PRODUCTS
wolfSSL Support for Post-Quantum
wolfSSL, the world’s first cryptography provider supporting CNSA 2.0 compliance, leads in robust post-quantum cryptography solutions, including ML-KEM (Kyber) key encapsulation and ML-DSA (Dilithium) digital signatures. For more information on wolfSSL's Post-Quantum Cryptography solutions, contact us at facts@wolfSSL.com today!
Download wolfSSL and stay ahead of the quantum curve.
PQC FIPS Certification in process! Learn more
Highlights
- CNSA 2.0-compliant post-quantum algorithms: ML-KEM (FIPS-203), ML-DSA (FIPS-204), SLH-DSA (FIPS-205), LMS, XMSS
- Verify-only build time options for stateful hash-based signature schemes LMS and XMSS
- Performance-optimized with assembly routines for x86_64, ARM and RISC-V architectures, ideal for embedded systems with a small footprint and/or bare-metal
- Fully integrated with the wolfSSL Layer for (D)TLS 1.3 support for seamless PQC adoption and migration
- wolfTPM update to support the new TCG TPM 2.0 v1.85 PQC Specification. Learn more
- Deprecation and removal of libOQS (OpenQuantumSafe) algorithm integrations now that we have production-grade implementations
- Available in wolfBoot, wolfMQTT, wolfSSH, wolfHSM, wolfTPM, curl, and Apache Web Server for flexible PQC support
- Coming soon: Our FIPS 140-3 PQC Certificate!
Algorithm Support in wolfCrypt
KEM (Key Encapsulation Mechanism)
Implementation of ML-KEM (Kyber, FIPS-203) Parameter sets:
- ML-KEM-512
- ML-KEM-768
- ML-KEM-1024 (CNSA 2.0 compliant)
- Optimizations for x86_64, ARM, RISC-V
General Signature Schemes
Implementation of ML-DSA (Dilthium, FIPS-204) Parameter sets:
- ML-DSA-44
- ML-DSA-65
- ML-DSA-87 (CNSA 2.0 compliant)
- Optimizations for x86_64, ARM, RISC-V
Stateless Hash-Based Signature Schemes
Implementation of SLH-DSA (FIPS-205) Parameter sets:
- SLH-DSA SHAKE128s
- SLH-DSA SHAKE128f
- SLH-DSA SHAKE192s
- SLH-DSA SHAKE192f
- SLH-DSA SHAKE256s
- SLH-DSA SHAKE256f
- SLH-DSA SHA2_128s
- SLH-DSA SHA2_128f
- SLH-DSA SHA2_192s
- SLH-DSA SHA2_192f
- SLH-DSA SHA2_256s
- SLH-DSA SHA2_256f
Stateful Hash-Based Signature Schemes
Implementation of LMS/HSS (CNSA 2.0 compliant)
- RFC 8554
Implementation of XMSS/XMSS^MT (CNSA 2.0 compliant)
- RFC 8391
Protocol Support
(D)TLS 1.3, MQTTv5, and MQTT-SN
Supported Groups Extension Codepoints
- ML_KEM_512
- ML_KEM_768
- ML_KEM_1024 (CNSA 2.0 compliant)
- SecP256r1MLKEM512 (hybrid with FIPS 140-3)
- SecP384r1MLKEM768 (hybrid with FIPS 140-3)
- SecP521r1MLKEM1024 (hybrid with FIPS 140-3)
- SecP256r1MLKEM768 (hybrid with FIPS 140-3)
- SecP521r1MLKEM1024 (hybrid with FIPS 140-3)
- SecP384r1MLKEM1024 (hybrid with FIPS 140-3)
- X25519MLKEM512 (hybrid with FIPS 140-3)
- X25519MLKEM768 (hybrid with FIPS 140-3)
- X448MLKEM768 (hybrid with FIPS 140-3)
Sigalgs Extension Codepoints
- ML_DSA_44
- ML_DSA_65
- ML_DSA_87 (CNSA 2.0 compliant)
Symmetric Ciphers
- TLS_AES_128_GCM_SHA256 (FIPS 140-3 Compliant)
- TLS_AES_256_GCM_SHA384 (FIPS 140-3 and CNSA 2.0 Compliant)
X.509 2019 Edition (Chimera Certificates) + X9.146 TLS 1.3 Extensions
- Alternative Subject Public Key Extension
- Alternative Signature Algorithm Extension
- Alternative Signature Value Extension
- CKS TLS 1.3 Extensions for signature algorithm negotiation
SSHv2
- mlkem768nistp256-sha256 (hybrid with FIPS 140-3)
- mlkem1024nistp384-sha384 (hybrid with FIPS 140-3)
- mlkem768x25519-sha256
wolfSSL Post-Quantum Products in Production
- ExpressVPN’s Lightway Protocol using (D)TLS 1.3 with Post-Quantum Algorithms Protecting Millions of Devices
Learn more! - EigenQ
- Pumamesh
Collaboration Projects
- Wells Fargo, wolfSSL and KeyFactor Proof of Technology for QTLS
- NIST’s (National Institute of Standards and Technology) NCCoE (National Cybersecurity Center of Excellence) Migration to Post-Quantum Cryptography Project
- wolfSSL and Crypto4A interoperability between wolfBoot and QXEdget Using LMS demo project
- wolfSSL and AWS interoperability between wolfSSH and AWS Transfer Family using ML-KEM and ECDH hybrid scheme
Benchmarks
Post-Quantum Kyber (Linux)
Platform: 11th Gen Intel® Core™ i7-1185G7 @ 3.00GHz × 8
Benchmark:
Post-Quantum Kyber Benchmarks (ARM Cortex-M4)
Platform: STM NUCLEO-F446ZE
Benchmark:
Post-Quantum Kyber Benchmarks (MacOS)
Platform: Apple MacBook Pro 18,3 with an Apple M1 Pro, 3.09 GHz processor
Benchmark:
Release Plan
- FIPS 140-3 PQC Certification in Progress
- ACVP and CMVP certification of our post-quantum algorithms
- ML-KEM and ML-DSA support in the Java providers (wolfJSSE, wolfJCE)
- Support for PQC algorithms in PKCS7
- Integrations against more open source projects to make them quantum-safe
- SLH-DSA for TLS 1.3 handshake authentication
- Ed25519 hybridized with ML-DSA in wolfSSL and wolfMQTT
- SM2 KEX hybridized with ML-KEM in wolfSSL
- Support for PKI artifact generation using post-quantum algorithms in wolfCLU
- LMS and XMSS private key operation support in wolfHSM
- LMS and XMSS support in root and intermediate CA certificates during (D)TLS 1.3 handshake
- Post-quantum cryptography support in the Linux and BSD kernel providers
- Post-quantum key agreement in WolfGuard (FIPS WireGuard)
- LMS and XMSS support in wolfSSL PKCS11 consumer
- LMS and XMSS support in wolfPKCS11
- Expand supported post-quantum algorithms, including FrodoKEM, FN-DSA, and HQC
- Merkle Tree Certificate support in wolfSSL and cURL as specified in
- Post-quantum algorithm support in wolfProvider
Resource
Documentation & examples
Post-Quantum Cryptography Video Series
Explore our full video series on Post-Quantum Cryptography in the YouTube playlist!