Skip to content

Replace Kyber 512 with ML-KEM 768. #792

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
SparkiDev merged 2 commits into from
Mar 27, 2025
Merged

Replace Kyber 512 with ML-KEM 768. #792

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
0183905
Replace Kyber 512 with ML-KEM 768.
anhu Mar 21, 2025
175bbc1
Doc edit.
anhu Mar 22, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 5 additions & 5 deletions .github/workflows/kyber.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
name: Kyber Tests
name: ML-KEM Tests

on:
push:
Expand All @@ -22,7 +22,7 @@ jobs:
id: cache-liboqs
with:
path: build-dir/
key: wolfssh-kyber-liboqs-${{ env.LIBOQS_REF }}-${{ env.OS_REF }}
key: wolfssh-mlkem-liboqs-${{ env.LIBOQS_REF }}-${{ env.OS_REF }}
lookup-only: true

- name: Checkout liboqs
Expand Down Expand Up @@ -53,7 +53,7 @@ jobs:
id: cache-wolfssl
with:
path: build-dir/
key: wolfssh-kyber-wolfssl-${{ env.WOLFSSL_REF }}-${{ env.OS_REF }}
key: wolfssh-mlkem-wolfssl-${{ env.WOLFSSL_REF }}-${{ env.OS_REF }}
lookup-only: true

- name: Checkout, build, and install wolfssl
Expand All @@ -77,14 +77,14 @@ jobs:
uses: actions/cache@v4
with:
path: build-dir/
key: wolfssh-kyber-liboqs-${{ env.LIBOQS_REF }}-${{ env.OS_REF }}
key: wolfssh-mlkem-liboqs-${{ env.LIBOQS_REF }}-${{ env.OS_REF }}
fail-on-cache-miss: true

- name: Checking cache for wolfssl
uses: actions/cache@v4
with:
path: build-dir/
key: wolfssh-kyber-wolfssl-${{ env.WOLFSSL_REF }}-${{ env.OS_REF }}
key: wolfssh-mlkem-wolfssl-${{ env.WOLFSSL_REF }}-${{ env.OS_REF }}
fail-on-cache-miss: true

- name: Checkout, build, and test wolfssh
Expand Down
12 changes: 6 additions & 6 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -450,21 +450,21 @@ The wolfSSH client and server will automatically negotiate using Curve25519.
POST-QUANTUM
============

wolfSSH now supports the post-quantum algorithm ML-KEM (also known as Kyber).
It uses the KYBER512 parameter set and is hybridized with ECDHE over the P-256
ECC curve.
wolfSSH now supports the post-quantum algorithm ML-KEM (formerly known as
Kyber). It uses the ML-KEM-768 parameter set and is hybridized with ECDHE over
the P-256 ECC curve.

In order to use this key exchange you must build and install wolfSSL on your
system. Here is an example of an effective configuration:

$ ./configure --enable-wolfssh --enable-experimental --enable-kyber
$ ./configure --enable-wolfssh --enable-mlkem

After that, simply configure and build wolfssh as usual:

$ ./configure
$ make all

The wolfSSH client and server will automatically negotiate using KYBER512
The wolfSSH client and server will automatically negotiate using ML-KEM-768
hybridized with ECDHE over the P-256 ECC curve.

$ ./examples/echoserver/echoserver -f
Expand All @@ -487,7 +487,7 @@ The following is sufficient for build and execution:
$ cd openssh-OQS-OpenSSH-snapshot-2021-08/
$ ./configure --with-liboqs-dir=/usr/local
$ make all
$ ./ssh -o"KexAlgorithms=ecdh-nistp256-kyber-512r3-sha256[email protected]" \
$ ./ssh -o"KexAlgorithms=mlkem768nistp256-sha256" \
-o"PubkeyAcceptedAlgorithms +ssh-rsa" \
-o"HostkeyAlgorithms +ssh-rsa" \
jill@localhost -p 22222
Expand Down
Loading