Cryptology ePrint Archive: Report 2019/858

Prototyping post-quantum and hybrid key exchange and authentication in TLS and SSH

Eric Crockett and Christian Paquin and Douglas Stebila

Abstract: Once algorithms for quantum-resistant key exchange and digital signature schemes are selected by standards bodies, adoption of post-quantum cryptography will depend on progress in integrating those algorithms into standards for communication protocols and other parts of the IT infrastructure. In this paper, we explore how two major Internet security protocols, the Transport Layer Security (TLS) and Secure Shell (SSH) protocols, can be adapted to use post-quantum cryptography.

First, we examine various design considerations for integrating post-quantum and hybrid key exchange and authentication into communications protocols generally, and in TLS and SSH specifically. These include issues such as how to negotiate the use of multiple algorithms for hybrid cryptography, how to combine multiple keys, and more. Subsequently, we report on several implementations of post-quantum and hybrid key exchange in TLS 1.2, TLS 1.3, and SSHv2. We also report on work to add hybrid authentication in TLS 1.3 and SSHv2. These integrations are in Amazon s2n and forks of OpenSSL and OpenSSH; the latter two rely on the liboqs library from the Open Quantum Safe project.

Category / Keywords: implementation / post-quantum cryptography, TLS, SSH

Original Publication (in the same form): NIST 2nd PQC Standardization Conference, Santa Barbara, California, August 2019

Date: received 23 Jul 2019

Contact author: dstebila at uwaterloo ca

Available format(s): PDF | BibTeX Citation

Version: 20190724:154546 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]