Support for PQC algorithms: ML-KEM, ML-DSA and SLH-DSA ?

[seriousme]

A few days ago NIST standardized 3 PQC, algorithms:
NIST 203: ML-KEM (Module-Lattice-Based Key-Encapsulation Mechanism Standard, based on: Crystals Kyber)
NIST 204: ML-DSA (Module-Lattice-Based Digital Signature Standard, based on: Crystals Dilithium)
NIST 205: SLH-DSA (Stateless Hash-Based Digital Signature Standard, based on: SPHINCS+)

For the announcement see:
https://cloudsecurityalliance.org/blog/2024/08/15/nist-fips-203-204-and-205-finalized-an-important-step-towards-a-quantum-safe-future

It would be nice if these were added to webcrypto as well.

Various implementations (commercial and opensource) already exist as the candidate algorithms have been field tested for quite some time.
E.g.

• https://github.com/pq-crystals/dilithium
• https://github.com/randombit/botan

Chromium already supports Kyber for TLS key exchange since August 2023: https://www.thesslstore.com/blog/google-chrome-adds-support-for-a-hybrid-post-quantum-cryptographic-algorithm/

Kind regards,
Hans

[Neustradamus]

@seriousme: Thanks!

[seriousme]

FYI: the IETF LAMPS and COSE workgroups are busy standardizing these as well

I found the following IETF drafts which might help in achieving uniformity in naming and parameters.

Algorithm identifiers:

• ML-KEM: https://datatracker.ietf.org/doc/draft-ietf-lamps-kyber-certificates/
• ML-DSA: https://datatracker.ietf.org/doc/draft-ietf-lamps-dilithium-certificates/
• SLH-DSA: https://datatracker.ietf.org/doc/draft-ietf-lamps-x509-slhdsa/

ML-DSA for JOSE and COSE
https://datatracker.ietf.org/doc/draft-ietf-cose-dilithium/

Cryptographic Message Syntax

• ML-KEM: https://datatracker.ietf.org/doc/draft-ietf-lamps-cms-kyber/
• SLH-DSA: https://datatracker.ietf.org/doc/draft-ietf-lamps-cms-sphincs-plus/
• SHA3: https://datatracker.ietf.org/doc/draft-ietf-lamps-cms-sha3-hash/
  SHA3 is used by ML-KEM CMS

Kind regards,
Hans

[paulmillr]

This would probably land in webcrypto in 5 years.

Meanwhile you can use https://github.com/paulmillr/noble-post-quantum.

[panva]

I believe @twiss plans to push https://github.com/twiss/webcrypto-modern-algos/ to WICG soon-ish?

[Frosne]

This would probably land in webcrypto in 5 years.

Meanwhile you can use https://github.com/paulmillr/noble-post-quantum.

I heard that people are looking forward to having PQ in WebCrypto, so no, I don't think that it's gonna be in 5 years :)

[paulmillr]

@Frosne start the timer. 1/2 year already passed. 3 years is min range imo