An open-source project called Open Quantum Safe (OQS) aims to facilitate the switch to quantum-resistant cryptography. It is a member of the Post-Quantum Cryptography Alliance of the Linux Foundation.
Here’s a detailed explanation of Open Quantum Safe:
Purpose and Goal
The goal of Open Quantum Safe is to create and test quantum-resistant cryptography. Its primary objective is to assist businesses in making the shift to a quantum-safe future by giving them the resources they need to develop and evaluate new cryptographic algorithms. It offers software for quantum-resistant cryptography prototyping.
Research conducted by the project’s own team and others is also supported.
You can also read Quantum Readiness Dashboard Leads By Palo Alto Networks
History
Michele Mosca and Douglas Stebila established the OQS project in 2014 as a scientific endeavour.
Its initial goal was to make it possible to test and prototype novel quantum-resistant algorithms.
While continuing to assist research on novel algorithms, Open Quantum Safe refocused on developing a production-track codebase for standardised algorithms as the area of post-quantum cryptography developed and the NIST (National Institute of Standards and Technology) PQC standardisation process got underway.
The Open Quantum Safe project became a formal member of the Linux Foundation in January 2024.
Core Components and Architecture
Two primary areas of work or components make up Open Quantum Safe:
- liboqs: An open-source C library for quantum-resistant cryptography techniques is called liboqs. It is regarded as the OQS project’s central component.
- Key Encapsulation Mechanisms (KEMs) and digital signature systems are among the quantum-resistant cryptographic techniques that are implemented in liboqs.
- It supports the x86-64, ARM32v7, and ARM64v8 architectures and builds upon Windows, macOS, and Linux.
- Numerous programming languages, such as C++, Go, Java,.Net, Python, and Rust, have wrappers available.
- Prototype Integrations: The Open Quantum Safe team also develops prototypes that incorporate liboqs into popular applications and protocols. This enables researchers and developers to evaluate new algorithms’ performance in practical settings.
- Examples of such integrations include OpenSSL, TLS, SSH, X.509, and CMS/S/MIME.
- Applications like Apache, nginx, haproxy, curl, and Chromium also have demo connectors available.
- “Crypto-agile” Design: OQS’s architecture is “crypto-agile,” meaning that switching out cryptographic algorithms is simple. The PQC scene is still changing, thus this is really important. The intention is to provide a hybrid strategy that manages risk during the transition by combining new post-quantum algorithms with more established ones, such as RSA and ECC.
Types of Quantum-Resistant Algorithms
Encouraged Various post-quantum cryptography methods that are based on “hard problems” that are thought to be challenging for both classical and quantum computers to solve are implemented within the Open Quantum Safe framework. These consist of:
Lattice-based cryptography: CRYSTALS-Kyber (a KEM) and CRYSTALS-Dilithium (a digital signature scheme), two of the first algorithms chosen by NIST for standardisation, are part of the prominent family of algorithms known as lattice-based cryptography. FrodoKEM and NTRU-Prime are two other lattice-based algorithms that are supported.
Hash-based cryptography: Among the algorithms used in hash-based cryptography are SPHINCS+ and LMS/XMSS/HSS. Although they may have higher signature sizes or a limited number of uses per key pair, these are thought to be quite secure.
Code-based cryptography: This category includes algorithms such as HQC and Classic McEliece.
Cryptography from other families, such as isogeny-based and multivariate-based, is also studied and assessed.
BIKE, CROSS, MAYO, ML-DSA, ML-KEM, and SNOVA are some of the other specific algorithms mentioned.
You can also read Qunova Computing Gets $10M In Series A For HI-VQE Algorithm
Advantages
Future-Proofing: Open Quantum Safe assists businesses in getting ready for the possible arrival of quantum computers that are relevant to cryptography and can crack existing public-key encryption.
Open Source: This collaborative and open effort encourages openness and code audits by the community.
Crypto-Agility: As PQC standards change, its modular architecture makes it simple to convert between various algorithms.
Prototyping: Before complete standardisation and deployment, prototyping offers researchers and developers a useful means of testing new algorithms and comprehending the effects they have on performance.
Disadvantages and Challenges
Performance Overhead: Many post-quantum algorithms are computationally intensive and have larger key sizes and signatures than classical algorithms, which can affect network performance and storage needs.
Lack of Standardization: Although several algorithms have been chosen by NIST for standardisation, the process is still under progress. New vulnerabilities may be found because the new algorithms have not been examined as thoroughly as RSA or ECC.
“Harvest Now, Decrypt Later” Threat: Until a quantum computer that can crack the encryption is developed, sensitive data that is encrypted today could be collected and kept, necessitating an urgent change.
Migration Complexity: Making the switch to new cryptographic standards for big, complicated infrastructures is a big task that needs meticulous preparation, a lot of money, and a trained crew.
Applications
Uses Open Quantum Safe is made for any protocol or application that uses public-key cryptography. Important areas of application include:
Secure Communications: Encrypting email, web traffic, and other network communications with quantum-resistant techniques in TLS.
Software Updates: Making certain that firmware and software upgrades are safely authenticated using digital signatures that are resistant to quantum errors.
Internet of Things (IoT): Protecting the communications and low-power devices.
Blockchain and Digital Currencies: Defending against quantum attacks on the cryptographic underpinnings of these technologies.
OpenVPN, Chromium, curl, links, nginx, and Apache httpd have all been demonstrated and integrated.
Development and Community
GitHub repositories are where all development happens. New contributors are welcome to the project.
It provides mentorships through the Mentorship program of the Linux Foundation.
Numerous organisations and contributors from the public sector, business, academia, and private sector support the initiative. Microsoft Research, IBM Research, and Amazon Web Services are notable industry partners.
Releases of liboqs, oqs-provider, and several language bindings (Rust, Java, C++, Go, and Python) are examples of recent changes. Liboq security evaluations have also been made public.
Benchmarking and Research
Open Quantum Safe offers tools for benchmarking TLS performance, memory use, and core algorithm speed.
It is utilised in academic publications on subjects like blockchain and TLS without handshake signatures, as well as in research and prototyping by companies like Cisco, IBM, and Microsoft Research to assess post-quantum TLS, SSH, and VPN performance.
You can also read Quantum Integrated Discovery Orchestrator For Drug Science
