Lab: Nginx Post-Quantum

November, 2024

Post-Quantum, we can read and hear a lot about it but I’ve not seen much hands-on work on it, especially hands-on work as simple as a VM you start and enjoy, available for everyone. So, I did it.

The objective of this lab is to demonstrate that the current status of Post-Quantum cryptography is more than just theory but there exists concrete implementation of it.

Kyber768

This strange name is the official name of a selected Post-Quantum Algorithm. The origin of this name is pure geek: it refers to the Star Wars Universe. In Star Wars the Kyber Crystals are the crystals used in the Jedi lightsabers.

Kyber is currently a selected post-quantum algorithm to establish an HTTPS connection. If we want to be precise this Lab is in fact establishing an Hybrid Post-Quantum/Classic cryptography.

Kyber768 is only used at the connection establishment to safely exchange the symmetric key used after connection acceptation.

Lab content

Download the zip lab

SHA256: 77FDDE08F831D287FA876C0A6E3631CE201176283A17A9B236A49D6134C07BFB

I took some time to create and share with you a Virtual Machine that embeds :

• Ubuntu Server 24.04
• Nginx 1.26
• OpenSSL 3.4
• Oqs-provider library

This VM is a webserver configured to provide you TLS1.3 only + X25519Kyber768 and AES256 GCM.

How does it works ?

• Have VMWare Workstation Player (Free)
• Download the zip lab
• Start the VM
• Login with: kyber/kyber768
• Get the virtual server ip with command "ip a"
• Use recent browser (Chromium based or Firefox)
• Open URL : https://192.168.x.y (your vm server ip)
• Enjoy

It’s what the internet will look like, in the near future, when the new algorithms standard will be chosen by NIST (and hopefully Europe). The purpose of this work is just to demonstrate that this technology, even if not yet validated, is more concrete than you think and available. It’s not a myth or some abstracted concept only.

Lab in action