Quantum Resistant hybrid key exchange
Sean Mullan
sean.mullan at oracle.com
Mon Jun 2 16:45:32 UTC 2025
Hi Azeem,
For TLS, we are currently working on an implementation of "Hybrid Key
Exchange for TLS 1.3" [1]. We also expect to implement one or more of
the hybrid mechanisms that are being specified [2]. Expect to see a JEP
with more details on this effort in the near future.
As for other hybrid key exchange mechanisms, we are tracking X-Wing and
there was a recent message to security-dev from Sebastian Stenzel about
potentially contributing an implementation.
As Bernd mentions, our policy is not to deliver features until the
standard, or RFC has been published.
--Sean
[1] https://datatracker.ietf.org/doc/draft-ietf-tls-hybrid-design/
[2] https://datatracker.ietf.org/doc/draft-ietf-tls-ecdhe-mlkem/
[3] https://mail.openjdk.org/pipermail/security-dev/2025-May/046224.html
On 5/31/25 3:01 AM, ecki wrote:
> You find the published plans in JEPs or Jira tickets about PQC,
> currently however I have seen more groundwork like KEM and HKDF plus ML,
> none hybrid (mostly due to the fact that OpenJDK waits for standards,
> see the recent XWing discussion),
>
> I have seen that Oracle (of course) stated, that they will work on TLS
> and even back port it, for example here: https://blogs.oracle.com/
> security/post/post-quantum-cryptography <https://blogs.oracle.com/
> security/post/post-quantum-cryptography>
> Maybe Sean can comment on it, but I think the same caveat applies here -
> missing completed standardization (and NIST did their fair share to
> hinder development, glad IETF picked up, draft-ietf-tls-ecdhe-mlkem-00
> is till pretty fresh, though).
>
> I also know that ssh client providers (probably with the help of
> Bouncycastle) want to catch up to OpenSSH 10. With x25519mlkem (and
> maybe sntrupx?)
>
> The next, much bigger step IMHO is the area of (certificate) signatures/
> authentication. We have a bit more time there, so the future stays
> interesting,
>
> Gruß,
> Bernd
> --
> https://bernd.eckenfels.net
> ------------------------------------------------------------------------
> *Von:* security-dev <security-dev-retn at openjdk.org> im Auftrag von Azeem
> Jiva <a_jiva at apple.com>
> *Gesendet:* Samstag, Mai 31, 2025 3:10 AM
> *An:* security-dev at openjdk.org <security-dev at openjdk.org>
> *Betreff:* Quantum Resistant hybrid key exchange
> Hi,
> Is there a list of future quantum resistant hybrid key changes under
> development for future OpenJDK releases? Thanks.
More information about the security-dev
mailing list