#openquantumsafe

Open Quantum Safe (OQS) is an open-source initiative that promotes quantum-resistant cryptography. It is a member of the Linux Foundation and the Post-Quantum Cryptography Alliance.

A full explanation of Open Quantum Safe:

Purpose and Goal

Open Quantum Safe develops and tests quantum-resistant encryption. The main goal is to help businesses transition to a quantum-safe future by providing resources to develop and test new cryptographic algorithms. It provides quantum-resistant cryptography prototype software.

Research by the project team and others is sponsored.

History

In 2014, Michele Mosca and Douglas Stebila founded the scientific OQS initiative.

Initial goals included testing and prototyping quantum-resistant algorithms.

As post-quantum cryptography developed and the NIST PQC standardisation process began, Open Quantum Safe refocused on developing a production-track codebase for standardised algorithms while supporting novel algorithm research.

Open Quantum Safe joined the Linux Foundation in January 2024.

Architecture and Core Parts

Open Quantum Safe has two main parts:

Liboqs is an open-source C library for quantum-resistant cryptography. It is central to the OQS project. KEMs and digital signature systems are quantum-resistant cryptographic methods used in liboqs. It supports x86-64, ARM32v7, and ARM64v8 and builds on Windows, macOS, and Linux. Wrappers are available for C++, Go, Java,.Net, Python, and Rust. The Open Quantum Safe team creates prototypes that integrate liboqs into popular applications and protocols. This lets researchers and developers test the performance of novel algorithms in real-world contexts. TLS, SSH, X.509, and CMS/S/MIME are examples of integrations. Demo connections exist for Apache, nginx, haproxy, curl, and Chromium. “Crypto-agile” OQS's architecture is “crypto-agile,” making cryptographic algorithm switching easy. The PQC scene is evolving, thus this is crucial. Combining new post-quantum algorithms with RSA and ECC will create a hybrid strategy that manages transition risk.

Algorithms for Quantum Resistance

Encouraged In the Open Quantum Safe framework, post-quantum cryptography solutions based on “hard problems” that classical and quantum computers struggle to solve are developed. The following are:

CRYSTALS-Kyber (a KEM) and CRYSTALS-Dilithium (a digital signature scheme) were two of the first algorithms NIST standardised. Other supported lattice-based algorithms are FrodoKEM and NTRU-Prime.

SPHINCS+ and LMS/XMSS/HSS are hash-based cryptography algorithms. Though they have larger signatures or fewer key pair usage, these are likely secure.

HQC and Classic McEliece are code-based cryptography techniques.

Additional cryptography families like isogeny-based and multivariate-based are examined.

Some of the other specific algorithms mentioned include BIKE, CROSS, MAYO, ML-DSA, ML-KEM, and SNOVA.

Advantages

Future-Proofing: Open Quantum Safe prepares enterprises for quantum computers that can crack public-key encryption.

Open Source: This collaborative initiative promotes community code audits and openness.

Crypto-Agility: PQC's modular architecture makes algorithm conversion easy as requirements change.

Prototyping: Before standardisation and implementation, researchers and developers can test novel algorithms and understand their performance implications.

Drawbacks and Issues

Performance Overhead: Many post-quantum techniques are computationally demanding and have higher key sizes and signatures than conventional algorithms, affecting network performance and storage.

Lack of Standardisation: NIST has selected various algorithms for standardisation, but the process is ongoing. Because new algorithms have not been as carefully tested as RSA or ECC, new weaknesses may be uncovered.

“Harvest Now, Decrypt Later” Threat: Without a quantum computer to overcome encryption, sensitive data could be collected and stored, requiring an urgent change.

Migration complexity: Switching to new cryptographic standards for large, complex infrastructures requires careful planning, a lot of money, and a skilled team.

Applications

Anyone using public-key cryptography can utilise Open Quantum Safe. Useful regions include:

TLS encryption of email, web traffic, and other network communications using quantum-resistant methods.

Software Updates: Authenticating firmware and software upgrades with quantum-resistant digital signatures.

Defending IoT communications and low-power devices.

Defending blockchain and digital currency cryptography from quantum assaults.

Shown and integrated: OpenVPN, Chromium, curl, links, nginx, Apache httpd.

Develop and Community

All development happens in GitHub repositories. Project welcomes new contributors.

The Linux Foundation Mentorship program offers mentorships.

There are many public, private, business, and academic supporters of the effort. Important industry partners include Microsoft, IBM, and Amazon Web Services.

Modifications include liboqs, oqs-provider, and Rust, Java, C++, Go, and Python bindings. Liboq security assessments are public.

Benchmarking, Research

TLS, memory, and core algorithm benchmarks are available from Open Quantum Safe.

Post-Quantum Cryptography Alliance

The Linux Foundation founded the Post-Quantum Cryptography Alliance (PQCA) in February 2024 to safeguard the digital future. This new effort brings together a remarkable group of market leaders, researchers, and developers, including Google, IBM, Amazon Web Services, and Cisco, to address quantum computing's security concerns. The PQCA promotes post-quantum cryptography to protect our digital infrastructure from future quantum threats.

Future Quantum Threat to Modern Encryption

Modern digital security relies on public key cryptography. It supports Transport Layer Security (TLS), which protects “https” websites, and digital signature technologies, which verify software packages.

However, quantum technology's rapid growth has made a long-standing theoretical threat increasingly plausible. Shor's algorithm appeared in 1994 and proved it could break elliptic curve and RSA cryptography. Although this threat remained primarily theoretical for years, new quantum technology advances suggest that powerful quantum computers may be conceivable. Once operational, such devices can decrypt practically all current communications, jeopardising the security of any system or person that relies on cryptographic procedures.

General manager of the Open Source Security Foundation (OpenSSF), another Linux Foundation project, Omkhar Arasaratnam said quantum computing “is real” in its threat to modern cryptography. The National Institute of Standards and Technology (NIST) warned that “sufficiently powerful quantum computers will easily compromise the cryptography,” possibly by 2030.

A large-scale quantum computer “would be able to break modern public key encryption algorithms that are widely used in our IT infrastructure,” said Douglas Stebila, University of Waterloo associate professor of cryptography and Open Quantum Safe (OQS) project co-founder. Creating and using cryptographic technologies that can withstand quantum processing is urgent for post-quantum cryptography.

PQCA Origins: A Call for Coordinated Action

Talks at the Linux Foundation Member Summit in Lake Tahoe inspired the Post-Quantum Cryptography Alliance. Even though governments, businesses, and universities have been interested in post-quantum cryptography research and projects like NIST's Post-Quantum Cryptography Standardisation Project and the Crypto Forum Research Group within the Internet Engineering Task Force have made progress, a crucial component was still missing. A coordinated effort from all these actors to promote and ease the real-world implementation of these novel algorithms was needed.

The successful implementation and widespread adoption of research and standardisation are critical initial steps towards a post-quantum world. To ensure widespread use of these vital methods, software implementations must be widely utilised, reliable, and open source. The PQCA fills this gap by providing the structure needed for cooperative engagement. Enterprises who comply with the NSA Cybersecurity Advisory use the Alliance as a foundation.

High-Assurance Software and Continuous Innovation Promote post-quantum cryptography is the PQCA's major goal. Two main, connected sub-goals will achieve this:

High-Assurance Software Implementations: The Alliance develops reliable and powerful software applications for standardised methods. This requires compiling multiple existing implementations and making them production-ready to facilitate industry-wide adoption. Big and small businesses should collaborate to design, test, and apply novel algorithms and integrate them into existing systems. Supporting Continued Development and Standardisation: Since post-quantum cryptography is continually developing, the PQCA encourages the development and standardisation of new algorithms.

Current PQCA Projects

The PQCA is working on two crucial projects. For almost ten years, the University of Waterloo has created Open Quantum Safe (OQS), an open-source initiative. OQS includes liboqs, a C library for quantum-resistant cryptographic algorithms, and prototype integrations into popular protocols and programs like OpenSSL. This project aims to enable quantum-error-resistant encryption.

The second major project is PQ Code Package. This project focusses on formally verified, high-assurance software implementations of post-quantum cryptography algorithms that meet requirements. The standardisation algorithm, ML-KEM, is its first focus. TLS and SSH can use ML-KEM (Kyber) for quantum-resistant public key encryption. These initiatives aim to promote post-quantum cryptography.

Future: Collaboration and Agility are Key

The PQCA seeks collaboration on post-quantum cryptography initiatives to grow the community and shape digital security. Open Quantum Safe and PQ Code Package projects are easily accessible on GitHub, enabling rapid feedback and collaboration. The Alliance also welcomes new initiative suggestions and submissions. Future work may include cryptographic agility or PQC migration tools and infrastructure to help adapt and test post-quantum techniques. Cryptographic agility is the ability to move between cryptographic algorithms fast during transition.

As Douglas Stebila noted, transitioning to quantum-resistant algorithms is a major undertaking, not merely a technical challenge. He said “it takes a long time to deploy new technology, and this will be the most complex cryptographic migration ever conducted”.

The “store now, decrypt later” threat—bad actors may preserve encrypted essential communications and decrypt them later with powerful quantum computers—increases urgency. Stebila added that “as we become more reliant on digital systems, the potential impact of quantum-enabled cryptographic breaches becomes more significant”. We must start this transformation immediately to protect our national security and digital interests against quantum threats before they become true.

The Linux Foundation is a “neutral, trusted hub for developers to code, manage, and scale open technology projects,” making it ideal for this essential collaboration. Linux Foundation projects depend on volunteers contributing code and building the community.