Skip to content

ADR-007: Post-Quantum Cryptography Migration Strategy#3072

Draft
viv wants to merge 1 commit intoigniterealtime:mainfrom
surevine:adr-007/post-quantum-cryptography-strategy
Draft

ADR-007: Post-Quantum Cryptography Migration Strategy#3072
viv wants to merge 1 commit intoigniterealtime:mainfrom
surevine:adr-007/post-quantum-cryptography-strategy

Conversation

@viv
Copy link
Member

@viv viv commented Nov 28, 2025

Summary

  • Proposes ADR-007 documenting Openfire's post-quantum cryptography (PQC) readiness
  • Assesses all cryptographic components against quantum computing threats
  • Defines a phased migration strategy for TLS connections (2025-2035)

Context

With NIST publishing the first post-quantum cryptography standards in August 2024 (FIPS 203, 204, 205), and "harvest now, decrypt later" attacks already active, it's prudent to document Openfire's quantum threat exposure and plan for migration.

Key Findings

Component Quantum Status Action Required
Property encryption (Blowfish/PBKDF2) ✅ Quantum-resistant None
AES encryption ✅ Quantum-resistant None
TLS/SSL (RSA-2048) ⚠️ Vulnerable to future quantum Hybrid TLS by 2028

Proposed Timeline

  • 2025: Planning & preparation (Bouncy Castle 1.79+ upgrade, prototyping)
  • 2026-2028: Develop and deploy hybrid TLS (classical + PQC)
  • 2028-2032: Hybrid TLS as default
  • 2032-2035: Transition to PQC-only

Technology Choices

  • Key Encapsulation: ML-KEM-768 (CRYSTALS-Kyber) - NIST FIPS 203
  • Digital Signatures: ML-DSA-65 (CRYSTALS-Dilithium) - NIST FIPS 204
  • Hybrid Approach: RSA-2048 + ML-KEM-768 for backward compatibility

Why This Matters

  1. "Harvest now, decrypt later": Adversaries are recording TLS traffic today for future quantum decryption
  2. Long migration timeline: 10+ years needed for ecosystem-wide PQC adoption
  3. Industry alignment: NIST, IETF, and XMPP community all recommend starting migration planning now
  4. Good news: Openfire's property encryption is already quantum-resistant thanks to recent PBKDF2 work (ADR-004, ADR-005)

Related ADRs

  • ADR-001: Separate Obfuscation from Encryption
  • ADR-004: Manual Migration Tool for Blowfish PBKDF2 Upgrade
  • ADR-005: PBKDF2 Cryptographic Parameters for Blowfish Key Derivation
  • ADR-006: AES CBC to GCM Migration

Notes for Reviewers

This ADR is intentionally forward-looking. It documents current quantum readiness and proposes a migration strategy, but does not require immediate implementation. The "Proposed" status indicates this is open for community discussion before acceptance.

Key questions for reviewers:

  1. Is the timeline reasonable given quantum computing progress estimates?
  2. Are there XMPP-specific considerations we've missed?
  3. Should we coordinate with other XMPP server implementations (ejabberd, Prosody)?

@viv
docs: propose post-quantum cryptography migration strategy for Openfire
9685583 
Quantum computers will eventually break RSA/ECDH used in TLS connections, and adversaries are already recording encrypted traffic for future decryption ("harvest now, decrypt later" attacks). This ADR documents Openfire's quantum readiness and proposes a phased migration strategy.

Key findings:
- Property encryption (Blowfish/AES with PBKDF2) is already quantum-resistant
- TLS connections using RSA-2048 will need hybrid PQC by 2028

The proposed timeline aligns with NIST PQC standards (FIPS 203/204/205) and coordinates with the broader XMPP ecosystem migration.

See: ADR-001, ADR-004, ADR-005, ADR-006 for related encryption decisions
@viv
Copy link
Member Author

viv commented Nov 28, 2025

This was generated after a question arose in discussion around the recent encryption improvements. It appears to be useful and perhaps is something that should be considered, so I've created this PR to see if that holds true.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@viv