Skip to content

Integrating PQC into TLS 1.3

Jump to bottom Edit New page
xvzcf edited this page Jun 19, 2020 · 6 revisions

Although the final TLS 1.3 specification approved by the IETF doesn't support quantum-safe cryptography, it could be added with extensions thanks to TLS 1.3's modular design.

OpenSSL 1.1.1's master branch implements the TLS 1.3 protocol. Our OQS-OpenSSL_1_1_1-stable branch provides an experimental integration of quantum-safe cryptography into TLS 1.3 key, supporting post-quantum key exchange and authentication, both stand-alone and in hybrid mode (i.e., in combination with a classical scheme).

The following sections of the paper "Prototyping post-quantum and hybrid key exchangeand authentication in TLS and SSH" describe how this integration was broadly carried out:

  • For key-exchanges: Sections 3.2.1, 3.2.2 and 3.2.3
  • For digital signatures: Sections 4.1.1, 4.1.2 and 4.1.3

Our integration is also conformant with https://tools.ietf.org/html/draft-ietf-tls-hybrid-design-00; for the curve IDs, code-points, and OIDs we have chosen for our post-quantum algorithms, consult: https://docs.google.com/spreadsheets/d/12YarzaNv3XQNLnvDsWLlRKwtZFhRrDdWf36YlzwrPeg/edit#gid=0

Add a custom footer
Add a custom sidebar
Clone this wiki locally