Public key cryptography is essential in securing all Internet communications. For example, the Transport Layer Security (TLS) protocol uses public key cryptography to protect every "https" web page for entering passwords or credit card numbers. However, all public key algorithms used in practice are based on mathematical problems—such as factoring, discrete logarithms, or elliptic curves—which could be broken by a quantum computer.
The field of quantum-safe cryptography, also called post-quantum or quantum-resistant cryptography, aims to construct public key cryptosystems that are believed to be secure even against quantum computers. Ongoing advancements in physics point toward the eventual construction of large-scale quantum computers. Such future devices would still be able to decrypt present-day communications, allowing anyone to decrypt data transmitted today. Thus, it is important to start developing and deploying quantum-safe cryptography now, even before quantum computers are built.
Several mathematical techniques have been proposed for constructing quantum-safe cryptosystems, including:
The goal of the Open Quantum Safe (OQS) project is to support the development and prototyping of quantum-resistant cryptography.
OQS consists of two main lines of work: liboqs, an open source C library for quantum-resistant cryptographic algorithms, and prototype integrations into protocols and applications, including the widely used OpenSSL library.
OQS is intended for prototyping and evaluating quantum-resistant cryptography. Security of proposed quantum-resistant algorithms may rapidly change as research advances, and may ultimately be completely insecure against either classical or quantum computers.
We believe that the NIST Post-Quantum Cryptography standardization project is currently the best avenue to identifying potentially quantum-resistant algorithms. OQS does not intend to "pick winners", and we strongly recommend that applications and protocols rely on the outcomes of the NIST standardization project when deploying post-quantum cryptography.
C library for quantum-safe cryptographic algorithms, released under the MIT License. (Some external components of liboqs use a different license.)
liboqs uses a common API for post-quantum key encapsulation and signature algorithms, making it easy to switch between algorithms. Our API closely follows the NIST/SUPERCOP API, with some additional wrappers and data structures.
liboqs includes a test harness and benchmarking routines to compare performance of post-quantum implementations in a common framework.
liboqs master branch focuses on selected key encapsulations and signature algorithms. Implementations on this branch must meet certain acceptance criteria.
The latest release of liboqs master branch is 0.1.0 (November 13, 2018). It contains 19 key encapsulation mechanisms from 4 NIST submissions and 9 signature schemes from 2 NIST submissions, and builds on Linux, macOS, and Windows; see the list of supported algorithms.
liboqs nist-branch focuses on incorporating submissions to the NIST Post-Quantum Cryptography standardization project. It takes a "light touch" approach to incorporation.
The latest release of liboqs nist-branch is the 2018-11 snapshot release (November 13, 2018). It contains 45 key encapsulation mechanisms from 10 NIST submissions, and 14 signature schemes from 3 NIST submissions, and builds on Linux and macOS; see the list of supported algorithms.
We welcome contributions of algorithms and implementations to liboqs. See the README.md files on master and nist branch for more information about contributing.
We're working on language-specific wrappers for liboqs (C#, Java, and Python) to expose post-quantum crypto for exploration in other programming languages. We're also happy to look at integrating liboqs into new applications. We aim to incorporate all NIST Round 2 submissions by early April 2019.
We've integrated liboqs into a fork of OpenSSL to provide prototype post-quantum key exchange and authentication and ciphersuites in the TLS protocol. Researchers looking to try additional post-quantum algorithms can easily add more algorithms that follow the OQS API. You can use our modified OpenSSL to prototype quantum-resistant cryptography in Apache httpd or other applications that rely on OpenSSL (such as OpenVPN). The goal of this integration is to provide easy prototyping of quantum-resistant cryptography and should not be considered "production quality".
We've integrated liboqs into a fork of OpenSSH to provide prototype post-quantum and hybrid key exchange in the SSH protocol. Researchers looking to try additional post-quantum algorithms can easily add more algorithms that follow the OQS API. The goal of this integration is to provide easy prototyping of quantum-resistant cryptography and should not be considered "production quality".
We're interested in design and draft standards for hybird authentication and key exchange, and interoperability testing with other implementers. We're also happy to look at integrating liboqs into new applications.
liboqs has been used in the following external projects:
If you're using liboqs, please get in touch and we'll add you to the list!
Nicholas Allen (Amazon Web Services), Maxime Anvari, Eric Crockett (Amazon Web Services), Ben Davies (University of Waterloo), Javad Doliskani, Nir Drucker (Amazon Web Services), Vlad Gheorghiu (evolutionQ), Shay Gueron (Amazon Web Services), Torben Hansen (Royal Holloway, University of London), Christian Paquin (Microsoft Research), Alex Parent (University of Waterloo), Tancrède Lepoint (SRI International), Shravan Mishra (University of Waterloo), John Underhill, Sebastian Verschoor (University of Waterloo).
All our work is done as open source via our GitHub project. We welcome all types of contributions: new algorithms, source code, code review, bug reports, new integrations, documentation. Feel free to begin participating on GitHub, or reach out to Douglas Stebila for more information.
liboqs incorporates and adapts a variety of open source cryptographic software. See the individual project pages for lists of contributors and external software.
We'd like to make a special acknowledgement to the companies who have dedicated programmer time to contribute source code to OQS, including Amazon Web Services, evolutionQ, and Microsoft Research.
Financial support for the development of Open Quantum Safe has been provided by Amazon Web Services and the Tutte Institute for Mathematics and Computing.
Development of OQS has been supported in part by the Tutte Institute for Mathematics and Computing. Research projects which developed specific components of OQS have been supported by various research grants, including funding from the Natural Sciences and Engineering Research Council of Canada (NSERC); see the source papers for funding acknowledgments.
If you make use of liboqs and would like to cite it in an academic paper, we suggest the following:
Douglas Stebila, Michele Mosca. Post-quantum key exchange for the Internet and the Open Quantum Safe project. In Roberto Avanzi, Howard Heys, editors, Selected Areas in Cryptography (SAC) 2016, LNCS, vol. 10532, pp. 1–24. Springer, October 2017. https://openquantumsafe.org