Quantum Threat: The Countdown Has Begun

You may have heard that "quantum computers can crack existing encryption"—this is not science fiction, but a reality unfolding right now. This means that once a sufficiently powerful quantum computer emerges, today's HTTPS connections, digital signatures, and more will become virtually useless.

NIST (National Institute of Standards and Technology) launched its post-quantum cryptography standardization project in 2016 and officially released the first set of standards in 2024:ML-KEM,ML-DSA,SLH-DSA. Post-quantum migration is no longer a "future topic" but a systems engineering task that must be advanced now. The openKylin community, together with community partners and relevant SIG groups, adopts a forward-looking perspective, focusing on algorithm implementation and system-level migration of open-source cryptographic suites, striving to build a complete post-quantum cryptographic defense line for operating systems.

Establishment of the Post-Quantum Cryptography Migration SIG

The PQCTransition SIG (Post-Quantum Cryptography Transition Special Interest Group) was initiated and established byOpenAtom openKylin (referred to as "openKylin") community silver donor unit, Shanghai Yishi Intelligent Technology Co., Ltd.Its core goal is to promote the engineering integration and migration implementation of post-quantum algorithms in the openKylin system, gradually replacing traditional cryptographic algorithms with quantum-resistant PQC algorithms. Currently, the PQCTransition SIG has released three projects in the openKylin community, corresponding to the code implementations of the three major NIST post-quantum standards:

kyber-package: Key Encapsulation, Safeguarding Communication Security

Kyber (now standardized as ML-KEM) is NIST's selected post-quantum key encapsulation mechanism, with security based on the Module-LWE lattice hard problem. In scenarios such as TLS handshakes, the key encapsulation mechanism is responsible for securely negotiating a shared key over an insecure channel, serving as the first line of defense for encrypted communication.

Project Address:https://gitee.com/openkylin/kyber-package

dilithium-package: Digital Signature, Anchoring Identity Trust

Dilithium (now standardized as ML-DSA) is a digital signature scheme selected by NIST's Post-Quantum Cryptography Standardization Project (FIPS 204), based on the Module-LWE problem in lattice cryptography, capable of resisting quantum computer attacks.

Project Address:https://gitee.com/openkylin/dilithium-package

sphincs-package: Hash-Based Signature, Highest Security Commitment

The security of SPHINCS+ (now standardized as SLH-DSA)relies solely on hash functionsand does not depend on any mathematical hard assumptions. This means that even if certain assumptions of lattice cryptography are broken, SPHINCS+ remains secure—it provides the "security baseline" for post-quantum signatures.

Project Address:https://gitee.com/openkylin/sphincs-package

Introduction of the openHiTLS Cryptographic Suite

openHiTLS is an open-source cryptographic suite designed for full-scenario digital and intelligent security. It was jointly launched and open-sourced in December 2024 by over ten industry-academia-research units, including Kylin Software Co., Ltd., Xidian University, Shandong University, and Shanghai Jiao Tong University. This suite integrates multiple post-quantum cryptographic algorithms such as ML-DSA, ML-KEM, SLH-DSA, XMSS, Classic McEliece, and FrodoKEM, and supports mainstream international and Chinese commercial cryptographic algorithms (e.g., SM2/SM3/SM4). It features a wide variety of algorithms and flexible architecture for configuration and tailoring. openHiTLS is currently being introduced and adapted to the openKylin 3.0 development branch by the community'sSecurity SIGgroup.

openHiTLS Project Address:https://gitee.com/openkylin/openhitls

openHiTLS Official Project Address:https://gitcode.com/openhitls

Building the Quantum Defense Line Together

Post-quantum cryptography migration faces a unique challenge: it must be completed before quantum computers truly arrive—this is not a problem that can wait for the threat to emerge, and the security defense line of the quantum era cannot be built overnight. If you are interested in post-quantum cryptography or system security, you are welcome to join the relevant SIG groups in the openKylin community to participate in discussions and the construction of the quantum-era security defense line!

• PQCTransition SIG Group:https://gitee.com/openkylin/community/tree/master/sig/PQCTransition

• Security SIG Group:https://gitee.com/openkylin/community/tree/master/sig/security