Version 3.0 of our Post Quantum Provider completes the alignment of the ML-KEM (Kyber) and ML-DSA (Dilithium) key-establishment and digitial signature algorithm implementations with the final versions of the NIST standard specifications (FIPS 203 and FIPS 204). Furthermore the IAIK-PQ provider has been enhanced with the implementation of the HQC code-based public-key encryption and key-establishment algorithm from the 4th round of the NIST competition.
Post Quantum Cryptography has also found its way into our TLS library iSaSiLk. iSaSiLk now implements ML-KEM only as well as hybrid key exchange methods.
Since the purpose of TLS key exchange is to establish a session key for encrypting the data, TLS key exchange may be subject of “harvest now, decrypt later” threads where the attacker collects encrypted messages to attempt to decrypt them at a later date when cryptographically relevant quantum computers become available. For that reason it is of higher priority to make the key exchange parts of TLS quantum resistant than PQ protecting the authentication parts.
During a transition period, before quantum resistant technologies will become well deployed, TLS recommends the usage of hybrid methods for protecting the data transfer by combining classical and post quantum cryptographic algorithms.
As first step towards post quantum cryptography support iSaSiLk now introduces implementations of both ML-KEM only as well as hybrid key exchange methods. Especially the hybrid variant with ECDHE key agreement and ML-KEM key encapsulation is already widely deployed. Thus iSaSiLk can be used to perform quantum resistant TLS key exchange with other PQC supporting client/server applications.
Please see the IAIK PQ and iSaSiLk product pages and visit our download center to get the new versions.
Kind regards,
Your SIC/IAIK Java Security Team!