Hi!
I recently read Paragon Initiative's post "Post-Quantum Cryptography for
the PHP Community" [1] and have been following the broader PQC
discussions, particularly Google's and Cloudflare's migration timelines,
which seem to be pulling the industry's expectations forward quite a bit.
I want to stress upfront: I am not a security expert, and this question
may be naive. I'm asking to understand whether there's anything that needs
to be done on the language/runtime side.
My working assumption has been that the heavy lifting for PQC in PHP will
come through the libraries that ext/openssl and ext/sodium wrap, in other
words, that once OpenSSL ships stable ML-KEM / ML-DSA / hybrid primitives
and libsodium follows suit, exposing them in PHP is largely a matter of
binding new functions and constants, similar to how past algorithms were
added. Paragon's ext-pqcrypto and pqcrypto_compat seem to cover the gap in
the meantime.
What I'm less sure about is whether there are PHP-specific concerns beyond
"wait for the libraries." A few things I've wondered about, though I may
be framing them wrong:
-
Whether the substantially larger key/signature/ciphertext sizes of PQC
algorithms interact badly with any internal assumptions in PHP (string
handling is presumably fine, but things like stream buffer defaults,
TLS-related INI defaults, or session serialization come to mind). -
Whether anything in the bundled extensions that does its own crypto
(PHAR signatures, password_hash, openssl_* wrappers, PHP's own TLS stream
context options) will need design-level decisions rather than just new
constants — e.g., how hybrid KEMs get surfaced in stream contexts, or
whether PHAR will gain PQ signature support. -
Whether there's an expectation that PHP tracks a minimum OpenSSL version
that supports PQC by some date, and what that might mean for distros. -
Whether any of this warrants an RFC-level discussion now rather than
closer to 2029.
Is any of the above already being tracked or discussed? Are there concerns
I'm missing entirely? I'd rather ask a possibly-dumb question now than
find out in 2028 that something obvious was overlooked. :-)
Thanks for your time,
Sebastian
--
Sebastian Bergmann https://phpunit.expert
Stay up to date with PHPUnit: https://phpunit.expert/newsletter