Xmas Coming Early: OpenSSL Finally Enters a Quantum World
There is just one week to go (8 April 2025) for a major cybersecurity software release: OpenSSL 3.5.
This is a major release as it will change the world of cybersecurity with the integration of three PQC methods:
- ML-KEM (FIPS 203) — Module Lattice-Based Key Encapsulation Mechanism (FIPS 203). This is a PQC standard for Key Exchange.
- ML-DSA (FIPS 204) — Module Lattice-Based Digital Signature Algorithm. This is a PQC standard for digital signatures, and it uses the Dilithium signature method.
- SLH-DSA (FIPS 205) — Stateless Hash-Based Digital Signature Algorithm. This is a PQC standard for digital signatures and uses the SPHINCS+ signature method.
For the first time, a whole range of applications, including Web servers, will be able to use PQC and thus move the industry forward. OpenSSL is the most widely used library for cryptography, and thus, the release will move the whole industry forward. It will thus support the replacement with ECDH with ML-KEM, and RSA and ECDSA with ML-DSA.
The most likely integration of key exchange will be to use a hybrid method, such as ML-KEM-X25519:
This will use both X25519 (with elliptic curves) and ML-KEM to create the key. There will also be the opportunity for hybrid digital signature methods, such as with ML-DSA-Ed25519:
