ML-KEM + X-Wing Patches Posted For Linux To Help With Post-Quantum Security
([Linux Security] 3 Hours Ago
ML-KEM + X-Wing)
- Reference: 0001635895
- News link: https://www.phoronix.com/news/Linux-PoC-ML-KEM-X-Wing
- Source link:
Linux cryptography expert [1]Eric Biggers of Google posted a set of patches on Monday for providing proof-of-concept support for ML-KEM and X-Wing for post-quantum cryptography.
Patches cover ML-KEM for Module-Lattice-Based Key-Encapsulation Mechanism as a quantum-resistant cryptographic standard. Plus there is also X-Wing as a hybrid key-encapsulation mechanism based on X25519 and ML-KEM-768. This is part of getting the Linux kernel's security ready for an era of quantum computing in needing to strengthen cryptographic standards.
While posted as a proof-of-concept, Eric Biggers isn't planning on upstreaming the kernel patches until there are in-kernel users ready to go with this new functionality. Bigger explained in Monday's patch series:
"It is a proof-of-concept that won't be merged until there is an in-kernel user. Multiple people have been asking about this though, so I wanted to get ahead of the curve and provide something that people can experiment with if needed.
This series adds support for "post-quantum" (i.e. quantum-resistant) key encapsulation to the kernel's crypto library. Specifically this includes ML-KEM-768 and ML-KEM-1024, and the X-Wing hybrid KEM built on top of it. The ML-KEM functions are put in the CRYPTO_INTERNAL namespace, as they will be used only as a component of hybrid KEMs.
It's likely this will eventually be useful for at least one of the in-kernel users of classical key agreement schemes (currently NVMe authentication, Bluetooth, and WireGuard). However, the details of the upgrade to "post-quantum" will be up to the protocol authors in each case. I suggest that X-Wing be chosen when possible."
Those interested can see [2]this patch series for this initial ML-KEM-768 / ML-KEM-1024 and X-Wing work for the Linux kernel.
[1] https://www.phoronix.com/search/Eric+Biggers
[2] https://lore.kernel.org/lkml/20260525184403.101818-1-ebiggers@kernel.org/
Patches cover ML-KEM for Module-Lattice-Based Key-Encapsulation Mechanism as a quantum-resistant cryptographic standard. Plus there is also X-Wing as a hybrid key-encapsulation mechanism based on X25519 and ML-KEM-768. This is part of getting the Linux kernel's security ready for an era of quantum computing in needing to strengthen cryptographic standards.
While posted as a proof-of-concept, Eric Biggers isn't planning on upstreaming the kernel patches until there are in-kernel users ready to go with this new functionality. Bigger explained in Monday's patch series:
"It is a proof-of-concept that won't be merged until there is an in-kernel user. Multiple people have been asking about this though, so I wanted to get ahead of the curve and provide something that people can experiment with if needed.
This series adds support for "post-quantum" (i.e. quantum-resistant) key encapsulation to the kernel's crypto library. Specifically this includes ML-KEM-768 and ML-KEM-1024, and the X-Wing hybrid KEM built on top of it. The ML-KEM functions are put in the CRYPTO_INTERNAL namespace, as they will be used only as a component of hybrid KEMs.
It's likely this will eventually be useful for at least one of the in-kernel users of classical key agreement schemes (currently NVMe authentication, Bluetooth, and WireGuard). However, the details of the upgrade to "post-quantum" will be up to the protocol authors in each case. I suggest that X-Wing be chosen when possible."
Those interested can see [2]this patch series for this initial ML-KEM-768 / ML-KEM-1024 and X-Wing work for the Linux kernel.
[1] https://www.phoronix.com/search/Eric+Biggers
[2] https://lore.kernel.org/lkml/20260525184403.101818-1-ebiggers@kernel.org/