Ugo Chirico
Ugo Chirico is a cybersecurity expert and entrepreneur with over 20 years of experience in cryptographic systems, secure middleware, and identity verification technologies. He is the founder and CEO of Cyberneid, a leading company in digital identity and smart card integration, and Quantum2Pi, a startup focused on post-quantum and quantum cryptography.
Ugo has developed critical software infrastructure used by national electronic ID systems and has deep expertise in smart cards, middlewares, PKI, FIDO, and OpenSSL-based implementations. He has recently focused on quantum-safe technologies, including the integration of Kyber and Dilithium within OpenSSL.
As the architect behind Qgram, an end-to-end encrypted messaging system using post-quantum cryptography, Ugo brings real-world experience in deploying PQC in production environments.
He is a frequent speaker at cybersecurity and cryptography events, and actively contributes to European initiatives for PQC standardization and migration.
Session
The rapid advancements in quantum computing pose an existential threat to widely adopted classical cryptographic algorithms such as RSA and ECC. While a large-scale quantum computer has not yet materialized, the security of today's encrypted communications is already at risk due to the "harvest now, decrypt later" paradigm: adversaries can collect encrypted data now and decrypt it once quantum capabilities emerge.
To mitigate this looming threat, the cryptographic community has been actively developing and standardizing post-quantum cryptographic (PQC) algorithms. Among the most prominent are Kyber (for key encapsulation) and Dilithium (for digital signatures), both selected by NIST as part of its PQC standardization process.
This talk will explore the integration of PQC using the OpenSSL ecosystem, highlighting current support, best practices, and common pitfalls. We will walk through how to use Kyber (ML-KEM) and Dilithium (ML-DSA) in OpenSSL 3.5 and discuss implications for key exchange, TLS, and digital signatures.
Finally, we’ll present Qgram, a secure messaging system developed to showcase real-world usage of post-quantum cryptography. Qgram leverages Kyber and Dilithium to deliver end-to-end encrypted communication resilient to quantum attacks, demonstrating the feasibility and performance of PQC in latency-sensitive applications.
Key takeaways:
- Why RSA and ECC are vulnerable in a quantum world
- Understanding the harvest-now-decrypt-later risk
- How to use OpenSSL with Kyber and Dilithium today
- Lessons learned from integrating PQC into a production-grade messaging system