Standards and Deployment (W8) — read upstream

Standards and Deployment (W8) — read upstream#

The final Tuesday wraps up with a survey of the NIST PQC standards (most of the technical material is in upstream Ch 44) and a deployment-focused lab on hybrid TLS. Project presentations close the course.

Week

Chapter

Direct link

W8 (lecture)

Ch 44 — NIST Post-Quantum Cryptography Standards

https://bnaskrecki.faculty.wmi.amu.edu.pl/crypto/book/part15_code_based_frontiers/ch44_nist_pqc_standards.html

W8 (closing)

Ch 45 — Synthesis: From Al-Kindi to Post-Quantum

https://bnaskrecki.faculty.wmi.amu.edu.pl/crypto/book/part15_code_based_frontiers/ch45_synthesis.html

What we add on top of Ch 44#

The upstream chapter is current as of early 2025. In the lecture we update it with:

  • HQC selected as fifth NIST standard (announced 11 March 2025).

  • Draft FIPS 206 (FN-DSA / Falcon) status — final publication expected in 2025/2026.

  • Hybrid deployments in TLS 1.3, SSH, and IKEv2: the IETF TLS WG draft Hybrid key exchange in TLS 1.3 (draft-ietf-tls-hybrid-design) and the associated oqs-provider for OpenSSL.

  • CNSA 2.0 (US NSA, 2022/2024 updates) deadlines: software-signing PQC by 2025; TLS/IPsec PQC by 2030; full transition by 2033.

  • BSI / ANSSI / ENISA guidance for the EU side; positions on hybrid-only-for-now vs. PQC-only acceptance.

  • Crypto agility as a software-engineering requirement: separating algorithm choice from protocol implementation, telemetry to monitor algorithm usage, key-rotation playbooks.

Lab — hybrid TLS handshake#

Goal: stand up a TLS 1.3 server using OpenSSL + oqs-provider, configure hybrid X25519+Kyber768 key exchange, capture the handshake in Wireshark, and measure the byte-overhead vs. classical X25519.

# 1. Install OpenSSL >= 3.2 and oqs-provider
#    Follow https://github.com/open-quantum-safe/oqs-provider#installation

# 2. Generate a self-signed cert (classical, for simplicity)
openssl req -x509 -newkey ec -pkeyopt ec_paramgen_curve:P-256 \
    -keyout server.key -out server.crt -days 1 -nodes -subj '/CN=localhost'

# 3. Start a server with hybrid groups enabled
openssl s_server -accept 4433 -cert server.crt -key server.key \
    -groups x25519_kyber768 -tls1_3

# 4. Connect from a client and observe the handshake
openssl s_client -connect localhost:4433 -groups x25519_kyber768 -tls1_3 \
    -msg -trace

Capture the corresponding ClientHello and ServerHello in Wireshark; compute the byte difference vs. a classical-only x25519 handshake.

Project presentations#

Pairs present their PQC project (10 min + 5 min Q&A). Hand in:

  1. The toy implementation (single Python file or Jupyter notebook).

  2. A 2-page write-up: scheme overview, parameter choices, attack reproduced, measurement results.

  3. The slides used in the presentation.

Submission deadline: end-of-day on the W8 Tuesday.

Contents