Interoperability of RHEL 10 post-quantum cryptography

Updated -

While all RHEL 10 post-quantum cryptography (PQC) algorithms that use official names (ML-KEM, ML-DSA) follow the NIST-published standards for their implementation (FIPS 203 and 204), the National Institute of Standards and Technology (NIST) standards do not specify how the algorithms are used in other protocols or file formats.

A large set of possible ways to use them have been created, but only the ones that will be standardized by IETF may be supported in future releases of RHEL.

None of the listed post-quantum algorithms or algorithm combinations is guaranteed to be supported long term in Red Hat Enterprise Linux.

OpenSSL oqsprovider

The post-quantum algorithms in OpenSSL in RHEL 10.0 are provided through the oqsprovider package. An installation of the oqsprovider package automatically enables the open quantum-safe provider for OpenSSL (oqsprovider) and the use of the PQC algorithms implemented in the provider.

The OQS provider (oqsprovider-0.8.0-5.el10) implements the ML-KEM (Module-Lattice-Based Key-Encapsulation Mechanism) and ML-DSA (Module-Lattice-Based Digital Signature Algorithm) NIST standards. The package provides an early draft version of SLH-DSA (Stateless Hash-Based Digital Signature), the SPHINCS+ algorithm, which will not be supported in the future.

The OQS provider implements many algorithms, especially hybrids, that will not be supported in future RHEL releases.

KEM algorithms

Algorithm name ASN.1 Object ID (OID) Standard private key file format Private key standard reference Standard public key file format Public key standard reference TLS Group ID Issue reference
mlkem512 2.16.840.1.101.3.4.4.1 no oqsprovider-specific yes draft-ietf-lamps-kyber-certificates-10 not supported RHEL-72719
p256_mlkem512 1.3.6.1.4.1.22554.5.7.1 no oqsprovider-specific no oqsprovider-specific not supported
x25519_mlkem512 1.3.6.1.4.1.22554.5.8.1 no oqsprovider-specific no oqsprovider-specific not supported
mlkem768 2.16.840.1.101.3.4.4.2 no oqsprovider-specific yes draft-ietf-lamps-kyber-certificates-10 not supported RHEL-72719
p384_mlkem768 not supported not supported not supported not supported
x448_mlkem768 not supported not supported not supported not supported
X25519MLKEM768 not supported not supported not supported 4588
SecP256r1MLKEM768 not supported not supported not supported 4587
mlkem1024 2.16.840.1.101.3.4.4.3 no oqsprovider-specific yes draft-ietf-lamps-kyber-certificates-10 not supported RHEL-72719
p521_mlkem1024 not supported not supported not supported not supported
SecP384r1MLKEM1024 1.3.6.1.4.1.42235.6 no oqsprovider-specific no oqsprovider-specific 4589

Signing algorithms

Algorithm name ASN.1 Object ID (OID) Standard private key file format Private key standard reference Standard public key file format Public key standard reference TLS SignatureScheme ID Issue reference
mldsa44 2.16.840.1.101.3.4.3.17 no oqsprovider-specific yes draft-ietf-lamps-dilithium-certificates-08 0x0904
p256_mldsa44 1.3.9999.7.5 no oqsprovider-specific no oqsprovider-specific 0xff06
rsa3072_mldsa44 1.3.9999.7.6 no oqsprovider-specific no oqsprovider-specific 0xff07
mldsa44_pss2048 2.16.840.1.114027.80.8.1.1 no oqsprovider-specific no oqsprovider-specific 0x090f
mldsa44_rsa2048 2.16.840.1.114027.80.8.1.2 no oqsprovider-specific no oqsprovider-specific 0x090c
mldsa44_ed25519 2.16.840.1.114027.80.8.1.3 no oqsprovider-specific no oqsprovider-specific 0x090a
mldsa44_p256 2.16.840.1.114027.80.8.1.4 no oqsprovider-specific no oqsprovider-specific 0x0907
mldsa44_bp256 2.16.840.1.114027.80.8.1.5 no oqsprovider-specific no oqsprovider-specific 0xfee5
mldsa65 2.16.840.1.101.3.4.3.18 no oqsprovider-specific yes draft-ietf-lamps-dilithium-certificates-08 0x0905
p384_mldsa65 1.3.9999.7.7 no oqsprovider-specific no oqsprovider-specific 0xff08
mldsa65_pss3072 2.16.840.1.114027.80.8.1.6 no oqsprovider-specific no oqsprovider-specific 0x0910
mldsa65_rsa3072 2.16.840.1.114027.80.8.1.7 no oqsprovider-specific no oqsprovider-specific 0x090d
mldsa65_p256 2.16.840.1.114027.80.8.1.8 no oqsprovider-specific no oqsprovider-specific 0x0908
mldsa65_bp256 2.16.840.1.114027.80.8.1.9 no oqsprovider-specific no oqsprovider-specific 0xfee9
mldsa65_ed25519 2.16.840.1.114027.80.8.1.10 no oqsprovider-specific no oqsprovider-specific 0x090b
mldsa87 2.16.840.1.101.3.4.3.19 no oqsprovider-specific yes draft-ietf-lamps-dilithium-certificates-08 0x0906
p521_mldsa87 1.3.9999.7.8 no oqsprovider-specific no oqsprovider-specific 0xff09
mldsa87_p384 2.16.840.1.114027.80.8.1.11 no oqsprovider-specific no oqsprovider-specific 0x0909
mldsa87_bp384 2.16.840.1.114027.80.8.1.12 no oqsprovider-specific no oqsprovider-specific 0xfeec
mldsa87_ed448 2.16.840.1.114027.80.8.1.13 no oqsprovider-specific no oqsprovider-specific 0x0912
sphincssha2128fsimple 1.3.9999.6.4.13 no oqsprovider-specific no oqsprovider-specific 0xfeb3
p256_sphincssha2128fsimple 1.3.9999.6.4.14 no oqsprovider-specific no oqsprovider-specific 0xfeb4
rsa3072_sphincssha2128fsimple 1.3.9999.6.4.15 no oqsprovider-specific no oqsprovider-specific 0xfeb5
sphincssha2128ssimple 1.3.9999.6.4.16 no oqsprovider-specific no oqsprovider-specific 0xfeb6
p256_sphincssha2128ssimple 1.3.9999.6.4.17 no oqsprovider-specific no oqsprovider-specific 0xfeb7
rsa3072_sphincssha2128ssimple 1.3.9999.6.4.18 no oqsprovider-specific no oqsprovider-specific 0xfeb8
sphincssha2192fsimple 1.3.9999.6.5.10 no oqsprovider-specific no oqsprovider-specific 0xfeb9
p384_sphincssha2192fsimple 1.3.9999.6.5.11 no oqsprovider-specific no oqsprovider-specific 0xfeba
sphincsshake128fsimple 1.3.9999.6.7.13 no oqsprovider-specific no oqsprovider-specific 0xfec2
p256_sphincsshake128fsimple 1.3.9999.6.7.14 no oqsprovider-specific no oqsprovider-specific 0xfec3
rsa3072_sphincsshake128fsimple 1.3.9999.6.7.15 no oqsprovider-specific no oqsprovider-specific 0xfec4

GnuTLS

KEM algorithms

Algorithm name ASN.1 Object ID (OID) Standard private key file format Private key standard reference Standard public key file format Public key standard reference TLS Group ID Issue reference
GROUP-SECP256R1-MLKEM768 not supported not supported not supported not supported 4587
GROUP-SECP384R1-MLKEM1024 not supported not supported not supported not supported 4589
GROUP-X25519-MLKEM768 not supported not supported not supported not supported 4588

Signing algorithms

Algorithm name ASN.1 Object ID (OID) Standard private key file format Private key standard reference Standard public key file format Public key standard reference TLS SignatureScheme ID Issue reference
mldsa44 2.16.840.1.101.3.4.3.17 no oqsprovider-specific yes draft-ietf-lamps-dilithium-certificates-08 not supported RHEL-64740, RHEL-85829
mldsa65 2.16.840.1.101.3.4.3.18 no oqsprovider-specific yes draft-ietf-lamps-dilithium-certificates-08 not supported RHEL-64740, RHEL-85829
mldsa87 2.16.840.1.101.3.4.3.19 no oqsprovider-specific yes draft-ietf-lamps-dilithium-certificates-08 not supported RHEL-64740, RHEL-85829

NSS

KEM algorithms

Algorithm name ASN.1 Object ID (OID) Standard private key file format Private key standard reference Standard public key file format Public key standard reference TLS Group ID Issue reference
mlkem768secp256r1 not supported not supported not supported not supported 4587
mlkem768x25519 not supported not supported not supported not supported 4588

OpenSSH

KEM algorithms

Algorithm name Standard reference Issue reference
sntrup761x25519-sha512 draft-ietf-sshm-ntruprime-ssh-02
sntrup761x25519-sha512@openssh.com draft-ietf-sshm-ntruprime-ssh-02
mlkem768x25519-sha256 draft-ietf-sshm-mlkem-hybrid-kex-02

Go

The Go toolset supports only one, very early, draft of post-quantum key exchange in TLS. It is not supported by any other library in RHEL 10, and it will not be supported in the future.

KEM algorithms

Algorithm name ASN.1 Object ID (OID) Standard private key file format Private key standard reference Standard public key file format Public key standard reference TLS Group ID Issue reference
x25519Kyber768Draft00 not supported not supported not supported not supported 25497

Additional resources

NIST FIPS 203: Module-Lattice-Based Key-Encapsulation Mechanism Standard
NIST FIPS 204: Module-Lattice-Based Digital Signature Standard
NIST FIPS 205: Stateless Hash-Based Digital Signature Standard

Comments