The need for cryptography that can withstand quantum attacks has never been greater as quantum computing develops. In response, most companies started a race to implement post-quantum cryptographic methods on their products. But now, the OpenSSL Project is taking bold steps to prepare for a quantum-safe future. With the release of OpenSSL 3.5, organizations can deploy post-quantum encryption (PQC) methods that even the largest corporations struggle to deploy. This means PQC is now accessible to everyone.
The Quantum Threat and why everyone needs PQC
Quantum computers promise to revolutionize many fields, but they also pose a serious risk to traditional encryption methods. Algorithms that underpin today’s secure communications—such as RSA and ECC—could become vulnerable in a post-quantum world. Recognizing this challenge, researchers and industry experts have been working on PQC algorithms that are believed to resist attacks by quantum computers.
The race to secure encryption again for post-quantum cryptography began in 2016 when NIST opened a request for requirements and comments. From there, it evolved to a request for proposed algorithms. But it was not until August 2024 when 3 of such algorithms were selected and approved as the new federal standard for Post Quantum Cryptography.
Accessible PQC Algorithms in OpenSSL 3.5
The upcoming OpenSSL 3.5 release marks a significant milestone in the transition toward quantum-safe security. Less than a year after the three final post quantum encryption algorithms where posted by NIST openSSL is releasing an implementation of them in the latest LTS version of the library.
- ML-KEM (Module Lattice-Based Key Encapsulation Mechanism – FIPS 203):
ML-KEM is designed as a post-quantum standard for key exchange. By encapsulating symmetric keys securely, ML-KEM sets the stage for replacing conventional key exchange methods. - ML-DSA (Module Lattice-Based Digital Signature Algorithm – FIPS 204):
Utilizing the Dilithium signature method, ML-DSA provides a robust PQC solution for digital signatures. - SLH-DSA (Stateless Hash-Based Digital Signature Algorithm – FIPS 205):
As an alternative for digital signatures, SLH-DSA leverages the SPHINCS+ signature method. This stateless approach is designed to serve as a backup if vulnerabilities are discovered in other PQC algorithms, ensuring that secure signatures remain viable.
Key Milestones and Future Outlook
On March 12, 2025, the pre-release of OpenSSL 3.5 Alpha1 was launched, featuring the integration of these three post-quantum algorithms. This early release allows developers and security professionals to test and provide feedback as OpenSSL moves closer to its final release. The main release—OpenSSL 3.5 LTS—is scheduled for deployment in April 2025 and will serve as the next long-term stable version, supported until 2030.
Moreover, including these PQC algorithms aligns with OpenSSL’s commitment to FIPS 140-3 validation. With ML-KEM, ML-DSA, and SLH-DSA designed to meet stringent security standards, organizations can confidently start transitioning their systems to quantum-safe encryption.
If you want to check if you site has some post quantum algorithm enabled or not you can use the following page developed by accenture: https://isitquantumsafe.info/.
Conclusion
Quantum computing may be on the horizon, but OpenSSL 3.5 ensures that security measures are evolving. By incorporating state-of-the-art post-quantum algorithms, OpenSSL addresses imminent cybersecurity challenges and lays the foundation for a quantum-safe future. As industries worldwide prepare for this transition, now is the time to explore and test these emerging technologies—because the future of secure communication is already here. Post Quantum encryption(PQC) has been a topic of conversation, and now PQC is accessible to everyone.
Source: https://openssl-library.org