2025-10-09 –, Prague/ Technical Deep Dive & Innovation
With the finalization of the initial three NIST standards for PQC, together with supporting standards from the IETF and X9, it has become possible to produce holistic implementations supporting the new PQC algorithms in Bouncy Castle APIs. Holistic in this case, means that in addition to supporting the algorithms themselves, it is now possible to meet the other requirements, such as support in CMS/SMIME, Time Stamping, or PGP protocol. Things which are really what make an algorithm "useful" as they do not require developers to work directly with the algorithms themselves and implicitly allow for a level of agility in code design. Of course the consideration of things like Time Stamping, immediately calls to question what do we do with the Time Stamps that we have? It turns out there are also, already, standards for supporting that use case as well. This talk will look at how the BC APIs have adapted to the new PQC algorithms, what we have done to improve "usefulness" while still allowing for, we hope, peaceful migration from the past, and what performance issues we have seen around this migration so far as well as what we have tried to do in order to help our user community take some of these things into account.
With the finalization of the initial three NIST standards for PQC, together with supporting standards from the IETF and X9, it has become possible to produce holistic implementations supporting the new PQC algorithms in Bouncy Castle APIs. Holistic in this case, means that in addition to supporting the algorithms themselves, it is now possible to meet the other requirements, such as support in CMS/SMIME, Time Stamping, or PGP protocol. Things which are really what make an algorithm "useful" as they do not require developers to work directly with the algorithms themselves and implicitly allow for a level of agility in code design. Of course the consideration of things like Time Stamping, immediately calls to question what do we do with the Time Stamps that we have? It turns out there are also, already, standards for supporting that use case as well. This talk will look at how the BC APIs have adapted to the new PQC algorithms, what we have done to improve "usefulness" while still allowing for, we hope, peaceful migration from the past, and what performance issues we have seen around this migration so far as well as what we have tried to do in order to help our user community take some of these things into account.
David has been working on Cryptography APIs and secure protocols since the mid-1990s and in IT and open-source since the mid-1980s. He is a founder and still active committer of the Legion of the Bouncy Castle Cryptography project which began in the year 2000 and provides APIs in Java, C#, and Kotlin. David founded Crypto Workshop, now part of Keyfactor, in 2012 in order to better support the Bouncy Castle APIs and its user community. Shortly after, he led the work on the FIPS certification of the Bouncy Castle APIs, resulting in their first certifications in 2016. His deep interest is in providing tools to simplify the development of solutions that make use of cryptography and secure protocols, with an emphasis on standards-based approaches. He is based in Melbourne, Australia. David is also the author of two books: “Java Cryptography: Tools and Techniques” and “Beginning Cryptography with Java.”