This session gives attendees a ground-up understanding of post-quantum cryptography and shows how it applies to real-world TLS. We start with the essentials: why classical public-key cryptography breaks under quantum attack, what NIST's post-quantum standardization process produced (ML-KEM, ML-DSA, SLH-DSA), and how hybrid key exchange lets you transition incrementally without abandoning classical security.
We then walk through how the Open Quantum Safe project's oqs-provider plugin for OpenSSL 3 brings post-quantum algorithms into a standard TLS stack. The session covers:
- Installing and configuring oqs-provider against a standard OpenSSL 3 installation
- Generating post-quantum and hybrid X.509 certificates using ML-KEM and ML-DSA
- Standing up a TLS 1.3 server and connecting with a PQ-enabled openssl s_client
- Inspecting negotiated ciphersuites and key exchange algorithms in live TLS handshakes
- Comparing classical vs. hybrid vs. pure PQ handshake performance and the tradeoffs involved
- Exploring the algorithm catalogue - KEMs, signature schemes, and their NIST standardization status
No prior post-quantum knowledge is assumed. Attendees should be comfortable with the Linux CLI and have a basic understanding of TLS.
