If you’re part of the Web PKI community and haven’t heard of Merkle Tree Certificates then you must have been hiding under a rock for the past year! These are the new format of certificates that are being pushed by Google and Cloudflare to solve the issue of large public keys and signatures in ML-DSA […]

Here at wolfSSL we always stay on top of our customer’s requirements. By now you’ve heard us talk about the NSA’s (National Security Agency) CNSA 2.0 (Commercial National Security Algorithm Suite 2.0) ad nauseum. Well, let’s focus in on it again and zero in on that first line: It states that for Software and Firmware […]

Executive Summary Problem: Zynq UltraScale+ MPSoC secure boot authenticates the FSBL with RSA-4096 in immutable BootROM. CNSA 2.0 requires post-quantum algorithms for long-term software and firmware verification. RSA-4096 is not quantum-resistant, so the BootROM cannot be the final CNSA 2.0 firmware-authentication answer. Solution: Use wolfBoot as the system-level post-quantum authorization…

We’re proud to announce that wolfCrypt Post Quantum has officially received CAVP validation from NIST, listed under certificate #A8437. This validation covers the CNSA 2.0 compatible algorithm library contained within the wolfSSL TLS bundle (v7.0.0), and is a critical milestone on the path to a full FIPS 140-3 module validation for our post-quantum module. Certificate […]

Go checkout the master branch of wolfSSH. Two new hybrid KEX methods have been added. Both are defined in draft-ietf-sshm-mlkem-hybrid-kex: mlkem768x25519-sha256 — ML-KEM-768 paired with X25519 mlkem1024nistp384-sha384 — ML-KEM-1024 paired with NIST P-384 This joins mlkem768nistp256-sha256 which has been there for a long time. Why hybrid The “harvest now, decrypt later” threat model means…

When curl is built with wolfSSL as the TLS backend, you can get ML-KEM and ML-DSA post-quantum algorithm support in TLS 1.3, provided wolfSSL was configured with --enable-curl, --enable-mlkem and --enable-mldsa. Getting started with wolfSSL? Download the latest libraries here and start exploring. The following ML-KEM groups are available: Pure ML-KEM (post-quantum only) ML_KEM_512 ML_KEM_768 […]

Cloudflare IPsec now has generally available support for post-quantum encryption via hybrid ML-KEM. We’ve confirmed interoperability with Cisco and Fortinet.

Post-quantum standards like ML-DSA introduce significant compute challenges. These lattice-based schemes rely on high-degree polynomial math that can overwhelm traditional CPUs, making GPU acceleration essential for high-volume environments. The primary bottlenecks occur during Key Generation and Signing. In ML-DSA, signature generation is particularly intensive due to rejection sampling. This…

Googleが暗号分野における量子コンピュータへの備えの想定期限を2029年に前倒しした――つまり、ほんの33ヶ月後である。

The post 量子コンピュータによる暗号化の危機はすでに始まっている（ので、今から気をつけようね！） first appeared on p2ptk[.]org.

Recent advances in quantum hardware and software have accelerated the timeline on which quantum attack might happen. Cloudflare is responding by moving our target for full post-quantum security to 2029.

With the formalization of ML-DSA for post-quantum usage, lattice-based cryptography introduces a significant compute challenge. Unlike traditional ECC or RSA, ML-DSA relies on complex polynomial math across hundreds of dimensions, creating a performance wall for high-volume systems. To address this compute issue, wolfSSL can utilize CUDA to accelerate these lattice operations, offloading the…

The linux kernel’s ctcrypto subsystem is powerful and flexible, containing the kernel’s internal implementations for familiar algorithms such as RSA and ECDSA, along with an API framework that allows registering cryptographic providers for other crypto-consuming modules. A quick glance at output from cat /proc/crypto shows a rich set of crypto drivers exposed, ranging from the […]

wolfSSL is excited to announce the addition of post-quantum cryptographic algorithms in Rust to the wolfSSL 2026 roadmap! The planned additions to the wolfSSL Rust API include the ML-KEM, ML-DSA, LMS, XMSS, Falcon, and SPHINCS+ algorithms. These additions will bring direct support to Rust projects for the robust wolfSSL implementations of the most future-proof post-quantum […]

Post-quantum cryptography (PQC) has long sat on the periphery of enterprise security, with experts calling it inevitable but not urgent. That posture is beginning to shift.

Earlier this year, Palo Alto Networks published a blog announcing a new “quantum-safe security” initiative, framing it as a way for enterprises to assess where quantum-vulnerable cryptography exists across their environments…

Cloudflare Radar has added new tools for monitoring PQ adoption, KT logs for messaging, and ASPA routing records to track the Internet's migration toward more secure encryption and routing standards.

We’ve upgraded Cloudflare One to support post-quantum encryption by implementing the latest IETF drafts for hybrid ML-KEM into our Cloudflare IPsec product. This extends post-quantum encryption across all major Cloudflare One on-ramps and off-ramps.

wolfSSL is actively developing a new FIPS 140-3 certificate that incorporates NIST’s finalized post-quantum algorithms (FIPS 203, 204, 205), reflecting its ongoing commitment to long-term compliance, regulatory readiness, and early adoption of emerging cryptographic standards. Initial PQC-enabled FIPS configurations are available for integration and evaluation, supporting CNSA 2.0-aligned use…