Public key cryptography is essential in securing all Internet communications. For example, the Transport Layer Security (TLS) protocol uses public key cryptography to protect every "https" web page for entering passwords or credit card numbers. However, all public key algorithms used in practice are based on mathematical problems—such as factoring, discrete logarithms, or elliptic curves—which could be broken by a quantum computer.
The field of quantum-safe cryptography, also called post-quantum or quantum-resistant cryptography, aims to construct public key cryptosystems that are believed to be secure even against quantum computers. Ongoing advancements in physics point toward the eventual construction of large-scale quantum computers. Such future devices would still be able to decrypt present-day communications, allowing anyone to decrypt data transmitted today. Thus, it is important to start developing and deploying quantum-safe cryptography now, even before quantum computers are built.
Several mathematical techniques have been proposed for constructing quantum-safe cryptosystems, including:
The goal of the Open Quantum Safe (OQS) project is to support the development and prototyping of quantum-resistant cryptography.
OQS consists of two main lines of work: liboqs, an open source C library for quantum-resistant cryptographic algorithms, and prototype integrations into protocols and applications, including the widely used OpenSSL library.
OQS is intended for prototyping and evaluating quantum-resistant cryptography. Security of proposed quantum-resistant algorithms may rapidly change as research advances, and may ultimately be completely insecure against either classical or quantum computers.
We believe that the NIST Post-Quantum Cryptography standardization project is currently the best avenue to identifying potentially quantum-resistant algorithms. OQS does not intend to "pick winners", and we strongly recommend that applications and protocols rely on the outcomes of the NIST standardization project when deploying post-quantum cryptography.
The easiest way to get started with experimenting with post-quantum cryptography is to use our pre-built Docker images containing post-quantum enabled versions of openssl/curl, Apache httpd, and nginx. You can download and see usage instructions of the pre-built, size- and deployment-optimized Docker images at Docker Hub. Also available there is a performance-optimized variant of openssl/curl permitting simple performance tests using standard OpenSSL tooling as well as an image ready to support incremental development and code installations. For those interested in a closer look at how to build and deploy post-quantum crypto already now, the image build instructions and all further documentation is available on Github (for openssl/curl, httpd, and nginx).
C library for quantum-safe cryptographic algorithms, released under the MIT License. (Some external components of liboqs use a different license.)
liboqs uses a common API for post-quantum key encapsulation and signature algorithms, making it easy to switch between algorithms. Our API closely follows the NIST/SUPERCOP API, with some additional wrappers and data structures.
liboqs includes a test harness and benchmarking routines to compare performance of post-quantum implementations in a common framework.
The latest release of liboqs is 0.3.0 (June 10, 2020). Our current development version supports 57 key encapsulation mechanisms from 9 NIST round 2 candidates and 63 signature schemes from 7 NIST round 2 candidates, and builds on Linux, macOS, and Windows; see the list of supported algorithms.
We've integrated liboqs into forks of BoringSSL and OpenSSL to provide prototype post-quantum key exchange and authentication and ciphersuites in the TLS protocol. Researchers looking to try additional post-quantum algorithms can easily add more algorithms that follow the OQS API. You can use our modified implementations to prototype quantum-resistant cryptography in applications that rely on OpenSSL (such as Apache httpd, nginx, curl, or OpenVPN) or on BoringSSL (such as Chromium). The goal of this integration is to provide easy prototyping of quantum-resistant cryptography and should not be considered "production quality".
We've integrated liboqs into a fork of OpenSSH to provide prototype post-quantum and hybrid key exchange in the SSH protocol. Researchers looking to try additional post-quantum algorithms can easily add more algorithms that follow the OQS API. The goal of this integration is to provide easy prototyping of quantum-resistant cryptography and should not be considered "production quality".
We're interested in design and draft standards for hybrid authentication and key exchange as well as interoperability testing with other implementers. As an initial step to facilitate such testing we have set up a first iteration of such a demonstration and interoperability test server. Any usage and all feedback is very welcome.
The easiest way to get started with experimenting with post-quantum cryptography is to use our pre-built Docker images containing post-quantum enabled versions of curl, Apache httpd, and nginx.
We're also happy to look at integrating liboqs into new applications: Any suggestion for this is very welcome.
All feedback and suggestions are best provided via new GitHub issues.
liboqs has been used in the following external projects:
If you're using liboqs, please get in touch and we'll add you to the list!
Michael Baentsch (IBM Research)
Eric Crockett (Amazon Web Services)
Vlad Gheorghiu (evolutionQ)
Christian Paquin (Microsoft Research)
Goutam Tamvada (University of Waterloo)
Nicholas Allen (Amazon Web Services), Maxime Anvari, Ben Davies (University of Waterloo), Ryan Deschamps (University of Waterloo), Matías Dieguez, Javad Doliskani, Nir Drucker (Amazon Web Services), Shay Gueron (Amazon Web Services), Torben Hansen (Royal Holloway, University of London), Kevin Kane (Microsoft Research), Nikita Karpey, Tancrède Lepoint, Yong Jian Ming, Shravan Mishra, Dimitris Mouris (University of Delaware), Brian Neill (University of Waterloo), Alex Parent (University of Waterloo), Peter Schwabe (Radboud University), Dimitris Sikeridis (University of New Mexico, Cisco Systems), John Underhill, Sebastian Verschoor (University of Waterloo), John Weston (Senetas), Thom Wiggers (Radboud University).
All our work is done as open source via our GitHub project. We welcome all types of contributions: new algorithms, source code, code review, bug reports, new integrations, documentation. Feel free to begin participating on GitHub, or reach out to Douglas Stebila for more information.
The Open Quantum Safe project incorporates and adapts a variety of open source cryptographic software. See the individual project pages for lists of contributors and external software. We especially acknowledge algorithm implementations via the PQClean project.
We'd like to make a special acknowledgement to the companies who have dedicated programmer time to contribute source code to OQS, including Amazon Web Services, Cisco Systems, evolutionQ, IBM Research, Microsoft Research, and Senetas.
Financial support for the development of Open Quantum Safe has been provided by Amazon Web Services and the Canadian Centre for Cyber Security.
Research projects which developed specific components of OQS have been supported by various research grants, including Australian Research Council (ARC) Discovery Project grant DP130104304, Natural Sciences and Engineering Research Council of Canada (NSERC) Discovery grant RGPIN-2016-05146, and NSERC Discovery Accelerator Supplement grant RGPAS-2016-05146.
If you make use of liboqs and would like to cite it in an academic paper, we suggest the following:
Douglas Stebila, Michele Mosca. Post-quantum key exchange for the Internet and the Open Quantum Safe project. In Roberto Avanzi, Howard Heys, editors, Selected Areas in Cryptography (SAC) 2016, LNCS, vol. 10532, pp. 1–24. Springer, October 2017. https://openquantumsafe.org