2025-10-09 –, Belvedere I/ Security, Compliance & the Law
What's the relationship status between open source projects and Post-Quantum Cryptography? It's complicated—but let me explain.
As Post Quantum Cryptography Alliance(PQCA)'s Vice Chair(TAC), OpenSSL TAC representative and founding member of NgKore, I'll give you the insider's guide to the entire PQC open source ecosystem. We'll explore how different open source projects & communities such as Linux Foundation's Post-Quantum Cryptography Alliance(PQCA) are developing PQC algorithms, CBOM(Cryptography Bill of Materials) and how they are handling PQC integration across different protocols & architectures. Some approaches are brilliant, others are... let's call them "creative".
You'll discover which projects depend on OpenSSL for their PQC journey versus those building their own solutions, how community strategies differ from PQCA initiatives to Linux distributions, and what industry organizations are actually doing (spoiler: it varies wildly). I will also examine how these implementations align with NIST standards and IETF drafts—or spectacularly don't.
By the end, you'll have a comprehensive map of PQC advancements across the open source landscape & Post Quantum Cryptography Alliance and practical insights for your own migration planning. Plus, you'll understand why the beautiful chaos of cryptographic migration is both terrifying and hilarious.
Ever tried explaining to someone how the entire post-quantum cryptography ecosystem works? It's like describing a family reunion where everyone's related but nobody agrees on anything. Lucky for you, I've been watching this family drama unfold from the inside.
As someone deeply involved in several open source communities like PQCA, OpenSSL, PKI Consortium, NgKore etc, I get to see how different projects are actually handling their PQC transitions. Some are diving in headfirst, others are cautiously testing the waters, and a few are still pretending quantum computers are just a rumor.
We'll walk through how various open source projects and communities like PQCA developed PQC algorithms, their CBOM toolkit and how they are implementing PQC across different protocols. We'll look at who's building on OpenSSL versus who's going their own way, and why those decisions matter.
You'll hear real stories from PQCA working groups, Linux distro maintainers, and projects like NgKore about their PQC journeys. I'll also share what industry organizations are actually doing (hint: it's messier than the marketing materials suggest) and how well everyone's playing along with NIST standards and IETF specs.
The reality check: This isn't just theory - I'll show you practical examples of what works, what doesn't, and what makes you wonder "who thought this was a good idea?" By the end, you'll understand the PQC landscape well enough to make smart decisions for your own projects, plus you'll have some good stories for your next conference dinner.
Aditya Koranga is the Vice Chair of Post Quantum Cryptography Alliance (PQCA)'s TAC under Linux Foundation and represents Small Businesses and Individuals on the Technical Advisory Committee at OpenSSL Foundation and Corporation. With extensive experience as a Chief Security Architect, he has built enterprise-ready quantum-safe solutions and guided organizations through complex cryptographic transitions.
Aditya is the founder of NgKore, a non-profit open source community focused on advancing Post-Quantum Cryptography, Quantum Computing, 6G, and Non-Terrestrial Networks. His unique position across multiple industries and communities gives him comprehensive insight into both the technical challenges and community dynamics driving the post-quantum migration.