By Dmitry Belyavskiy, Red Hat Principal Software Engineer
The transition to post-quantum cryptography (PQC) has been one of the hottest security topics of the last several years, as expected advancements in quantum computing continue to increase the risk of quantum attacks on classic cryptography. Government and industry are collaborating to help the world prepare for the shift to quantum-resistant cryptographic algorithms capable of protecting their confidentiality in a post-quantum environment. One of many ways Red Hat is participating in this transition is through contributions to the QUBIP project.
What is QUBIP and why is Red Hat involved?
The QUBIP project is a collaboration among business, universities, and NGOs, supported by a research grant from the European Union, that launched in September 2023 with the aim of streamlining the process of the EU’s transition to PQC and creating a replicable transition model to counter the post-quantum threat as soon as possible.
Red Hat had already been working for many years on making its products PQC ready, which made collaboration on the QUBIP project an excellent opportunity to accelerate that process while supporting open source communities in making PQC research solutions more widely available. To that end, Red Hat chose Fedora Linux for experiments leading to introducing PQ algorithms in operating systems. This platform, maintained by the community, is ideal for testing software that could become part of Red Hat Enterprise Linux (RHEL) in a future release cycle. (Learn more about post-quantum cryptography in Red Hat Enterprise Linux 10 in this recent blog post from Clemens Lang of the Red Hat Crypto Team.)
QUBIP focuses on digital systems addressing the five main building blocks that use public-key cryptography for security purposes: hardware, cryptographic libraries, operating systems, communication protocols, and applications. QUBIP addresses all five blocks, coherently solving all dependency issues that may arise within each block and between blocks, with the ultimate goal of validating at Technology Readiness Level (TRL) 6 three systems that use these blocks in specific use cases: IoT-based digital manufacturing, internet browsing, and software network environments for telcos.
QUBIP’s midterm review: integrating post-quantum-capable software components
In December 2024, the QUBIP team held a general assembly in the Red Hat office in Brno, Czechia, to evaluate the state of the project and determine priorities for preparing for the midterm review (MTR). The MTR is an important milestone in the EU grant project lifecycle: at that point, the consortium should be able to demonstrate significant progress in their tasks not only for themselves but also to the EU commission representatives.
The MTR started with a demonstration of the building blocks necessary for a successful PQC transition: a PQ-capable Certificate Authority (CA) suitable for demo purposes; protection of secure/measured boot from the threat of quantum computers; testing the suitability of PQC for working in constrained environments (IoT); providing PQC cryptography to popular protocols (IPSec, TLS, SSH), libraries (NSS, OpenSSL, mbedTLS), browsers (Firefox), and Verifiable Credentials; and integration of PQC into an operating system (Fedora). Many of the components developed or modified for QUBIP are available on QUBIP’s GitHub repository. The PQ container, developed within Red Hat, was especially useful both for experiments done by a wide audience and preparation of server-side parts of QUBIP pilot demos.
The QUBIP consortium completed three successful pilot demonstrations:
- Quantum-secure IoT-based digital manufacturing demonstrated quantum-secure data exchange between different IoT devices in a connected digital manufacturing system.
- Quantum-secure internet browsing provided a secure way to browse the internet by integrating advanced cryptographic methods to protect data and user identities against quantum threats.
- Quantum-secure software network environments for telco operators addressed the transition to PQC of the software environments adopted by telecommunication operators and network providers.
Red Hat has been mostly involved in the browser pilot dedicated to providing PQC to web servers and browsers. Recent versions of the browsers already have some PQ support on board, but the solution created by partners increases the pluggability of the OpenSSL and NSS components necessary for a PQ web. The work done during project development demonstrates that PQC can be implemented in many components in a compatible manner and is suitable for protecting real-life communication in and between distributed sessions.
Red Hat’s post-quantum cryptography work in the QUBIP project
Red Hat took on the challenge of a PQ transition several years ago; however, we were waiting for a project fit for adding to our distributions. The OQS project with liboqs/oqsprovider provided support for all necessary algorithms and had a suitable license, but we had to wait for some level of standardization to happen to consider adding the implementations to Fedora and, later, into RHEL.
As a part of the QUBIP project, we started with building the liboqs project and adding implementation to major crypto libraries we maintain: OpenSSL (via the provider mechanism), NSS (where upstream made their own choice), and GnuTLS (where we were relying on liboqs and then switched to leancrypto). The OQS project demonstrated good maturity and—what was extremely important—very responsive support. We made several contributions to this project to speed up implementation and improve robustness, and we took the opportunity to use various crypto libraries for low-level primitives.
By the time we added OQS components to Fedora, we already had experimental specifications for PQ algorithms in TLS protocol: Kyber for key exchange and Dilithium for digital signatures. The cryptographic community is more interested in quantum-resistant protection for key exchange because it provides protection from the “harvest now-decrypt later” attack scenario, and Kyber provides such protection. With no guarantee that PQ crypto algorithms wouldn’t be broken soon, the consensus was not to use the pure PQ algorithms for key exchange but hybrid algorithms combining PQ and traditional algorithms.
After landing PQ cryptographic algorithms to Fedora, the next step was interoperability testing. We were able to test compatibility against Cloudflare as a server and Google Chrome as a client. After successful testing , we started establishing the test environment. The first attempts required manual configurations of the components to enable PQC, so we chose the web server nginx for the next experiments. All our distributions rely on so-called crypto-policies, or system-wide configuration for secure algorithms. To enable PQC, we needed the dedicated crypto-policy TEST-PQ because of the test status of the algorithms and components.
At the end of 2024, NIST issued final standards of the first PQ algorithms: ML-KEM based on Kyber for key exchange and ML-DSA instead of Dilithium for digital signatures. All major players soon implemented the new versions, and we did too. We then started to combine all the components to make a toolbox for experiments with a lower entrance barrier. This is our pq-container setting PQ crypto-policy and running nginx. It provided easy server-side setup. By that time, our QUBIP peers had implemented their components to assemble the whole system, demonstrating a PQ-ready web. They used the Firefox browser and implemented several plugins, including a drop-in replacement for the low-level NSS crypto implementation with PQ algorithms implementation.
One final component necessary for work in the modern world is Verifiable Credentials. Verifiable Credentials (VCs) are designed to represent information that is normally stored in physical objects such as documents (e.g., passports and driver’s licences). Cryptography makes them tamper-resistant, privacy-respecting, and machine-verifiable in a decentralized way. Typically, all these features are implemented using classical cryptography and so are quantum-vulnerable. For the QUBIP project, we used a new implementation relying on ML-DSA to address this. At the QUBIP MTR, the team successfully demonstrated all these components—server implementation based on pq-container, modified Firefox version, and VC plugin to Firefox. An updated version of the MTR demo will be presented at DevConf.CZ.
The QUBIP project will conclude in September 2026, and we are going to accomplish our obligations and finalize our deliverables by that time. Updates are published at the project site qubip.eu on a regular basis and also on the project page on LinkedIn.
The QUBIP project is funded by the European Union under Grant Agreement No. 101119746. Views and opinions expressed are, however, those of the author(s) only and do not necessarily reflect those of the European Union or European Research Executive Agency. Neither the European Union nor the granting authority can be held responsible for them.
