Feature request: adding mlkem768x25519-sha256 post-quantum key exchange

Hello,

Are there any plans for SSHJ to support the new `mlkem768x25519-sha256` key exchange algorithm?

[OpenSSH 9.9](https://www.openssh.com/txt/release-9.9) (2024-09-19) introduced support for the new FIPS 203 Module-Lattice Key Encapsulation Mechanism (ML-KEM) post-quantum key exchange algorithm. ML-KEM (formally known as CRYSTALS Kyber) has been [formally standardized by NIST](https://csrc.nist.gov/pubs/fips/203/final) earlier last year, and is designed to be secure against quantum attacks. OpenSSH has chosen to support ML-KEM by using a PQ/T hybrid implementation: `mlkem768x25519-sha256`. Efforts are already underway standardising this via [an IETF Draft](https://datatracker.ietf.org/doc/draft-ietf-sshm-mlkem-hybrid-kex/).

[OpenSSH 10.0](https://www.openssh.com/txt/release-10.0) (2025-04-09) is now using this new quantum-resistant key exchange algorithm by default.

And, as recently announced, [OpenSSH 10.1](https://www.openssh.com/pq.html) will start warning if no post-quantum key exchange algorithm is supported by the server. This in an effort to speed-up adoption and help thwart "store now, decrypt later" attacks.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Feature request: adding mlkem768x25519-sha256 post-quantum key exchange #1017

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Feature request: adding mlkem768x25519-sha256 post-quantum key exchange #1017

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions