This demo was announced 2020.04.16 on the pqc-forum mailing list, updated 2020.04.23 from OpenSSL 1.1.1f to OpenSSL 1.1.1g, updated 2021.06.08 from OpenSSL 1.1.1g to OpenSSL 1.1.1k, including additional support for sntrup857, updated 2021.09.30 from OpenSSL 1.1.1k to OpenSSL 1.1.1l, alongside an update of the instructions to use stunnel 5.60 and glib-networking 2.60.4, updated 2021.11.02 to cover usage of tls_timer and suggestions regarding its use for experiments, and updated 2021.12.14 from OpenSSL 1.1.1l to OpenSSL 1.1.1m. Our patches work for versions of OpenSSL from 1.1.1f to 1.1.1m. This is a demo of OpenSSLNTRU web browsing taking just 156317 Haswell cycles to generate a new one-time sntrup761 public key for each TLS 1.3 session. This demo uses (i) the Gnome web browser (client) and stunnel (server) using (ii) a patched version of OpenSSL 1.1.1l using (iii) a new OpenSSL ENGINE using (iv) a fast new sntrup761 library. The TLS 1.3 integration in OpenSSLNTRU uses the same basic data flow as the CECPQ2 experiment carried out by Google and Cloudflare. Compared to the cryptography in CECPQ2, the cryptography in OpenSSLNTRU has a higher security level and better performance. Furthermore, OpenSSLNTRU's new software layers decouple the fast-moving post-quantum software ecosystem from the TLS software ecosystem. OpenSSLNTRU also supports a second NTRU Prime parameter set, sntrup857, optimizing computation costs at an even higher security level.

This work was funded by the Deutsche Forschungsgemeinschaft (DFG, German Research Foundation) as part of the Excellence Strategy of the German Federal and State Governments���EXC 2092 CASA���390781972 "Cyber Security in the Age of Large-Scale Adversaries"; by the U.S. National Science Foundation under grant 1913167; by the Cisco University Research Program; and by the European Research Council (ERC) under the European Union's Horizon 2020 research and innovation programme (grant agreement No 804476). "Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation" (or other funding agencies).