Post-Quantum Cryptography Alliance - Technical Advisory Council (TAC) Meeting 29 Jan, 2025

• Join the meeting
• Recordings are available on your Open Profile page under Past Meetings
• PQCA Meeting Calendar
• Discord Server

Antitrust Policy Notice

Linux Foundation meetings involve participation by industry competitors, and it is the intention of the Linux Foundation to conduct all of its activities in accordance with applicable antitrust and competition laws. It is therefore extremely important that attendees adhere to meeting agendas, and be aware of, and not participate in, any activities that are prohibited under applicable US state, federal or foreign antitrust and competition laws.

Examples of types of actions that are prohibited at Linux Foundation meetings and in connection with Linux Foundation activities are described in the Linux Foundation Antitrust Policy available at linuxfoundation.org/antitrust-policy. If you have questions about these matters, please contact your company counsel, or if you are a member of the Linux Foundation, feel free to contact Andrew Updegrove of the firm of Gesmer Updegrove LLP, which provides legal counsel to the Linux Foundation.

Voting Representative Attendance (Alphabetical by 1st name)

Premier Member Representatives

• Brian Jarvis, Amazon Web Services Inc. [TAC Vice Chair]
• Michael (Max)imilien, IBM [TAC Chair]
• Norman Ashley, Cisco
• Sophie Schmieg, Google
• Yarkin Doroz, NVIDIA

### Project Representatives

• Nigel Jones, IBM [PQP]
• Spencer Wilson, U Waterloo [OQS]

Non-Voting Representative Attendance

LF Staff

• Hart Montgomery
• Ry Jones
• Kenny Paul

Other Attendees

• Aditya Koranga
• Joe Livingston
• Pravek Sharma
• Angel Camacho
• JP Lomas

---

Introduction of 1st time attendees

• Angel Camacho - Joining from Guatamala

---

Announcements

• Yarkin - Joint press release PQCA and NVIDIA coming put later today

---

OQS Update -Pravek Sharma

• The cuPQC integration PR has been merged into the main branch, enabling users of liboqs to utilize GPU-accelerated crypto.
• The OQS provider is not synchronized with OpenSSL master; an update is pending OpenSSL merging its own PQC implementations, anticipated in February.
• Recent releases of liboqs for C, C++, Python, and Java mean that all liboqs language wrappers now support ML-DSA.
• The security response process is progressing towards acceptance, with discussions ongoing about which OQS subprojects will receive continued support.

---

PQCP Update -Nigel Jones

• The ML-KEM native implementation PR is open, with CI issues, but it is nearly ready and will be marked as Beta once it gets into liboqs.
• AWS integration readiness work is ongoing.
• Performance fixes for AVX2 bring it within 10% of the reference implementation.
• The libcrux implementation focus is shifting towards documentation and discussion around guarantees, rather than inclusion within PQCP.
• A PQCP TSC meeting is scheduled for tomorrow.
• Progress has been made on libjade arm implementations and proof.

---

Tools WG Update -Nicklas Kortge MAX

• Drafting a PR template for new PRs to the tools project.
• Working on the CBOMKit Github action to support the right place to store the generating CBOMs, plus the correct namings.
• Nothing new regarding donation of tooling.
• Nicklas reached out to Kenny regarding a legal question from their lawyer, which is still an open item

---

Old Business

AWS Brian Jarvis

• The AWS PQC page has been updated with shout outs to PQCA.
• A link to the Post Quantum Migration Plan has been added.
• Links to PQCA and OQS are included in the migration section.
• AWS highlights its own library and PQCP contributions, including a shout out to mlkem-native.

---

OpenSSL Hart Montgomery

• Need a critical mass of folks that have signed their CLA before we try to automate our side.
• Nigel noted that the OpenSSL folks were not going to be using our library and are going down their own implementation path.
• It is a chicken or the egg problem and that OpenSSL want options and won’t seriously consider it until they can actually use it.
• Hunting down the historic contributors is viewed as doable but probably not worth it until we have critical mass.
• No one on the TAC call has been in direct contact with OpenSSL folks, so all of the information shared had been relayed to TAC members by others.
• Up to the PQCP team to decide how to proceed.

---

New Business

• Elections -ACTION Kenny review the process at the next meeting

January GB update - Max

OQS Production readiness

• Most contributions to date have come for the Univ. of Waterloo
• It was acknowledged that Douglas, as a professor, has different incentives than those who want to use code in production and he has concerns over diminishing academic research funding.
• Still a smaller project and members please think of how to grow the developer base.
• Potential for grants to the research from companies may help, but production code driven by companies would be greatly helpful .
• GB agreed that a survey would be helpful to figure out who is using and who might be using OQS. Kenny has already reached out to Douglas regarding that.

LFX Mentorship

• The GB approved a budget for the program that will cover 5 mentees.
• The program is essentially an internship driven by the technical community.
• Applications for the summer term open in mid-April and they are looking for people from companies to act as mentors.
• The mentors will help guide the intern through the development process and provide feedback.
• The mentees self-select and apply to the programs they are interested in, and they are chosen by the mentor.
• Kenny will be pulling together a process and plan together for the TAC.

---

Open Action Items / Issues Review

Issue #43 Kenny realized that he didn’t have the necessary permissions in the repo to make some changes discussed last time. He plans to fix that in the next 2 days.

Issue #31 The LFX Insights came up at the Board meeting.

• The Governing Board will be receiving updates going forward from insights.
• The Insights page for PQCA was shared, which summarizes contributions and provides a dashboard view of the project.
• Max encouraged everyone to look at the page and let Kenny know if any of the data is inaccurate.
• It was noted that the best practices score is currently aligned with CNCF criteria but is being actively worked on by the LFX team to align to OpenSSF’s Scorecard.

Issue #44 aligned to to the GB discussion on production readiness

---

Blog post for PQCA’s 1st anniversary.

• Encouraging blurbs be shared from different companies involved.
• Hart and Max will be working on an outline and sending it out.
• The anniversary is in the 1st week of March, so they should try to get it published by then.
• Hart said that they are happy to take blog posts in general and that they need more marketing content.
• ACTION Kenny will open an issue for tracking the blog creation.