Hello,

We still haven't set a date for integrating PQC algorithms. We're currently defining the API in the PSA Crypto API working group — there is a draft specification (https://github.com/ARM-software/psa-api/pull/223) which is still evolving (https://github.com/ARM-software/psa-api/pull/233). In Mbed TLS, we have no bandwidth for integrating new features until we complete the work on the TF-PSA-Crypto 1.0 and Mbed TLS 4.0 releases, so until 2025Q3. After that, PQC will compete with other desired features, so we can't make any commitments yet.

Best regards,

--
Gilles Peskine
Mbed TLS developer and PSA Crypto architect

On 30/01/2025 20:37, NAYNA JAIN via mbed-tls wrote:

Hi MbedTLS team,

I have been following up the MbedTLS roadmap from here - https://mbed-tls.readthedocs.io/en/latest/project/roadmap/ . It talks about Post Quantum Cryptography support in future.

And in the section of Long Term Plans for MbedTLS, I see the note related to PQC as "Regarding post-quantum cryptography (PQC) in particular, we do plan to wait until there are official standards: as of 2023, apart from stateful hash-based signatures, there are too many open questions about selected algorithms (choice of parameters, data formats, hybrid combinations…).

This note seems to be pretty old as it refers to 2023.. So, are there any latest update on the roadmap? Is there any plan to support latest NIST standardized algorithms (ML-DSA, ML-KEM, SLH-DSA) in this year or next year.

Thanks & Regards,

Nayna