For people following the development of wolfSSH, they might have noticed something very strange recently. There is a new key exchange method that has a very long name: ecdh-nistp256-kyber-512r3-sha256-d00@openquantumsafe.org. This replaces ecdh-sha2-nistp256-kyber-512-sha256 which was similar but had some differences in data formatting.
This name comes from the following IETF draft authored by Panos Kampanakis and Torben Hansen of AWS and Douglas Stebila of the University of Waterloo: https://www.ietf.org/id/draft-kampanakis-curdle-ssh-pq-ke-01.html
The main purpose of this post is to let everyone know that our wolfSSH implementation of ecdh-nistp256-kyber-512r3-sha256-d00@openquantumsafe.org passed NIST NCCoE interoperability tests! It was tested against the AWS implementation of SSH and OQS’s fork of openSSH (https://github.com/open-quantum-safe/openssh). Here at wolfSSL, we know that for protocol products such as wolfSSH, interoperability is a key requirement to be an ecosystem player. Our customers can rest easy knowing that they can interoperate with other products seamlessly. Want to try it out? You can download it from https://github.com/wolfSSL/wolfssh.
This is just one hybrid key exchange. If you want other post-quantum key exchanges or signature schemes to be supported in wolfSSH, let us know! We are always interested to hear about what you want us to do! Send a message to facts@wolfssl.com.