Category: Post-Quantum

wolfBoot for CNSA 2.0 Secure Boot on Zynq UltraScale+ MPSoC

Executive Summary Problem: Zynq UltraScale+ MPSoC secure boot authenticates the FSBL with RSA-4096 in immutable BootROM. CNSA 2.0 requires post-quantum algorithms for long-term software and firmware verification. RSA-4096 is not quantum-resistant, so the BootROM cannot be the final CNSA 2.0 firmware-authentication answer. Solution: Use wolfBoot as the system-level post-quantum authorization layer. Keep AMD secure boot […]

Read MoreMore Tag

wolfSSH Continues on the Post-Quantum Hybrid Key Exchange Journey

Go checkout the master branch of wolfSSH. Two new hybrid KEX methods have been added. Both are defined in draft-ietf-sshm-mlkem-hybrid-kex: mlkem768x25519-sha256 — ML-KEM-768 paired with X25519 mlkem1024nistp384-sha384 — ML-KEM-1024 paired with NIST P-384 This joins mlkem768nistp256-sha256 which has been there for a long time. Why hybrid The “harvest now, decrypt later” threat model means ciphertext […]

Read MoreMore Tag

PQC in cURL

When curl is built with wolfSSL as the TLS backend, you can get ML-KEM and ML-DSA post-quantum algorithm support in TLS 1.3, provided wolfSSL was configured with –enable-curl, –enable-mlkem and –enable-mldsa. Getting started with wolfSSL? Download the latest libraries here and start exploring. The following ML-KEM groups are available: Pure ML-KEM (post-quantum only) ML_KEM_512 ML_KEM_768 […]

Read MoreMore Tag

Performance and Portability: Post-Quantum Cryptography with wolfSSL and Vulkan

Post-quantum standards like ML-DSA introduce significant compute challenges. These lattice-based schemes rely on high-degree polynomial math that can overwhelm traditional CPUs, making GPU acceleration essential for high-volume environments. The primary bottlenecks occur during Key Generation and Signing. In ML-DSA, signature generation is particularly intensive due to rejection sampling. This process requires the algorithm to repeatedly […]

Read MoreMore Tag

Accelerating ML-DSA Key Generation with wolfSSL and CUDA

With the formalization of ML-DSA for post-quantum usage, lattice-based cryptography introduces a significant compute challenge. Unlike traditional ECC or RSA, ML-DSA relies on complex polynomial math across hundreds of dimensions, creating a performance wall for high-volume systems. To address this compute issue, wolfSSL can utilize CUDA to accelerate these lattice operations, offloading the heavy math […]

Read MoreMore Tag

PQC in the linux kernel

The linux kernel’s ctcrypto subsystem is powerful and flexible, containing the kernel’s internal implementations for familiar algorithms such as RSA and ECDSA, along with an API framework that allows registering cryptographic providers for other crypto-consuming modules. A quick glance at output from cat /proc/crypto shows a rich set of crypto drivers exposed, ranging from the […]

Read MoreMore Tag

Rust support for post-quantum cryptography

wolfSSL is excited to announce the addition of post-quantum cryptographic algorithms in Rust to the wolfSSL 2026 roadmap! The planned additions to the wolfSSL Rust API include the ML-KEM, ML-DSA, LMS, XMSS, Falcon, and SPHINCS+ algorithms. These additions will bring direct support to Rust projects for the robust wolfSSL implementations of the most future-proof post-quantum […]

Read MoreMore Tag

wolfCrypt FIPS 140-3 with Post-Quantum Cryptography Available Now

wolfSSL is actively developing a new FIPS 140-3 certificate that incorporates NIST’s finalized post-quantum algorithms (FIPS 203, 204, 205), reflecting its ongoing commitment to long-term compliance, regulatory readiness, and early adoption of emerging cryptographic standards. Initial PQC-enabled FIPS configurations are available for integration and evaluation, supporting CNSA 2.0-aligned use cases. The formal CMVP submission is […]

Read MoreMore Tag

Posts navigation

1 2 3