Open Quantum Safe
software for prototyping
quantum-resistant cryptography

Overview

Public key cryptography is essential in securing all Internet communications. For example, the Transport Layer Security (TLS) protocol uses public key cryptography to protect every "https" web page for entering passwords or credit card numbers. However, all public key algorithms used in practice are based on mathematical problems—such as factoring, discrete logarithms, or elliptic curves—which could be broken by a quantum computer.

The field of quantum-safe cryptography, also called post-quantum or quantum-resistant cryptography, aims to construct public key cryptosystems that are believed to be secure even against quantum computers. Ongoing advancements in physics point toward the eventual construction of large-scale quantum computers. Such future devices would still be able to decrypt present-day communications, allowing anyone to decrypt data transmitted today. Thus, it is important to start developing and deploying quantum-safe cryptography now, even before quantum computers are built.

Several mathematical techniques have been proposed for constructing quantum-safe cryptosystems, including:

  • hash functions
  • error correcting codes
  • lattices (including the learning with errors (LWE) and related problems)
  • multivariate equations
  • supersingular elliptic curve isogenies

The goal of the Open Quantum Safe (OQS) project is to support the development and prototyping quantum-resistant cryptography.

OQS consists of two main lines of work: liboqs, an open source C library for quantum-resistant cryptographic algorithms, and prototype integrations into protocols and applications, including the widely used OpenSSL library.

OQS is intended for prototyping and evaluating quantum-resistant cryptography. Security of proposed quantum-resistant algorithms may rapidly change as research advances, and may ultimately be completely insecure against either classical or quantum computers.

We believe that the NIST Post-Quantum Cryptography standardization project is currently the best avenue to identifying potentially quantum-resistant algorithms. OQS does not intend to "pick winners", and we strongly recommend that applications and protocols rely on the outcomes of the NIST standardization project when deploying post-quantum cryptography.

liboqs

An open source C library for quantum-safe cryptographic algorithms

Open source

C library for quantum-safe cryptographic algorithms, released under the MIT License. (Some external components of liboqs use a different license.)

Common API

liboqs uses a common API for post-quantum key encapsulation and signature algorithms, making it easy to switch between algorithms. Our API closely follows the NIST/SUPERCOP, with some (hopefully) convenient wrappers and data structures.

Testing and benchmarking

liboqs includes a test harness and benchmarking routines to compare performance of post-quantum implementations in a common framework.


liboqs "nist-branch"

liboqs nist-branch focuses on incorporating submissions to the NIST Post-Quantum Cryptography standardization project. It takes a "light touch" approach to incorporation.

As of August 2018, there are over 40 key encapsulation mechanisms and 14 signature schemes available for experimentation; see the list of supported algorithms.

We welcome contributions of algorithms and implementations to liboqs nist-branch.

Snapshot releases of liboqs nist-branch are made on a monthly basis.

liboqs master branch

liboqs master branch focuses on focuses on selected key encapsulations and signature algorithms. Implementations on this branch must beet certain acceptance criteria.

As of August 2018, master branch is underoing some refactoring. We hope to make begin making releases of master branch in September 2018, and will welcome broader contributions at that point.

Integrations

Prototype post-quantum cryptography in protocols and applications

OpenSSL

We've integrated liboqs into a fork of OpenSSL to provide prototype post-quantum key exchange and authentication and ciphersuites in the TLS protocol. Researchers looking to try additional post-quantum algorithms can easily add more algorithms that follow the OQS API. You can use our modified OpenSSL to prototype quantum-resistant cryptography in Apache httpd or other applications that rely on OpenSSL (such as OpenVPN). The goal of this integration is to provide easy prototyping of quantum-resistant cryptography and should not be considered "production quality".

  • Our OQS-OpenSSL_1_0_2-stable branch in our OpenSSL fork implements post-quantum key exchange in TLS 1.2.
  • Our OQS-master branch in our OpenSSL fork implements post-quantum key exchange and public key authentication in TLS 1.3.


OpenSSH

We've integrated liboqs into a fork of OpenSSH to provide prototype post-quantum key exchange and authentication in the SSH protocol. Researchers looking to try additional post-quantum algorithms can easily add more algorithms that follow the OQS API. The goal of this integration is to provide easy prototyping of quantum-resistant cryptography and should not be considered "production quality".







Future plans

We're looking to create language-specific wrappers for liboqs, to expose post-quantum crypto for exploration in other programming languages. We're also happy to look at integrating liboqs into new applications.

Our Team

Project leaders

Douglas Stebila (University of Waterloo)
Michele Mosca (University of Waterloo)

Contributors

List of contributors to liboqs on GitHub

Nicholas Allen (Amazon Web Services), Maxime Anvari, Eric Crockett (Amazon Web Services), Javad Doliskani, Nir Drucker (Amazon Web Services), Vlad Gheorghiu (evolutionQ), Shay Gueron (Amazon Web Services), Torben Hansen (Royal Holloway, University of London), Christian Paquin (Microsoft Research), Alex Parent (University of Waterloo), Tancrède Lepoint (SRI International), Shravan Mishra (University of Waterloo), John Underhill, Sebastian Verschoor (University of Waterloo).



Getting Involved

All our work is done as open source via our GitHub project. We welcome all types of contributions: new algorithms, source code, code review, bug reports, new integrations, documentation. Feel free to begin participating on GitHub, or reach out to Douglas Stebila for more information.


Acknowledgements

liboqs incorporates and adapts a variety of open source cryptographic software, including. See the individual project pages for lists of contributors and external software.

We'd like to make a special acknowledgement to the companies who have dedicated programmer time to contribute source code to OQS, including Amazon Web Services, evolutionQ, and Microsoft Research.


Funding

Development of OQS has been supported in part by the Tutte Institute for Mathematics and Computing. Research projects which developed specific components of OQS have been supported by various research grants, including funding from the Natural Sciences and Engineering Research Council of Canada (NSERC); see the source papers for funding acknowledgments.


Citing OQS

If you make use of liboqs and would like to cite it in an academic paper, we suggest the following:

Douglas Stebila, Michele Mosca. Post-quantum key exchange for the Internet and the Open Quantum Safe project. In Roberto Avanzi, Howard Heys, editors, Selected Areas in Cryptography (SAC) 2016, LNCS, vol. 10532, pp. 1–24. Springer, October 2017. https://openquantumsafe.org