Linux cryptography expert Eric Biggers of Google posted a set of patches on Monday for providing proof-of-concept support for ML-KEM and X-Wing for post-quantum cryptography.

Patches cover ML-KEM for Module-Lattice-Based Key-Encapsulation Mechanism as a quantum-resistant cryptographic standard. Plus there is also X-Wing as a hybrid key-encapsulation mechanism based on X25519 and ML-KEM-768. This is part of getting the Linux kernel's security ready for an era of quantum computing in needing to strengthen cryptographic standards.

While posted as a proof-of-concept, Eric Biggers isn't planning on upstreaming the kernel patches until there are in-kernel users ready to go with this new functionality. Bigger explained in Monday's patch series:

"It is a proof-of-concept that won't be merged until there is an in-kernel user. Multiple people have been asking about this though, so I wanted to get ahead of the curve and provide something that people can experiment with if needed.

This series adds support for "post-quantum" (i.e. quantum-resistant) key encapsulation to the kernel's crypto library. Specifically this includes ML-KEM-768 and ML-KEM-1024, and the X-Wing hybrid KEM built on top of it. The ML-KEM functions are put in the CRYPTO_INTERNAL namespace, as they will be used only as a component of hybrid KEMs.

It's likely this will eventually be useful for at least one of the in-kernel users of classical key agreement schemes (currently NVMe authentication, Bluetooth, and WireGuard). However, the details of the upgrade to "post-quantum" will be up to the protocol authors in each case. I suggest that X-Wing be chosen when possible."

Those interested can see this patch series for this initial ML-KEM-768 / ML-KEM-1024 and X-Wing work for the Linux kernel.