![\"\"](\"https:\/\/www.microsoft.com\/en-us\/research\/uploads\/prod\/2020\/03\/symmetric_asymmetric-crypto-diagramv2-1024x391.jpg\")
<\/p>\nThe Transport Layer Security (TLS) protocol is one of the most widely-used security protocols in use today, protecting the information exchanged between web clients and servers all around the world. While TLS is secure against today\u2019s classical computers, the asymmetric cryptography in TLS is unfortunately vulnerable to future attacks from quantum computers.<\/p>\n
<\/p>\n
<\/p>\n
Both the RSA and Elliptic Curve Diffie-Hellman asymmetric algorithms which set up the TLS exchange will succumb to Shor’s algorithm on a sufficiently large quantum computer. While a quantum computer of that size and stability may be 5 to 15 years off, cryptographers from around the world are already working to identify new, quantum-safe algorithms.<\/p>\n
Given the importance of TLS, preparing for the transition to post-quantum cryptography needs to start now.\u00a0 Asymmetric cryptography in TLS is vulnerable in two places:<\/p>\n
In the future, quantum-safe algorithms will replace the use of RSA, ECDH, and ECDSA.<\/p>\n
We recommend using these schemes in hybrid mode until the cryptographic community gains full confidence in the new post-quantum cryptography. In hybrid mode, both key exchanges and signatures are performed in parallel, generating both a classical exchange\/signature and a post-quantum one. The resulting messages\/signatures are combined, offering the security against both current and future attacks.<\/p>\n
OpenSSL<\/a> is an open-source implementation of the Transport Layer Security (TLS) protocol. We are collaborating with the Open Quantum Safe project<\/a> to integrate post-quantum cryptography into TLS 1.2 and 1.3.<\/p>\n The Open Quantum Safe OpenSSL repository<\/a> contains a fork of OpenSSL 1.1.1 that adds quantum-resistant key exchange and signature algorithms using liboqs<\/a> for prototyping purposes. The library supports both hybrid and post-quantum key exchange and authentication. \u00a0The post-quantum key exchange algorithms FrodoKEM<\/a> and SIKE<\/a>, and the signature algorithms Picnic<\/a> and qTESLA<\/a>, co-developed by Microsoft, are integrated into this project.<\/p>\n These libraries are for prototyping, experimentation, and for evaluating quantum-resistant cryptography. Post-quantum cryptography is an active area of research, and the security of proposed quantum-resistant algorithms may rapidly change as research advances. Any specific PQ algorithm including those used here may prove be insecure.<\/p>\n The PQ fork of OpenSSL can be obtained here: https:\/\/github.com\/open-quantum-safe\/openssl\/tree\/OQS-OpenSSL_1_1_1-stable<\/a><\/p>\nMore information<\/h2>\n