Post-quantum TLS 1.3

(Current TLS connection is not quantum-resistant)

PQShield’s post-quantum TLS 1.3 demo illustrates how post-quantum cryptography can be integrated into the key exchange algorithms and digital signature schemes used within TLS to construct a handshake protocol that is fully resistant to quantum computers.

The demonstration servers use nginx compiled against a modified variant of OpenSSL 1.1.1 and use PQShield’s PQSDK:PQTLS OpenSSL engine to provide implementations of post-quantum cryptographic primitives.

The server side of the demo consists of a large number of virtual servers, each configured to support exactly one combination of TLS key exchange and signature algorithm. The Server Name Indication (SNI) TLS extension is used to route traffic to the appropriate server.

To build the client-side of the demo, PQShield have patched a version of the BoringSSL library and the Chromium web browser to add support for post-quantum cryptography. Demonstration root certificate authorities (CA) certificates have been hardcoded into the modified Chromium to allow us to serve a fully post-quantum PKI certificate chain from server to root.

Warning: do not use the patched Chromium browser to connect to any other website than this demonstration website!

Try it out

Use the following links to connect to a server using a HTTPS connection protected by a fully quantum-resistant TLS 1.3 handshake.

Key exchange algorithm Signature algorithm Link
KYBER_512 FALCON_512 Go!
KYBER_512 DILITHIUM_2 Go!
KYBER_512 SPHINCS_SHAKE256_128_SR Go!
KYBER_512 SPHINCS_SHAKE256_128_SS Go!
KYBER_768 DILITHIUM_4 Go!
KYBER_1024 FALCON_1024 Go!

The following servers use “hybrid” cryptography, pairing a post-quantum key exchange or signature algorithm with a classical elliptic curve scheme.

Key exchange algorithm Signature algorithm Link
ECDH_P256-KYBER_512 ECDSA_P256_SHA256-FALCON_512 Go!
ECDH_P256-KYBER_512 ECDSA_P256_SHA256-DILITHIUM_2 Go!
ECDH_P256-KYBER_512 ECDSA_P256_SHA256-SPHINCS_SHAKE256_128_SR Go!
ECDH_P256-KYBER_512 ECDSA_P256_SHA256-SPHINCS_SHAKE256_128_SS Go!
ECDH_P384-KYBER_768 ECDSA_P521_SHA512-DILITHIUM_4 Go!
ECDH_P521-KYBER_1024 ECDSA_P521_SHA512-FALCON_1024 Go!