick glance at output from cat /proc/crypto shows a rich set of crypto drivers exposed, ranging from the […]
Read MoreMore TagRust support for post-quantum cryptography
wolfSSL is excited to announce the addition of post-quantum cryptographic algorithms in Rust to the wolfSSL 2026 roadmap! The planned additions to the wolfSSL Rust API include the ML-KEM, ML-DSA, LMS, XMSS, Falcon, and SPHINCS+ algorithms. These additions will bring direct support to Rust projects for the robust wolfSSL implementations of the most future-proof post-quantum […]
Read MoreMore Tag
