Open Quantum Safe
software for prototyping
quantum-resistant cryptography

Overview

Public key cryptography is essential in securing all Internet communications. For example, the Transport Layer Security (TLS) protocol uses public key cryptography to protect every "https" web page for entering passwords or credit card numbers. However, all public key algorithms used in practice are based on mathematical problems—such as factoring, discrete logarithms, or elliptic curves—which could be broken by a quantum computer.

The field of quantum-safe cryptography, also called post-quantum or quantum-resistant cryptography, aims to construct public key cryptosystems that are believed to be secure even against quantum computers. Ongoing advancements in physics point toward the eventual construction of large-scale quantum computers. Such future devices would still be able to decrypt present-day communications, allowing anyone to decrypt data transmitted today. Thus, it is important to start developing and deploying quantum-safe cryptography now, even before quantum computers are built.

Several mathematical techniques have been proposed for constructing quantum-safe cryptosystems, including:

  • hash functions
  • error correcting codes
  • lattices (including the learning with errors (LWE) and related problems)
  • multivariate equations
  • supersingular elliptic curve isogenies

The goal of the Open Quantum Safe (OQS) project is to support the development and prototyping of quantum-resistant cryptography.

OQS consists of two main lines of work: liboqs, an open source C library for quantum-resistant cryptographic algorithms, and prototype integrations into protocols and applications, including the widely used OpenSSL library.

OQS is intended for prototyping and evaluating quantum-resistant cryptography. Security of proposed quantum-resistant algorithms may rapidly change as research advances, and may ultimately be completely insecure against either classical or quantum computers.

We believe that the NIST Post-Quantum Cryptography standardization project is currently the best avenue to identifying potentially quantum-resistant algorithms. OQS does not intend to "pick winners", and we strongly recommend that applications and protocols rely on the outcomes of the NIST standardization project when deploying post-quantum cryptography.

Whitepapers

Getting started

The easiest way to get started with experimenting with post-quantum cryptography is to use our pre-built Docker images containing post-quantum enabled versions of openssl/curl, Apache httpd, and nginx. You can download and see usage instructions of the pre-built, size- and deployment-optimized Docker images at Docker Hub. Also available there is a performance-optimized variant of openssl/curl permitting simple performance tests using standard OpenSSL tooling as well as an image ready to support incremental development and code installations. For those interested in a closer look at how to build and deploy post-quantum crypto already now, the image build instructions and all further documentation is available on Github (for openssl/curl, httpd, and nginx).

liboqs

An open source C library for quantum-safe cryptographic algorithms

Browse liboqs on GitHub



Open source

C library for quantum-safe cryptographic algorithms, released under the MIT License. (Some external components of liboqs use a different license.)

Common API

liboqs uses a common API for post-quantum key encapsulation and signature algorithms, making it easy to switch between algorithms. Our API closely follows the NIST/SUPERCOP API, with some additional wrappers and data structures.

Testing and benchmarking

liboqs includes a test harness and benchmarking routines to compare performance of post-quantum implementations in a common framework.



Latest release

The latest release of liboqs is 0.3.0 (June 10, 2020). Our current development version supports 57 key encapsulation mechanisms from 9 NIST round 2 candidates and 63 signature schemes from 7 NIST round 2 candidates, and builds on Linux, macOS, and Windows; see the list of supported algorithms.



Language-specific wrappers

We've implemented wrappers for using liboqs in C++, Go, Java, .NET, and Python.

Getting involved

We welcome contributions of algorithms and implementations to liboqs. See the contributing guide for more information about contributing.

Integrations

Prototype post-quantum cryptography in protocols and applications

SSL/TLS

We've integrated liboqs into forks of BoringSSL and OpenSSL to provide prototype post-quantum key exchange and authentication and ciphersuites in the TLS protocol. Researchers looking to try additional post-quantum algorithms can easily add more algorithms that follow the OQS API. You can use our modified implementations to prototype quantum-resistant cryptography in applications that rely on OpenSSL (such as Apache httpd, nginx, curl, or OpenVPN) or on BoringSSL (such as Chromium). The goal of this integration is to provide easy prototyping of quantum-resistant cryptography and should not be considered "production quality".

  • Our OpenSSL fork implements post-quantum and hybrid key exchange and post-quantum public key authentication in TLS 1.3, and also supports post-quantum algorithms in X.509 certificate generation and S/MIME / CMS message handling.
    The latest release of OQS-OpenSSL is the 2020-07 snapshot (July 10, 2020).
  • Our BoringSSL fork implements post-quantum and hybrid key exchange and post-quantum public key authentication in TLS 1.3.
    The latest release of OQS-BoringSSL is the 2020-07 snapshot (July 10, 2020).
  • oqs-engine is a C-based OpenSSL ENGINE that enables in (vanilla) OpenSSL the use of post-quantum digital signature algorithms from liboqs. Changes and/or additions to the algorithms supported by liboqs will be dynamically reflected in the ENGINE, thereby facilitating the deployment and evaluation of post-quantum digital signature algorithms in contexts where it might be expensive or infeasible to replace OpenSSL wholesale with our corresponding fork. We are grateful to Senetas for contributing this ENGINE to the OQS project. Hear about Senetas' work on the ENGINE for OQS in their interview on episode 581 of the Risky Business podcast.

OpenSSH

We've integrated liboqs into a fork of OpenSSH to provide prototype post-quantum and hybrid key exchange in the SSH protocol. Researchers looking to try additional post-quantum algorithms can easily add more algorithms that follow the OQS API. The goal of this integration is to provide easy prototyping of quantum-resistant cryptography and should not be considered "production quality".




Test server

We're interested in design and draft standards for hybrid authentication and key exchange as well as interoperability testing with other implementers. As an initial step to facilitate such testing we have set up a first iteration of such a demonstration and interoperability test server. Any usage and all feedback is very welcome.

Live test server

Docker images

The easiest way to get started with experimenting with post-quantum cryptography is to use our pre-built Docker images containing post-quantum enabled versions of curl, Apache httpd, and nginx.

Demo Docker images




Further work

We're also happy to look at integrating liboqs into new applications: Any suggestion for this is very welcome.

All feedback and suggestions are best provided via new GitHub issues.

External users of liboqs

liboqs has been used in the following external projects:

If you're using liboqs, please get in touch and we'll add you to the list!

Our Team

Project leaders

Douglas Stebila (University of Waterloo)
Michele Mosca (University of Waterloo)

University of Waterloo

Core team

Michael Baentsch (IBM Research)
Eric Crockett (Amazon Web Services)
Vlad Gheorghiu (evolutionQ)
Christian Paquin (Microsoft Research)
Goutam Tamvada (University of Waterloo)

Contributors

Nicholas Allen (Amazon Web Services), Maxime Anvari, Ben Davies (University of Waterloo), Ryan Deschamps (University of Waterloo), Matías Dieguez, Javad Doliskani, Nir Drucker (Amazon Web Services), Shay Gueron (Amazon Web Services), Torben Hansen (Royal Holloway, University of London), Kevin Kane (Microsoft Research), Nikita Karpey, Tancrède Lepoint, Yong Jian Ming, Shravan Mishra, Dimitris Mouris (University of Delaware), Brian Neill (University of Waterloo), Alex Parent (University of Waterloo), Peter Schwabe (Radboud University), Dimitris Sikeridis (University of New Mexico, Cisco Systems), John Underhill, Sebastian Verschoor (University of Waterloo), John Weston (Senetas), Thom Wiggers (Radboud University).



Getting Involved

All our work is done as open source via our GitHub project. We welcome all types of contributions: new algorithms, source code, code review, bug reports, new integrations, documentation. Feel free to begin participating on GitHub, or reach out to Douglas Stebila for more information.


Acknowledgements

The Open Quantum Safe project incorporates and adapts a variety of open source cryptographic software. See the individual project pages for lists of contributors and external software. We especially acknowledge algorithm implementations via the PQClean project.

We'd like to make a special acknowledgement to the companies who have dedicated programmer time to contribute source code to OQS, including Amazon Web Services, Cisco Systems, evolutionQ, IBM Research, Microsoft Research, and Senetas.


Amazon Web Services

evolutionQ
IBM Research
Microsoft
Senetas


Funding

Financial support for the development of Open Quantum Safe has been provided by Amazon Web Services and the Canadian Centre for Cyber Security.

Research projects which developed specific components of OQS have been supported by various research grants, including Australian Research Council (ARC) Discovery Project grant DP130104304, Natural Sciences and Engineering Research Council of Canada (NSERC) Discovery grant RGPIN-2016-05146, and NSERC Discovery Accelerator Supplement grant RGPAS-2016-05146.


Amazon Web Services

NSERC

Canadian Centre for Cyber Security

Citing OQS

If you make use of liboqs and would like to cite it in an academic paper, we suggest the following:

Douglas Stebila, Michele Mosca. Post-quantum key exchange for the Internet and the Open Quantum Safe project. In Roberto Avanzi, Howard Heys, editors, Selected Areas in Cryptography (SAC) 2016, LNCS, vol. 10532, pp. 1–24. Springer, October 2017. https://openquantumsafe.org