Post Quantum Is All The Rage These Days

[dtklein]

There is a lot of talk about Post-Quantum / Quantum-Resistant Cryptography, and leadership at a company I am talking with has asked about a proof-of-concept for a PKI that uses Post Quantum algorithms. Personnel there have experience with XCA for offline roots and offline bridge CAs.

Would it be feasible to build a version of XCA that offers Falcon/CRYSTALS-Dilithium for signatures, possibly even being able to build on the work done by "Open Quantum Safe" (https://github.com/open-quantum-safe), either in a hybrid-mode with ECDSA/EdDSA (two signatures, one ECC, one PQ) or in a "pure" Post Quantum way?

Looking forward to helping this company understand and demonstrate what a PQ PKI might look like.

[Strider3000]

They are also being broken still. I wouldn't necessary recommend spending much time putting them into xCA (at least yet).

[sierja]

Starting to see a push towards PQC for practical use and I have started to see Kyber and Dilithium support in commercial HSMs. Some examples:

1. https://datatracker.ietf.org/doc/html/draft-ietf-tls-hybrid-design
2. https://www.thalestct.com/luna-t-series-hardware-security-module-7-13-0-release-announcement/
3. https://www.ibm.com/docs/en/zos/3.1.0?topic=cryptography-crystals-kyber-algorithm
4. https://security.apple.com/blog/imessage-pq3/

Unfortunately, this would require use of OpenSSL 3 algorithm providers as far as I can tell.