2025-10-08 –, Belvedere I/ Security, Compliance & the Law
In this talk we will provide an overview of the challenges related to Post-Quantum cryptography and its migration from vulnerable cryptographic primitives. The objective of the talk will be to, at the same time, help raise and calm the panic about Post-Quantum Cryptography, and the critical role OpenSSL will play in ensuring proper development, use and widespread adoption of this new cryptographic schemes, associated to the release of the 3.5.0 version
It is important to help convey the urgency of this type of cryptography. Post-Quantum Cryptography transition is one the biggest and more difficult migrations ever to be carried out, hence the term "raise the panic". This is, among other factors, due to the following challenges:
1) Number of deployed primitives that are affected, and their widespread adoption.
2) The need of a deep (technical) knowledge of deployed cryptography within your infrastructure.
3) The differences, in terms of paradigms, of some of the solutions adopted.
4) Generalized increase in cryptographic sizes and performance of the new algorithms.
5) Amount of research that was needed and continues to be needed.
6) Uncertainty regarding the scope and limits of quantum computing.
7) Challenges of secure implementation, increased difficulty of the implementation details of the schemes.
At the same time, it is important to acknowledge the work that it has been done, hence the "calm the panic" term. The realization of a need to derive Post-quantum cryptography was caught "early". A growing individuals and companies have already started to undergo this challenge, despite the "early stages". A lot of collective effort has been put towards it, and therefore much knowledge has been gained for it (for basic paradigms, at least). This effort has yielded a number of schemes that are already present, implemented, deployed and available.
As can be seen above, some of the main challenges regarding PQC adoption come from the need of secure implementation, availability and a way to easily introduce into deployed ecosystems. The inclusion of PQC schemes within OpenSSL libraries does precisely that, allowing end users to get used to, experiment and analyze how this new type of cryptography will impact their solutions. Early adoption and proper realization of the changes needed are essential towards a future quantum secure environment. And it is important that security providers are the first to jump on that front. Therefore, OpenSSL will be (already is) a critical player in the adoption of this new type of cryptography.
Rodrigo Martín Sánchez-Ledesma is a Senior R&D Cryptography Engineer at Indra Sistemas de Comunicaciones Seguras, with experience both in pre-quantum and Post-Quantum Cryptography, his area of expertise. He is also an Industrial PhD candidate, focused on the algebraic aspects of PQC, specifically Algebraic Number Theory and Lattice-based cryptography.
His work experience is focused around the research, development and secure deployment of pre-quantum and post-quantum cryptography in real applications and protocols, mainly regarding secure communications.