Post-Quantum TLS 1.3 Key Establishment comes to STM32 Cortex M4!

Today we have some exciting news! We here at wolfSSL would like to announce that we have achieved a TLS 1.3 connection where the group used for key establishment was KYBER_LEVEL1 and the connection was between an Ubuntu Linux x86_64 machine and an STM32 NUCLEO-F446ZE with an ARM Cortex M4 chip running on bare-metal. We used a generic UART TTL to USB cable.  On the x86_64 side we plugged the cable into the USB port while on the ARM Cortex M4 side we connected to the UART headers. Either side can be the server or the client. 

Some might be wondering how this was achieved as wolfSSL integrates with liboqs for its post-quantum algorithm implementations, but liboqs does not support being built for STM32. The answer is that wolfSSL has a new integration with the OQS team’s sister project, MUPQ team’s pqm4 project. Since the algorithm artifacts interoperate between liboqs and pqm4 and wolfSSL is on both sides, there is full interoperability.  Notably, this should also interoperate with the OQS team’s fork of OpenSSL.

So, does this really matter? In our opinion, yes! A lot of great work has been done showing the impact that post-quantum algorithms will have on The Internet. There are several academic papers and at-scale experiments with some very interesting results that, generally speaking, show that the Internet is ready for post-quantum algorithms. But what about constrained and low-resource devices?  What about IoT? With larger cryptographic artifact sizes and for some operations, more need for processor power, these algorithms have potential to heavily impact constrained and low-resource devices.

Experimentation in these domains has been less forthcoming, likely due to the lack of a TLS stack integrated with post-quantum algorithm implementations for embedded platforms. Now that changes.  Now, you can start experimenting with post-quantum algorithms using TLS 1.3 to understand the impact on your embedded projects.

In the coming weeks, you can look forward to an example STM32CubeIDE project and a recorded webinar about how you can get started with post-quantum key establishment over TLS 1.3 on STM32 devices.

Currently, only KYBER_LEVEL1 is supported. Want other algorithms and variants? Want hybrids? Want to know when the example project and webinar will be released? Get in touch with your sales representative or email us at to start a discussion.