End of Summer Post-Quantum Round Up

Here at wolfSSL, we think it is fair to say that we’ve been as busy as beavers with our post-quantum efforts! Here is a round up of updates on our post-quantum efforts over the last few weeks of summer.

Webinar with Guest Speaker Professor Douglas Stebila

Want to get a better understanding of what is going on when you do a post-quantum key exchange using Kyber KEM and hear some of the latest news on post-quantum cryptography? Tune in to our recent webinar with professor Douglas Stebila where he eases in on the inner workings of the Kyber KEM algorithm and how it works. You can find the video here: https://youtu.be/nOcRk5jVGYU .

Dilithium in wolfSSL

We have added support for all parameter sets of Dilithium in the NIST Round 3 submission.  This includes levels 1, 3 and 5 of the SHAKE and AES variants.  Of course we have full interoperability with the OQS’s OpenSSL fork for X.509 certificates and TLS 1.3.

SPHINCS+ in wolfCrypt

We have added support for a limited number of  parameter sets of the NIST Round 3 submission of SPHINCS+.  This includes levels 1, 3 and 5 of fast and small optimizations of the SHAKE simple variant . Notably we did not include the robust variant.  We also did not include the SHA256 variant nor the Haraka variant.  Since signatures are fairly large, we did not integrate SPHINCS+ into our TLS 1.3 implementation. SPHINCS+ is more appropriate for other protocols.  For example, code signing. Of course we have full interoperability with the OQS’s OpenSSL fork for X.509 certificates if you enable the variants we support in OQS’s OpenSSL fork. We have instructions for that here: https://github.com/wolfSSL/osp/blob/master/oqs/README.md

With the new integrations of Dilithium and SPHINCS+ along with our previous integrations of Kyber and Falcon, we now have coverage of all the algorithms that are moving on from NIST’s PQC Competition to standardization!

P256-kyber hybrid in wolfSSH

Originally we had integrated Saber KEM into wolfSSH, but it had been announced that it will no longer be considered for standardization. As such, instead of removing it from wolfSSH, we decided to replace it with ECDHE over the P-256 curve hybridized with Kyber Level1.  Of course this has full interoperability with OQS’s fork of OpenSSH. Please give it a try by fetching from our wolfSSH github repo!

Blog PQ and DTLS 1.3

Credit goes to Callum McLoughlin of the University of Cantebury, one of our newest contributor to wolfSSL, for enabling post-quantum key exchange KEMs in DTLS 1.3.  He’s done an excellent job making changes and testing them out all while keeping the wolfSSL team informed of his progress.  Thanks so much Callum!

If you want to experiment with post-quantum algorithms in DTLS 1.3 you can find detailed instructions in the pull request at https://github.com/wolfSSL/wolfssl/pull/5518 .

If all of this still isn’t enough for you, then show up at our booth at ICMC 2022. Our engineers and business staff would love to talk about post-quantum cryptography with you!

For questions about the release contact facts@wolfssl.com