Sign in Subscribe
By Barry Dorrans in .NET Security

Post Quantum Support in .NET

.NET 10 added ML-KEM, ML-DSA, SLH-DSA and Composite ML-KEM. Here I break down the support and its current limitations.

.NET 10 saw the addition of post quantum primitives, ML-KEM, ML-DSA, SLH-DSA and Composite ML-KEM, with help from our friends over in GitHub Security Services who helped the class design and implemented ML-KEM. Our friends over in Windows added Post Quantum support this month as well.

Primitive Support

.NET now has classes for MLKem key encapsulation, and MLDsa, SlhDsa and CompositeMLDsa for signatures. You can use these now in places like CertificateRequest, CmsSigner, and CoseSigner.

Some of the support remains [Experimental] due to lack of algorithm support. SLH-DSA on Windows and Composite ML-DSA on both Windows and OpenSSL. We don't expect any breaking changes to the classes or APIs once support arrives, but the use of experimental provides developers with a warning that it is a possibility.

Your operating system also needs to support the algorithms, so before using them please use the IsSupported property on each class.

If you are targeting .NET Standard 2.0 you should reference a v10.x version of Microsoft.Bcl.Cryptography NuGet package.

TLS Support

Primitives are all very well, you can start signing, encrypting and decrypting your own data today, but what about HTTPS and other TLS transports, where's the X509 support? It's complicated.

All the network cryptography stacks are implementing things piece by piece, and they're awaiting things from IANA like codepoints and identifiers for composite.

Specifically. the current situation is as follows:

  • For Windows we are awaiting support in Schannel.
  • For Linux, if your distro is using OpenSSL 3.5, ML-KEM key exchange works, although your customer may need to tweak the openssl.cnf though to enable it, configure for hybrid or not, which parameter set etc.)  ML-DSA certificates work. Composite and SLH-DSA certificates do not.
  • For Azure Linux, they added ML-KEM into their version of OpenSSL 3.3, but there is no certificate support yet. Once they add that it'll light up with no work needed from .NET.

Our hope is that as the various stacks complete their implementations it should just work with .NET, although a minor version bump may be needed, without any code changes required from you or your developers.

Subscribe to Ramblings from a .NET Security PM

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe