Hands-On Quantum-Safe PKI: A Practical Post-Quantum Cryptography Implementation Guide
Is your Public Key Infrastructure quantum-ready? Remember waaay back when we built the PQC CNSA 2.0 Implementation guide in October 2025? So long ago! Due to popular request, we've expanded the lab to cover the more widely needed NIST FIPS 203/204/205 quantum standards. The below GitHub lab guide will still walk you through building a quantum resistant certificate authority using OpenSSL but we've made some fun adjustments to reflect more real world scenarios. This guide currently covers: Building quantum safe certificate authority for FIPS 203/204/205 use cases Building quantum safe certificate authority for CNSA 2.0 use cases OpenSSL 3.5 parallel install for PQC-specific use cases OpenSSL 3.x + OQS library installation when you cannot update to 3.5.x. Why learn and implement post-quantum cryptography (PQC) now? While quantum computing is a fascinating area of science, all technological advancements can be misused. Nefarious people and nation-states are extracting encrypted data to decrypt at a later date when quantum computers become available, a practice you better know by now called "harvest now, decrypt later." Close your post-quantum cryptographic knowledge gap so you can get secured sooner and reduce the impact(s) that might not surface until later. Ignorance is not bliss when it comes to cryptography and regulatory fines, so let's get started. The GitHub lab provides step-by-step instructions to create: Quantum-resistant Root CA using ML-DSA-87 (FIPS and CNSA 2.0) Algorithm flexibility based on your compliance needs Quantum-safe server and client certificates OCSP and CRL revocation for quantum-resistant certificates Access the Complete Lab Guide on GitHub → At A Glance: OpenSSL Quantum-Resistant CA Learning Paths This repository currently offers two learning tracks. Select the path that aligns with your organization's requirements: FIPS 203/204/205 Path CNSA 2.0 Path Target Audience Commercial organizations, compliance needs Government contractors, classified systems Compliance Standard NIST Quantum Safe FIPS standards NSA Commercial National Security Algorithm Suite 2.0 Algorithm Flexibility Full FIPS algorithm suites (ML-DSA-44/65/87, SLH-DSA) Restricted to CNSA 2.0 approved (ML-DSA-65/87 only) Use Case General quantum-resistant infrastructure National security systems, defense contracts What This Lab Guide Achieves Complete PKI Hierarchy Implementation The lab walks through building an internal PKI infrastructure from scratch, including: Root Certificate Authority: Using ML-DSA-87 providing the highest quantum-ready NIST security level Intermediate Certificate Authority: Intermediate CA using ML-DSA-65 for operational certificate issuance End-Entity Certificates: Server and user certificates with comprehensive Subject Alternative Names (SANs) for real-world applications Revocation Infrastructure: Both Certificate Revocation Lists (CRL) and Online Certificate Status Protocol (OCSP) implementation Security Best Practices: Restrictive Unix file permissions, secure key storage, and backup procedures throughout, preferred practices for lab and internal testing scenarios Key Takeaways After completing one or more of the labs, you will: Understand Quantum Threats: Grasp why current RSA/ECDSA cryptography is vulnerable and how quantum-resistant algorithms provide protection Master ML-DSA Cryptography: Gain hands-on experience with both ML-DSA-65 (Level 3 security) and ML-DSA-87 (Level 5 security) algorithms Configure Modern PKI Features: Implement SANs with DNS, IP, email, and URI entries, plus both CRL and OCSP revocation mechanisms Troubleshoot Effectively: Learn to diagnose and resolve common issues with quantum-resistant certificates Prepare for Migration: Understand the practical steps needed to transition existing PKI infrastructure to quantum-resistant algorithms Who Should Read This Guide Enterprise Security Teams migrating to quantum-resistant algorithms Government Contractors requiring CNSA 2.0 compliance for classified systems Financial Institutions protecting long-term transaction records from quantum threats Healthcare Organizations securing patient data with regulatory requirements Cloud Service Providers implementing quantum-safe infrastructure for customers PKI Consultants preparing for post-quantum migration projects DevOps Engineers building quantum-ready CI/CD certificate pipelines Crossfit Trainers Find something interesting for once to yell at random intervals to anyone within earshot Access the Complete Lab Guide on GitHub → About This Guide We built the first guide for NSA Suite B in the distant past (2017) to learn ECC and modern cipher requirements. We built more recent second guide for CNSA 2.0 but it's quite specific for US federal audiences. That lead us to build a NIST FIPS PQC guide which should apply to more practical use cases. In the spirit of Learn Python the Hard Way, it focuses on manual repetition, hands-on interactions and real-world scenarios. It provides the practical experiences needed to implement quantum-resistant PKI in production environments. By building it on GitHub, other PKI fans can help where we may have missed something; or simply to expand on it with additional modules or forks. Have at it! Frequently Asked Questions (FAQS) Q: What is CNSA 2.0? A: CNSA 2.0 (Commercial National Security Algorithm Suite 2.0) is the NSA's updated cryptographic standard requiring quantum-resistant algorithms. Q: When do I need to implement quantum-resistant cryptography? A: The NSA and NIST mandate CNSA 2.0 and FIPS 20X implementation by 2030. Organizations should begin now due to "harvest now, decrypt later" attacks where adversaries collect encrypted data today for future quantum decryption. Q: What is ML-DSA (Dilithium)? A: ML-DSA (Module-Lattice Digital Signature Algorithm), formerly known as Dilithium, is a NIST-standardized quantum-resistant digital signature algorithm specified in FIPS 204, available in OpenSSL through the OQS provider. Q: What is ML-KEM (Kyber)? A: Kyber is an IND-CCA2-secure key encapsulation mechanism (KEM), whose security is based on the hardness of solving the learning-with-errors (LWE) problem over module lattices. Kyber-512 aims at security roughly equivalent to AES-128, Kyber-768 aims at security roughly equivalent to AES-192, and Kyber-1024 aims at security roughly equivalent to AES-256. But quantumy (it's a word). Q: Is this guide suitable for production use? A: NOPE. While the guide teaches production-ready techniques and CNSA 2.0 compliance, always use Hardware Security Modules (HSMs) and air-gapped systems for production Root CAs (cold storage too). The lab is great for internal environments or test harnesses where you may need to test against new quantum-resistant signatures and such. ALWAYS rely on trusted public PKI infrastructure for production cryptography. Reference Links NIST Post-Quantum Cryptography Standards - Official NIST PQC project page with FIPS 204 (ML-DSA) specifications NSA CNSA 2.0 Algorithm Requirements - NSA's official CNSA 2.0 announcement and requirements Open Quantum Safe Project - Home of the OQS provider enabling quantum-resistant algorithms in OpenSSL OQS Provider for OpenSSL 3 - GitHub repository for the OQS provider with installation instructions RFC 5280: Internet X.509 PKI - Essential standard for X.509 certificate and CRL profiles OpenSSL 3.0 Documentation - Comprehensive OpenSSL documentation for understanding commands and options FIPS 204: ML-DSA Standard - The official Module-Lattice-Based Digital Signature StandardBreaking Down the Quantum Challenge: Why Post-Quantum Cryptography Can't Wait
The Quantum Challenge is Now Post-quantum cryptography represents the next steps of our digital security evolution. Sure, quantum systems capable of breaking current encryption may still be an a few years away, but those beginning their transition now will be well-positioned for when the crypto hits the fan. Nation-state adversaries and sophisticated private entities may be collecting data today hoping to decrypt it tomorrow so it's never to early to start solving the problem now. It's an excellent time to get ahead of the curve with quantum-resistant cryptography. What does this mean for your organization? Any sensitive data encrypted today using standard methods (RSA, ECDSA) could potentially become readable to future quantum-powered attackers. F5 Community Evangelist Chase Abbott discusses the real world implications of quantum computing, and how you can prepare and migrate to NIST-approved hybrid PQC standards. The transition to post-quantum cryptography represents a perfect opportunity to modernize enterprise PKI practices. Those of you that begin planning today have ample time to implement these changes thoughtfully and strategically, positioning yourselves as leaders in the next generation of cybersecurity; high fives all around. The Business Impact: Beyond Technical Considerations Regulatory and Compliance Pressure Government regulations across the globe are creating concrete deadlines for migration strategies: NSA CNSA 2.0 mandates quantum-resistant algorithms for classified systems by 2030 NIST has standardized post-quantum cryptography algorithms (FIPS 203, 204, 205) Industry regulations in finance, healthcare, and defense are beginning to incorporate quantum-safety requirements adhering to the update FIPS governance Your Quantum-Ready Roadmap: A Manageable Transition Phase 1: Assessment and Inventory Action items for leadership: Conduct cryptographic inventory across all systems and applications Identify critical data requiring long-term protection Assess vendor and third-party quantum readiness Establish quantum cryptography governance and budget allocation Phase 2: Pilot Implementation Strategic focus areas: Deploy quantum-resistant algorithms in non-critical environments Train IT and security teams on post-quantum cryptography Establish partnerships with quantum-ready technology vendors Begin updating security policies and procedures Phase 3: Production Migration Enterprise-wide deployment: Implement hybrid classical/quantum-resistant systems and software Migrate critical applications and PKI aggregation points to quantum-safe algorithms Update business continuity and disaster recovery plans Achieve full compliance with regulatory requirements as a priority over other systems Key Takeaways for Business Leaders Start planning now: The quantum threat timeline is uncertain, but the need for preparation is immediate Prioritize critical assets: Focus initial efforts on protecting your most sensitive and long-lived data Invest in capabilities: Quantum cryptography expertise will become as essential as any other IT security skill Engage stakeholders: Quantum security requires coordination across IT, compliance, procurement, and business units Monitor developments: Stay informed about quantum computing advances and regulatory updates Mahalo! Further Reading: Post Quantum Cryptography Coalition: PQC Migration Roadmap Post Quantum Cryptography Coalition: International PQC Requirements Post Quantum Cryptography Coalition: Inventory Workbook Essence of Linear Algebra Quantum Computing for the Very Curious Looking Glass Universe: Why I Left Quantum Computing Research US National Quantum Initiative
Meeting the Federal Quantum Challenge: How F5 Enables Compliance with New Government Mandates
The U.S. government has made it crystal clear: the transition to quantum-resistant encryption isn't optional—it's mandatory. With new federal directives setting aggressive timelines and billion-dollar funding commitments, organizations must act now to prepare for a post-quantum world. Here's how F5's comprehensive post-quantum cryptography (PQC) solutions can help you meet these critical mandates while protecting your business from tomorrow's threats.Future-Proofing Your Network: Enabling Quantum Ciphers on F5 BIG-IP TMOS 17.5.1
The quantum computing revolution is an imminent reality that demands attention from cybersecurity experts. As quantum computers advance toward breaking traditional RSA and elliptic curve cryptography, organizations must prepare their infrastructure with quantum-resistant encryption. F5's BIG-IP TMOS 17.5.1 introduces support for post-quantum cryptographic algorithms, positioning your network security ahead of the quantum curve. Understanding the Quantum Threat Traditional cryptographic methods like RSA-2048 and ECDSA rely on mathematical problems that classical computers find computationally intractable to solve. However, quantum computers running Shor's algorithm can factor large integers exponentially faster. This renders these encryption methods vulnerable within the next decade. The National Institute of Standards and Technology (NIST) has standardized several post-quantum cryptographic algorithms. They are designed to withstand both classical and quantum attacks. TMOS 17.5.1 implements ML-KEM (FIPS 203) for key encapsulation. The standard versions are based on the original CRYSTALS-Kyber and CRYSTALS-Dilithium algorithms. They include important changes to the parameters and requirements for how they are used to make sure they work well together in the future. Prerequisites and Planning Before implementing quantum ciphers on your BIG-IP system, ensure your environment meets these requirements: Hardware Requirements: BIG-IP appliances with sufficient processing power (quantum algorithms are computationally intensive) Minimum 8GB RAM for optimal performance Hardware Security Module (HSM) support recommended for key management Hardware Security Modules are not required to support post-quantum cryptographic algorithms, but they provide a higher level of assurance for cryptographic key storage. F5 offers a range of hardware that has built in hardware security modules. Also, if virtual F5 instances are selected, they offer the ability to integrate with a network based hardware security module. Software Requirements: TMOS version 17.5.1 or later Valid SSL/TLS certificates compatible with hybrid classical-quantum cipher suites Updated client applications capable of negotiating post-quantum algorithms The current implementation is a hybrid approach where classical and post quantum algorithms run in parallel. So you would use "classical" RSA/ECDSA certificates for the server authentication, but the actual TLS handshake would use ML-KEM for establishing quantum-safe session keys. Network Considerations: Increased bandwidth requirements due to larger key sizes and signature lengths Latency impact assessment for time-sensitive applications Compatibility testing with existing security infrastructure Enabling Quantum Ciphers: Step-by-Step Configuration Step 1: Access the BIG-IP Configuration Utility Log into your BIG-IP system through the web-based Configuration utility or connect via SSH for command-line configuration. Navigate to System/Configuration/Device/General to verify you're running TMOS 17.5.1. Or in the cli type tmsh show sys version Then follow along with F5 documentation. The details are all in the article for configuration either via TMUI or TMSH. This can all be configured via APIs or could be set up using tools like Ansible or Terraform if automation is required. https://my.f5.com/manage/s/article/K000149577 Step 2: Create a Cipher Rule Step 3: Create a new Cipher Group Step 4: Create a New Client SSL profile Create a client SSL profile. Associate the ciphergroup with the new client SSL profile. Remove No TLSv1.3 from the enabled options Step 5: Create a Virtual Server Example: tmsh create /ltm virtual quantum { destination 10.0.2.113:443 ip-protocol tcp pool quantumpool profiles add { quantum { context clientside } tcp } } Test In my case, I used Chrome. I enabled the developer tools and in the privacy and developer tools, looked at what was being negotiated. Sure enough, I am getting a quantum-safe connection. Monitoring and Troubleshooting Essential Monitoring Commands Monitor quantum cipher usage and performance: # Check quantum cipher statistics tmsh show ltm profile client-ssl quantum # View quantum key exchange metrics tmsh show ltm virtual quantum Common Issues and Solutions High CPU Usage: Quantum algorithms are computationally intensive. Consider hardware acceleration or load balancing across multiple devices. Compatibility Issues: Not all clients support quantum ciphers yet. Implement graceful fallback mechanisms and maintain hybrid cipher suites during the transition period. Browser Compatibility and the Chrome ML-KEM Transition A critical consideration for BIG-IP quantum cipher deployment is the ongoing browser transition from draft Kyber implementations to standardized ML-KEM. Chrome has phased out Kybersupport in favor of ML-KEM. This shift has significant implications for your BIG-IP configuration strategy. Configuring for Browser Compatibility To ensure seamless browser compatibility during this transition, configure your BIG-IP to prioritize ML-KEM Notably, the following cipher string did not work for me in Chrome as Kyber support has been removed in the latest versions of Chrome. X25519KYBER768 As per the k Article. Note: On June 24, 2025, Google released Chrome 138.7204.49 that no longer includes Kyber support. The chrome://flags options for PQC algorithms was also removed, and MLKEM is enabled by default. My Chrome Version was Version 138.0.7204.158, so Kyber support has gone. This DH cipher string worked for me in Chrome. X25519MLKEM768 The K article recommends the following cipher string. X25519MLKEM768:X25519KYBER768:DEFAULT To reiterate. If you are using anything earlier than TMOS version 17.5.1 and you attempt a test with a new version of Chrome, it will not work with ML-KEM as the support was only introduced in 17.5.1 and Kyber has been removed from Google Chrome, so if you were to test with 17.5.0 you would find that that Chrome would not be able to negotiate a quantum-safe connection. As per the knowledge article. BIG-IP TMOS version 17.5.0 (for Kyber), 17.5.1 (for MLKEM) or later Performance Considerations Quantum cipher implementation introduces several performance implications that require careful consideration. Key exchange operations using ML-KEM-768 consume about 25% more CPU cycles than traditional ECDHE exchanges. They have slightly better performance than the original Kyber implementation due to standardization optimizations. To make your computer run faster, use hardware acceleration when possible. Use intelligent cipher selection algorithms to balance security needs with performance limits. Consider implementing session resumption mechanisms to reduce the frequency of quantum key exchanges. Compliance and Regulatory Considerations Many industries are beginning to mandate post-quantum cryptography readiness. Financial services, healthcare, and government sectors are leading the adoption of quantum-resistant security measures. TMOS 17.5.1's ML-KEM support helps organizations meet emerging compliance requirements and prepare for future regulatory mandates. It also ensures compatibility with major browsers transitioning away from draft Kyber implementations. Ensure your quantum cipher implementation aligns with relevant standards, including NIST SP 800-208, FIPS 203 (ML-KEM), and industry-specific quantum security guidelines. The transition from draft Kyber to standardized ML-KEM is critical for long-term browser compatibility and regulatory compliance. Future-Proofing Your Investment As quantum computing technology evolves, so too will post-quantum cryptographic standards. F5’s modular approach to quantum cipher implementation ensures that your BIG-IP infrastructure can adapt to future algorithm updates and security enhancements without requiring complete system replacement. Regular software updates and security patches will introduce new quantum-resistant algorithms and performance optimizations. Maintain an active support relationship with F5 to stay current with the latest quantum security developments. Conclusion Implementing quantum ciphers on F5 BIG-IP TMOS 17.5.1 represents a critical step in preparing your network infrastructure for the quantum era. While the transition requires careful planning and performance considerations, the security benefits far outweigh the implementation challenges. Start your quantum-resistant journey today by enabling hybrid cipher suites and gradually transitioning to full quantum protection. The quantum threat is real, but with proper preparation and F5's advanced security capabilities, your organization can maintain robust protection against both classical and quantum adversaries. The future of network security is quantum-resistant, and TMOS 17.5.1 provides the tools you need to secure that future today. Begin your quantum security implementation now, before the quantum advantage becomes a quantum threat.Exploring Quantum Computing, AI, Networking and Cryptography at AppWorld 2025
Join us as we dive into the exciting world of quantum computing and AI at App World 2025, held at the fabulous Fontainebleau in Las Vegas. I get to host a fascinating discussion with Daniela Pontes and Brett Wolmarans bwolmarans from F5. We explore the latest advancements in AI, the impact of quantum computing on cybersecurity, and what the future holds for post-quantum cryptography. Discover how F5 is leveraging AI to optimize and secure applications, and learn about the recent release of the AI gateway. Daniela delves into the looming threat of quantum computing on current cryptography standards, explaining the importance of transitioning to quantum-resistant algorithms and even a little on quantum networking. Stay tuned for info on how industries like finance and healthcare are preparing for a quantum future. Don't miss this episode full of expert knowledge and cutting-edge technology!
