2025-10-07 –, Prague/ Technical Deep Dive & Innovation
The post-quantum cryptography (PQC) transition is more than a drop-in key exchange replacement—it’s a deep transformation in how cryptographic software is designed, built, and integrated. OpenSSL 3.0 introduced the concept of Providers, a flexible plugin architecture that enables new cryptographic algorithms to be implemented outside of the core library. This opens the door for innovation, modularity—and Rust.
In this session, we introduce Aurora, a third-party OpenSSL provider implemented in Rust as part of the EU-funded QUBIP project. Aurora enables transparent PQC adoption for OpenSSL-based applications, including hybrid certificate validation, algorithm agility, and integration with Rust’s cryptographic ecosystem.
We’ll walk through the motivation behind building a provider in Rust, the challenges we faced (e.g., FFI safety, Provider interface complexity), and how Aurora leverages Rust’s guarantees to offer a robust foundation for cryptographic experimentation and deployment.
The session includes a live demo showing how Aurora can inject PQC algorithms into existing OpenSSL workflows without modifying the application code. We’ll also explore tooling such as openssl-provider-forge, our Rust crate that simplifies authoring and testing custom providers.
Whether you’re maintaining a TLS stack, building HSM software, or researching cryptographic agility, this talk will provide hands-on insight into the real-world journey of enabling PQC inside OpenSSL using modern language tools.
OpenSSL 3.x’s Provider API unlocked a new way to extend cryptographic capabilities—but writing a full-featured provider from scratch is daunting, especially in C.
Aurora, developed within the QUBIP project, is a third-party OpenSSL Provider written in Rust, designed to support the ongoing migration to post-quantum cryptography. This talk will take you from first principles to practical deployment: how to define a custom provider, how to expose new algorithms (including PQ/T hybrid constructs), and how we ensure safety and compatibility across OpenSSL versions.
Live demos will show Aurora in action: injecting PQC support into OpenSSL-based applications, working with hybrid certificate chains, and validating against real-world scenarios. We’ll also showcase openssl-provider-forge, our scaffolding and testing toolkit for fast iteration in Rust.
You’ll walk away with an understanding of:
• The Provider architecture in OpenSSL 3.x
• How to build and ship your own Provider
• Real-world lessons from deploying PQC using Aurora
• How Rust improves correctness and safety in cryptographic extensions
This is a hands-on, code-heavy session designed for developers, security engineers, and researchers who want to build or deploy modern cryptographic software.
A Doctoral Researcher at Tampere University (Finland), I contributed to OpenSSL for the first time in 2010, later I had the honor of becoming an OpenSSL Committer and I have been serving in the OpenSSL Technical Committee since 2019. Since the last election, I also serve as representative for Academics in the Business Advisory Committee at the OpenSSL Foundation, and in the newly formed Technical Advisory Committees at OpenSSL Foundation and Corporation.
My research specializes in software and micro architecture side-channel analysis and the integration of modern cryptosystems (lately mainly PQC) in mainstream libraries such as OpenSSL.
I am leading the efforts of Tampere University within the QUBIP Horizon Europe project to integrate PQC into OpenSSL, NSS, and Firefox using loadable modules.