Interoperability of RHEL 10 post-quantum cryptography

Updated

While all RHEL 10 post-quantum cryptography (PQC) algorithms that use official names (ML-KEM, ML-DSA, SLH-DSA) follow the NIST-published standards for their implementation (FIPS 203, 204, and 205), the National Institute of Standards and Technology (NIST) standards do not specify how the algorithms are used in other protocols or file formats.

A large set of possible ways to use them have been created, but only the ones that will be standardized by IETF might be supported in future releases of RHEL.

Red Hat Enterprise Linux 10.1

The post-quantum cryptography available in RHEL 10.1 is fully supported. The implementations use IETF-defined identifiers and file formats for those algorithms.

OpenSSL

The post-quantum algorithms in OpenSSL 3.5 in RHEL 10.1 are included in the default provider. They are not included in the fips provider; as such, only the hybrid key exchange algorithms that use the FIPS-approved curves are functional when the system works in FIPS mode: the SecP256r1MLKEM768 and SecP384r1MLKEM1024.

KEM Algorithms

Algorithm nameASN.1 Object ID (OID)Standard private key file formatPrivate key standard referenceStandard public key file formatPublic key standard referenceTLS Group IDIssue reference
mlkem5122.16.840.1.101.3.4.4.1yesContent from datatracker.ietf.org is not included.draft-ietf-lamps-kyber-certificates-11yesContent from datatracker.ietf.org is not included.draft-ietf-lamps-kyber-certificates-11512
mlkem7682.16.840.1.101.3.4.4.2yesContent from datatracker.ietf.org is not included.draft-ietf-lamps-kyber-certificates-11yesContent from datatracker.ietf.org is not included.draft-ietf-lamps-kyber-certificates-11513
mlkem10242.16.840.1.101.3.4.4.3yesContent from datatracker.ietf.org is not included.draft-ietf-lamps-kyber-certificates-11yesContent from datatracker.ietf.org is not included.draft-ietf-lamps-kyber-certificates-11514
X25519MLKEM768not supportednot supportednot supported4588
SecP256r1MLKEM768not supportednot supportednot supported4587
X448MLKEM1024not supportednot supportednot supportednot supported
SecP384r1MLKEM1024not supportednot supportednot supported4589

Signing algorithms

Algorithm nameASN.1 Object ID (OID)Standard private key file formatPrivate key standard referenceStandard public key file formatPublic key standard referenceTLS SignatureScheme IDIssue reference
mldsa442.16.840.1.101.3.4.3.17yesContent from datatracker.ietf.org is not included.draft-ietf-lamps-dilithium-certificates-13yesContent from datatracker.ietf.org is not included.draft-ietf-lamps-dilithium-certificates-130x0904
mldsa652.16.840.1.101.3.4.3.18yesContent from datatracker.ietf.org is not included.draft-ietf-lamps-dilithium-certificates-13yesContent from datatracker.ietf.org is not included.draft-ietf-lamps-dilithium-certificates-130x0905
mldsa872.16.840.1.101.3.4.3.19yesContent from datatracker.ietf.org is not included.draft-ietf-lamps-dilithium-certificates-13yesContent from datatracker.ietf.org is not included.draft-ietf-lamps-dilithium-certificates-130x0906
SLH-DSA-SHA2-128s2.16.840.1.101.3.4.3.20yesContent from datatracker.ietf.org is not included.draft-ietf-lamps-x509-slhdsa-09yesContent from datatracker.ietf.org is not included.draft-ietf-lamps-x509-slhdsa-09
SLH-DSA-SHA2-128f2.16.840.1.101.3.4.3.21yesContent from datatracker.ietf.org is not included.draft-ietf-lamps-x509-slhdsa-09yesContent from datatracker.ietf.org is not included.draft-ietf-lamps-x509-slhdsa-09
SLH-DSA-SHA2-192s2.16.840.1.101.3.4.3.22yesContent from datatracker.ietf.org is not included.draft-ietf-lamps-x509-slhdsa-09yesContent from datatracker.ietf.org is not included.draft-ietf-lamps-x509-slhdsa-09
SLH-DSA-SHA2-192f2.16.840.1.101.3.4.3.23yesContent from datatracker.ietf.org is not included.draft-ietf-lamps-x509-slhdsa-09yesContent from datatracker.ietf.org is not included.draft-ietf-lamps-x509-slhdsa-09
SLH-DSA-SHA2-256s2.16.840.1.101.3.4.3.24yesContent from datatracker.ietf.org is not included.draft-ietf-lamps-x509-slhdsa-09yesContent from datatracker.ietf.org is not included.draft-ietf-lamps-x509-slhdsa-09
SLH-DSA-SHA2-256f2.16.840.1.101.3.4.3.25yesContent from datatracker.ietf.org is not included.draft-ietf-lamps-x509-slhdsa-09yesContent from datatracker.ietf.org is not included.draft-ietf-lamps-x509-slhdsa-09
SLH-DSA-SHAKE-128s2.16.840.1.101.3.4.3.26yesContent from datatracker.ietf.org is not included.draft-ietf-lamps-x509-slhdsa-09yesContent from datatracker.ietf.org is not included.draft-ietf-lamps-x509-slhdsa-09
SLH-DSA-SHAKE-128f2.16.840.1.101.3.4.3.27yesContent from datatracker.ietf.org is not included.draft-ietf-lamps-x509-slhdsa-09yesContent from datatracker.ietf.org is not included.draft-ietf-lamps-x509-slhdsa-09
SLH-DSA-SHAKE-192s2.16.840.1.101.3.4.3.28yesContent from datatracker.ietf.org is not included.draft-ietf-lamps-x509-slhdsa-09yesContent from datatracker.ietf.org is not included.draft-ietf-lamps-x509-slhdsa-09
SLH-DSA-SHAKE-192f2.16.840.1.101.3.4.3.29yesContent from datatracker.ietf.org is not included.draft-ietf-lamps-x509-slhdsa-09yesContent from datatracker.ietf.org is not included.draft-ietf-lamps-x509-slhdsa-09
SLH-DSA-SHAKE-256s2.16.840.1.101.3.4.3.30yesContent from datatracker.ietf.org is not included.draft-ietf-lamps-x509-slhdsa-09yesContent from datatracker.ietf.org is not included.draft-ietf-lamps-x509-slhdsa-09
SLH-DSA-SHAKE-256f2.16.840.1.101.3.4.3.31yesContent from datatracker.ietf.org is not included.draft-ietf-lamps-x509-slhdsa-09yesContent from datatracker.ietf.org is not included.draft-ietf-lamps-x509-slhdsa-09

GnuTLS

KEM algorithms

Algorithm nameASN.1 Object ID (OID)Standard private key file formatPrivate key standard referenceStandard public key file formatPublic key standard referenceTLS Group IDIssue reference
GROUP-SECP256R1-MLKEM768not supportednot supportednot supportednot supported4587
GROUP-SECP384R1-MLKEM1024not supportednot supportednot supportednot supported4589
GROUP-X25519-MLKEM768not supportednot supportednot supportednot supported4588

Signing algorithms

Algorithm nameASN.1 Object ID (OID)Standard private key file formatPrivate key standard referenceStandard public key file formatPublic key standard referenceTLS SignatureScheme IDIssue reference
mldsa442.16.840.1.101.3.4.3.17yesContent from datatracker.ietf.org is not included.draft-ietf-lamps-dilithium-certificates-13yesContent from datatracker.ietf.org is not included.draft-ietf-lamps-dilithium-certificates-130x0904
mldsa652.16.840.1.101.3.4.3.18yesContent from datatracker.ietf.org is not included.draft-ietf-lamps-dilithium-certificates-13yesContent from datatracker.ietf.org is not included.draft-ietf-lamps-dilithium-certificates-130x0905
mldsa872.16.840.1.101.3.4.3.19yesContent from datatracker.ietf.org is not included.draft-ietf-lamps-dilithium-certificates-13yesContent from datatracker.ietf.org is not included.draft-ietf-lamps-dilithium-certificates-130x0906

NSS

KEM algorithms

Algorithm nameASN.1 Object ID (OID)Standard private key file formatPrivate key standard referenceStandard public key file formatPublic key standard referenceTLS Group IDIssue reference
secp256r1mlkem768not supportednot supportednot supportednot supported4587
x25519mlkem768not supportednot supportednot supportednot supported4588
secp384r1mlkem1024not supportednot supportednot supportednot supported4589

Signing algorithms

Algorithm nameASN.1 Object ID (OID)Standard private key file formatPrivate key standard referenceStandard public key file formatPublic key standard referenceTLS SignatureScheme IDIssue reference
mldsa442.16.840.1.101.3.4.3.17yesContent from datatracker.ietf.org is not included.draft-ietf-lamps-dilithium-certificates-13yesContent from datatracker.ietf.org is not included.draft-ietf-lamps-dilithium-certificates-130x0904
mldsa652.16.840.1.101.3.4.3.18yesContent from datatracker.ietf.org is not included.draft-ietf-lamps-dilithium-certificates-13yesContent from datatracker.ietf.org is not included.draft-ietf-lamps-dilithium-certificates-130x0905
mldsa872.16.840.1.101.3.4.3.19yesContent from datatracker.ietf.org is not included.draft-ietf-lamps-dilithium-certificates-13yesContent from datatracker.ietf.org is not included.draft-ietf-lamps-dilithium-certificates-130x0906

OpenSSH

KEM algorithms

Algorithm nameStandard referenceIssue reference
sntrup761x25519-sha512Content from datatracker.ietf.org is not included.draft-ietf-sshm-ntruprime-ssh-02
sntrup761x25519-sha512@openssh.comContent from datatracker.ietf.org is not included.draft-ietf-sshm-ntruprime-ssh-02
mlkem768x25519-sha256Content from datatracker.ietf.org is not included.draft-ietf-sshm-mlkem-hybrid-kex-02

Go

KEM algorithms

Algorithm nameASN.1 Object ID (OID)Standard private key file formatPrivate key standard referenceStandard public key file formatPublic key standard referenceTLS Group IDIssue reference
X25519MLKEM768not supportednot supportednot supportednot supported4588

Red Hat Enterprise Linux 10.0

In RHEL 10.0 support for post-quantum cryptography is present as Technology Preview. In particular, the set of supported algorithms and the file formats used by those implementations are not standard.

OpenSSL oqsprovider

The post-quantum algorithms in OpenSSL in RHEL 10.0 are provided through the oqsprovider package. An installation of the oqsprovider package automatically enables the open quantum-safe provider for OpenSSL (oqsprovider) and the use of the PQC algorithms implemented in the provider.

The OQS provider (oqsprovider-0.8.0-5.el10) implements the ML-KEM (Module-Lattice-Based Key-Encapsulation Mechanism) and ML-DSA (Module-Lattice-Based Digital Signature Algorithm) NIST standards. The package provides an early draft version of SLH-DSA (Stateless Hash-Based Digital Signature), the SPHINCS+ algorithm, which will not be supported in the future.

The OQS provider implements many algorithms, especially hybrids, that will not be supported in future RHEL releases.

KEM algorithms

Algorithm nameASN.1 Object ID (OID)Standard private key file formatPrivate key standard referenceStandard public key file formatPublic key standard referenceTLS Group IDIssue reference
mlkem5122.16.840.1.101.3.4.4.1nooqsprovider-specificyesContent from datatracker.ietf.org is not included.draft-ietf-lamps-kyber-certificates-10not supportedThis content is not included.RHEL-72719
p256_mlkem5121.3.6.1.4.1.22554.5.7.1nooqsprovider-specificnooqsprovider-specificnot supported
x25519_mlkem5121.3.6.1.4.1.22554.5.8.1nooqsprovider-specificnooqsprovider-specificnot supported
mlkem7682.16.840.1.101.3.4.4.2nooqsprovider-specificyesContent from datatracker.ietf.org is not included.draft-ietf-lamps-kyber-certificates-10not supportedThis content is not included.RHEL-72719
p384_mlkem768not supportednot supportednot supportednot supported
x448_mlkem768not supportednot supportednot supportednot supported
X25519MLKEM768not supportednot supportednot supported4588
SecP256r1MLKEM768not supportednot supportednot supported4587
mlkem10242.16.840.1.101.3.4.4.3nooqsprovider-specificyesContent from datatracker.ietf.org is not included.draft-ietf-lamps-kyber-certificates-10not supportedThis content is not included.RHEL-72719
p521_mlkem1024not supportednot supportednot supportednot supported
SecP384r1MLKEM10241.3.6.1.4.1.42235.6nooqsprovider-specificnooqsprovider-specific4589

Signing algorithms

Algorithm nameASN.1 Object ID (OID)Standard private key file formatPrivate key standard referenceStandard public key file formatPublic key standard referenceTLS SignatureScheme IDIssue reference
mldsa442.16.840.1.101.3.4.3.17nooqsprovider-specificyesContent from datatracker.ietf.org is not included.draft-ietf-lamps-dilithium-certificates-080x0904
p256_mldsa441.3.9999.7.5nooqsprovider-specificnooqsprovider-specific0xff06
rsa3072_mldsa441.3.9999.7.6nooqsprovider-specificnooqsprovider-specific0xff07
mldsa44_pss20482.16.840.1.114027.80.8.1.1nooqsprovider-specificnooqsprovider-specific0x090f
mldsa44_rsa20482.16.840.1.114027.80.8.1.2nooqsprovider-specificnooqsprovider-specific0x090c
mldsa44_ed255192.16.840.1.114027.80.8.1.3nooqsprovider-specificnooqsprovider-specific0x090a
mldsa44_p2562.16.840.1.114027.80.8.1.4nooqsprovider-specificnooqsprovider-specific0x0907
mldsa44_bp2562.16.840.1.114027.80.8.1.5nooqsprovider-specificnooqsprovider-specific0xfee5
mldsa652.16.840.1.101.3.4.3.18nooqsprovider-specificyesContent from datatracker.ietf.org is not included.draft-ietf-lamps-dilithium-certificates-080x0905
p384_mldsa651.3.9999.7.7nooqsprovider-specificnooqsprovider-specific0xff08
mldsa65_pss30722.16.840.1.114027.80.8.1.6nooqsprovider-specificnooqsprovider-specific0x0910
mldsa65_rsa30722.16.840.1.114027.80.8.1.7nooqsprovider-specificnooqsprovider-specific0x090d
mldsa65_p2562.16.840.1.114027.80.8.1.8nooqsprovider-specificnooqsprovider-specific0x0908
mldsa65_bp2562.16.840.1.114027.80.8.1.9nooqsprovider-specificnooqsprovider-specific0xfee9
mldsa65_ed255192.16.840.1.114027.80.8.1.10nooqsprovider-specificnooqsprovider-specific0x090b
mldsa872.16.840.1.101.3.4.3.19nooqsprovider-specificyesContent from datatracker.ietf.org is not included.draft-ietf-lamps-dilithium-certificates-080x0906
p521_mldsa871.3.9999.7.8nooqsprovider-specificnooqsprovider-specific0xff09
mldsa87_p3842.16.840.1.114027.80.8.1.11nooqsprovider-specificnooqsprovider-specific0x0909
mldsa87_bp3842.16.840.1.114027.80.8.1.12nooqsprovider-specificnooqsprovider-specific0xfeec
mldsa87_ed4482.16.840.1.114027.80.8.1.13nooqsprovider-specificnooqsprovider-specific0x0912
sphincssha2128fsimple1.3.9999.6.4.13nooqsprovider-specificnooqsprovider-specific0xfeb3
p256_sphincssha2128fsimple1.3.9999.6.4.14nooqsprovider-specificnooqsprovider-specific0xfeb4
rsa3072_sphincssha2128fsimple1.3.9999.6.4.15nooqsprovider-specificnooqsprovider-specific0xfeb5
sphincssha2128ssimple1.3.9999.6.4.16nooqsprovider-specificnooqsprovider-specific0xfeb6
p256_sphincssha2128ssimple1.3.9999.6.4.17nooqsprovider-specificnooqsprovider-specific0xfeb7
rsa3072_sphincssha2128ssimple1.3.9999.6.4.18nooqsprovider-specificnooqsprovider-specific0xfeb8
sphincssha2192fsimple1.3.9999.6.5.10nooqsprovider-specificnooqsprovider-specific0xfeb9
p384_sphincssha2192fsimple1.3.9999.6.5.11nooqsprovider-specificnooqsprovider-specific0xfeba
sphincsshake128fsimple1.3.9999.6.7.13nooqsprovider-specificnooqsprovider-specific0xfec2
p256_sphincsshake128fsimple1.3.9999.6.7.14nooqsprovider-specificnooqsprovider-specific0xfec3
rsa3072_sphincsshake128fsimple1.3.9999.6.7.15nooqsprovider-specificnooqsprovider-specific0xfec4

GnuTLS

KEM algorithms

Algorithm nameASN.1 Object ID (OID)Standard private key file formatPrivate key standard referenceStandard public key file formatPublic key standard referenceTLS Group IDIssue reference
GROUP-SECP256R1-MLKEM768not supportednot supportednot supportednot supported4587
GROUP-SECP384R1-MLKEM1024not supportednot supportednot supportednot supported4589
GROUP-X25519-MLKEM768not supportednot supportednot supportednot supported4588

Signing algorithms

Algorithm nameASN.1 Object ID (OID)Standard private key file formatPrivate key standard referenceStandard public key file formatPublic key standard referenceTLS SignatureScheme IDIssue reference
mldsa442.16.840.1.101.3.4.3.17nooqsprovider-specificyesContent from datatracker.ietf.org is not included.draft-ietf-lamps-dilithium-certificates-08not supportedThis content is not included.RHEL-64740, This content is not included.RHEL-85829
mldsa652.16.840.1.101.3.4.3.18nooqsprovider-specificyesContent from datatracker.ietf.org is not included.draft-ietf-lamps-dilithium-certificates-08not supportedThis content is not included.RHEL-64740, This content is not included.RHEL-85829
mldsa872.16.840.1.101.3.4.3.19nooqsprovider-specificyesContent from datatracker.ietf.org is not included.draft-ietf-lamps-dilithium-certificates-08not supportedThis content is not included.RHEL-64740, This content is not included.RHEL-85829

NSS

KEM algorithms

Algorithm nameASN.1 Object ID (OID)Standard private key file formatPrivate key standard referenceStandard public key file formatPublic key standard referenceTLS Group IDIssue reference
mlkem768secp256r1not supportednot supportednot supportednot supported4587
mlkem768x25519not supportednot supportednot supportednot supported4588

OpenSSH

KEM algorithms

Algorithm nameStandard referenceIssue reference
sntrup761x25519-sha512Content from datatracker.ietf.org is not included.draft-ietf-sshm-ntruprime-ssh-02
sntrup761x25519-sha512@openssh.comContent from datatracker.ietf.org is not included.draft-ietf-sshm-ntruprime-ssh-02
mlkem768x25519-sha256Content from datatracker.ietf.org is not included.draft-ietf-sshm-mlkem-hybrid-kex-02

Go

The Go toolset supports only one, very early, draft of post-quantum key exchange in TLS. It is not supported by any other library in RHEL 10, and it will not be supported in the future.

KEM algorithms

Algorithm nameASN.1 Object ID (OID)Standard private key file formatPrivate key standard referenceStandard public key file formatPublic key standard referenceTLS Group IDIssue reference
x25519Kyber768Draft00not supportednot supportednot supportednot supported25497

Additional resources

Content from csrc.nist.gov is not included.NIST FIPS 203: Module-Lattice-Based Key-Encapsulation Mechanism Standard
Content from csrc.nist.gov is not included.NIST FIPS 204: Module-Lattice-Based Digital Signature Standard
Content from csrc.nist.gov is not included.NIST FIPS 205: Stateless Hash-Based Digital Signature Standard

Product(s)
Category
Article Type