Re: Quantum Resistant hybrid key exchange

Mon, 02 Jun 2025 09:46:02 -0700 

Hi Azeem,
For TLS, we are currently working on an implementation of "Hybrid Key Exchange for TLS 1.3" [1]. We also expect to implement one or more of the hybrid mechanisms that are being specified [2]. Expect to see a JEP with more details on this effort in the near future. 


As for other hybrid key exchange mechanisms, we are tracking X-Wing and 
there was a recent message to security-dev from Sebastian Stenzel about 
potentially contributing an implementation.



As Bernd mentions, our policy is not to deliver features until the 
standard, or RFC has been published.


--Sean

[1] https://datatracker.ietf.org/doc/draft-ietf-tls-hybrid-design/
[2] https://datatracker.ietf.org/doc/draft-ietf-tls-ecdhe-mlkem/
[3] https://mail.openjdk.org/pipermail/security-dev/2025-May/046224.html

On 5/31/25 3:01 AM, ecki wrote:

You find the published plans in JEPs or Jira tickets about PQC, 
currently however I have seen more groundwork like KEM and HKDF plus ML, 
none hybrid (mostly due to the fact that OpenJDK waits for standards, 
see the recent XWing discussion),



I have seen that Oracle (of course) stated, that they will work on TLS 
and even back port it, for example here: https://blogs.oracle.com/ 
security/post/post-quantum-cryptography <https://blogs.oracle.com/ 
security/post/post-quantum-cryptography>
Maybe Sean can comment on it, but I think the same caveat applies here - 
missing completed standardization (and NIST did their fair share to 
hinder development, glad IETF picked up, draft-ietf-tls-ecdhe-mlkem-00 
is till pretty fresh, though).



I also know that ssh client providers (probably with the help of 
Bouncycastle) want to catch up to OpenSSH 10. With x25519mlkem (and 
maybe sntrupx?)



The next, much bigger step IMHO is the area of (certificate) signatures/ 
authentication. We have a bit more time there, so the future stays 
interesting,


Gruß,
Bernd
--
https://bernd.eckenfels.net
------------------------------------------------------------------------

*Von:* security-dev <security-dev-r...@openjdk.org> im Auftrag von Azeem 
Jiva <a_j...@apple.com>

*Gesendet:* Samstag, Mai 31, 2025 3:10 AM
*An:* security-dev@openjdk.org <security-dev@openjdk.org>
*Betreff:* Quantum Resistant hybrid key exchange
Hi,

Is there a list of future quantum resistant hybrid key changes under 
development for future OpenJDK releases? Thanks.
























					Reply via email to