Open Quantum Safe
software for prototyping
quantum-resistant cryptography


Public key cryptography is essential in securing all Internet communications. For example, the Transport Layer Security (TLS) protocol uses public key cryptography to protect every "https" web page for entering passwords or credit card numbers. However, all public key algorithms used in practice are based on mathematical problems—such as factoring, discrete logarithms, or elliptic curves—which could be broken by a quantum computer.

The field of quantum-safe cryptography, also called post-quantum or quantum-resistant cryptography, aims to construct public key cryptosystems that are believed to be secure even against quantum computers. Ongoing advancements in physics point toward the eventual construction of large-scale quantum computers. Such future devices would still be able to decrypt present-day communications, allowing anyone to decrypt data transmitted today. Thus, it is important to start developing and deploying quantum-safe cryptography now, even before quantum computers are built.

Several mathematical techniques have been proposed for constructing quantum-safe cryptosystems, including:

  • hash functions
  • error correcting codes
  • lattices (including the learning with errors (LWE) and related problems)
  • multivariate equations
  • supersingular elliptic curve isogenies

The goal of the Open Quantum Safe (OQS) project is to support the development and prototyping quantum-resistant cryptography.

OQS consists of two main lines of work: liboqs, an open source C library for quantum-resistant cryptographic algorithms, and prototype integrations into protocols and applications, including the widely used OpenSSL library.


An open source C library for quantum-safe cryptographic algorithms

Open source

C library for quantum-safe cryptographic algorithms, released under the MIT License. (Some external components of liboqs use a different license.)

Common API

liboqs uses a common API for post-quantum key exchange algorithms, making it easy to switch between algorithms.

Testing and benchmarking

liboqs includes a test harness and benchmarking routines to compare performance of post-quantum implementations in a common framework.

Supported key exchange algorithms


Prototype post-quantum cryptography in protocols and applications


We've integrated liboqs into a fork of OpenSSL v1.0.2 to provide prototype post-quantum key exchange ciphersuites in the TLS protocol. Researchers looking to try additional post-quantum algorithms can easily add more algorithms that follow the OQS API. You can use our modified OpenSSL to prototype quantum-resistant cryptography in Apache httpd or other applications that rely on OpenSSL. The goal of this integration is to provide easy prototyping of quantum-resistant cryptography and should not be considered "production quality".

Browse OpenSSL fork on GitHub

Additional protocols and applications

We are continuing to work on integrating liboqs into other applications and protocols. Coming soon: quantum-resistant Off-the-Record messaging.

Our Team

Project leaders

Michele Mosca (University of Waterloo)
Douglas Stebila (McMaster University)


liboqs incorporates and adapts a variety of open source cryptographic software, including:

liboqs provides wrappers to the following external libraries for some algorithms:


Development of OQS has been supported in part by the Tutte Institute for Mathematics and Computing. Research projects which developed specific components of OQS have been supported by various research grants, including funding from the Natural Sciences and Engineering Research Council of Canada (NSERC); see the source papers for funding acknowledgments.