# Standards and Deployment (W8) — read upstream

The final Tuesday wraps up with a survey of the NIST PQC standards (most of
the technical material is in upstream Ch 44) and a deployment-focused lab on
hybrid TLS. Project presentations close the course.

| Week | Chapter | Direct link |
|------|---------|-------------|
| **W8 (lecture)** | **Ch 44 — NIST Post-Quantum Cryptography Standards** | <https://bnaskrecki.faculty.wmi.amu.edu.pl/crypto/book/part15_code_based_frontiers/ch44_nist_pqc_standards.html> |
| **W8 (closing)** | **Ch 45 — Synthesis: From Al-Kindi to Post-Quantum** | <https://bnaskrecki.faculty.wmi.amu.edu.pl/crypto/book/part15_code_based_frontiers/ch45_synthesis.html> |

## What we add on top of Ch 44

The upstream chapter is current as of early 2025. In the lecture we update it with:

- **HQC selected** as fifth NIST standard (announced 11 March 2025).
- **Draft FIPS 206 (FN-DSA / Falcon)** status — final publication expected in 2025/2026.
- **Hybrid deployments** in TLS 1.3, SSH, and IKEv2: the IETF TLS WG draft
  *Hybrid key exchange in TLS 1.3* (draft-ietf-tls-hybrid-design) and the
  associated `oqs-provider` for OpenSSL.
- **CNSA 2.0** (US NSA, 2022/2024 updates) deadlines: software-signing PQC by 2025;
  TLS/IPsec PQC by 2030; full transition by 2033.
- **BSI / ANSSI / ENISA** guidance for the EU side; positions on
  hybrid-only-for-now vs. PQC-only acceptance.
- **Crypto agility** as a software-engineering requirement: separating
  algorithm choice from protocol implementation, telemetry to monitor
  algorithm usage, key-rotation playbooks.

## Lab — hybrid TLS handshake

**Goal:** stand up a TLS 1.3 server using OpenSSL + `oqs-provider`, configure
hybrid `X25519+Kyber768` key exchange, capture the handshake in Wireshark,
and measure the byte-overhead vs. classical X25519.

```bash
# 1. Install OpenSSL >= 3.2 and oqs-provider
#    Follow https://github.com/open-quantum-safe/oqs-provider#installation

# 2. Generate a self-signed cert (classical, for simplicity)
openssl req -x509 -newkey ec -pkeyopt ec_paramgen_curve:P-256 \
    -keyout server.key -out server.crt -days 1 -nodes -subj '/CN=localhost'

# 3. Start a server with hybrid groups enabled
openssl s_server -accept 4433 -cert server.crt -key server.key \
    -groups x25519_kyber768 -tls1_3

# 4. Connect from a client and observe the handshake
openssl s_client -connect localhost:4433 -groups x25519_kyber768 -tls1_3 \
    -msg -trace
```

Capture the corresponding `ClientHello` and `ServerHello` in Wireshark; compute
the byte difference vs. a classical-only `x25519` handshake.

## Project presentations

Pairs present their PQC project (10 min + 5 min Q&A). Hand in:

1. The toy implementation (single Python file or Jupyter notebook).
2. A 2-page write-up: scheme overview, parameter choices, attack reproduced,
   measurement results.
3. The slides used in the presentation.

Submission deadline: end-of-day on the W8 Tuesday.