2025-10-09 –, Prague/ Technical Deep Dive & Innovation
The rapid advancements in quantum computing pose an existential threat to widely adopted classical cryptographic algorithms such as RSA and ECC. While a large-scale quantum computer has not yet materialized, the security of today's encrypted communications is already at risk due to the "harvest now, decrypt later" paradigm: adversaries can collect encrypted data now and decrypt it once quantum capabilities emerge.
To mitigate this looming threat, the cryptographic community has been actively developing and standardizing post-quantum cryptographic (PQC) algorithms. Among the most prominent are Kyber (for key encapsulation) and Dilithium (for digital signatures), both selected by NIST as part of its PQC standardization process.
This talk will explore the integration of PQC using the OpenSSL ecosystem, highlighting current support, best practices, and common pitfalls. We will walk through how to use Kyber (ML-KEM) and Dilithium (ML-DSA) in OpenSSL 3.5 and discuss implications for key exchange, TLS, and digital signatures.
Finally, we’ll present Qgram, a secure messaging system developed to showcase real-world usage of post-quantum cryptography. Qgram leverages Kyber and Dilithium to deliver end-to-end encrypted communication resilient to quantum attacks, demonstrating the feasibility and performance of PQC in latency-sensitive applications.
Key takeaways:
- Why RSA and ECC are vulnerable in a quantum world
- Understanding the harvest-now-decrypt-later risk
- How to use OpenSSL with Kyber and Dilithium today
- Lessons learned from integrating PQC into a production-grade messaging system
The security of today’s public-key infrastructure relies fundamentally on problems that are hard for classical computers—like integer factorization (RSA) and discrete logarithms (ECC). However, these assumptions collapse in the presence of a large-scale quantum computer, which can solve both problems in polynomial time using Shor’s algorithm. Although such a machine may still be years away, adversaries can already harvest encrypted data today and decrypt it in the future once quantum computing becomes practical. This creates an urgent need to adopt quantum-resistant cryptographic algorithms.
In response, the cryptographic community has developed a new generation of algorithms under the umbrella of Post-Quantum Cryptography (PQC). In particular, Kyber, a lattice-based Key Encapsulation Mechanism (KEM), and Dilithium, a lattice-based digital signature scheme (DSA), have been selected by NIST for standardization. These algorithms are designed to resist attacks from both classical and quantum computers.
This talk will guide participants through:
- The practical implications of quantum threats to RSA and ECC.
- The concept and risks of the “harvest now, decrypt later” approach.
- How to integrate PQC algorithms with the OpenSSL framework.
- Examples of using Kyber and Dilithium with OpenSSL for TLS, secure communication, and digital signatures.
In the final part of the talk, I will present Qgram, a secure messaging application developed as a proof of concept for real-world PQC integration. Qgram offers end-to-end encryption using Kyber and Dilithium for both message transport and identity verification. I will share practical challenges encountered in the implementation, performance benchmarks, and architectural choices made to balance security, usability, and quantum-resistance.
The session will be highly technical and include live examples, source code references, and lessons learned from deploying PQC in production environments.
Ugo Chirico is a cybersecurity expert and entrepreneur with over 20 years of experience in cryptographic systems, secure middleware, and identity verification technologies. He is the founder and CEO of Cyberneid, a leading company in digital identity and smart card integration, and Quantum2Pi, a startup focused on post-quantum and quantum cryptography.
Ugo has developed critical software infrastructure used by national electronic ID systems and has deep expertise in smart cards, middlewares, PKI, FIDO, and OpenSSL-based implementations. He has recently focused on quantum-safe technologies, including the integration of Kyber and Dilithium within OpenSSL.
As the architect behind Qgram, an end-to-end encrypted messaging system using post-quantum cryptography, Ugo brings real-world experience in deploying PQC in production environments.
He is a frequent speaker at cybersecurity and cryptography events, and actively contributes to European initiatives for PQC standardization and migration.