Quantum-Safe OpenSSH

MSR Security and Cryptography

Quantum-Safe OpenSSH

MSR Security and Cryptography

Adds experimental post-quantum cryptography to OpenSSH using the liboqs library

This virtual machine contains a fork of OpenSSH 7.9 that adds experimental quantum-resistant key exchange and digital signature algorithms using liboqs for prototyping purposes.
Users can logon and manage their VMs over a quantum-safe ssh connection (when also using the Quantum-safe OpenSSH client).

Included in this image:

  • Quantum-safe OpenSSH pre-installed.
  • liboqs and OpenSSH-portable source code.
  • Build and debug configuration for remote development with Visual Studio Code.

liboqs is an open source C library for quantum-resistant cryptographic algorithms. See here for more information.

OpenSSH is an open-source implementation of the Secure Shell protocol. View the original README.

Supported Algorithms

Details on each supported algorithm can be found in the liboqs docs/algorithms folder.

These supported algorithms are a subset of the round 2 candidates of the NIST standardization competition, as provided by the Open Quantum Safe library. This list will change following upcoming OQS updates.

Key Exchange

  • BIKE
  • Classic McEliece
  • FrodoKEM
  • HQC
  • Kyber
  • NewHope
  • NTRU
  • SIKE
  • ThreeBears

Digital Signature

  • Dilithium
  • Falcon
  • Picnic
  • qTesla
  • Rainbow

Limitations and Security

This version of OpenSSH is intended for research, prototyping, and experimentation purposes only. It is not recommended for use in production or business environments and/or to protect sensitive data.

See the Limitations and Security section of the Open-Quantum-Safe liboqs project for additional information regarding use of the liboqs library