Post-quantum public key algorithms for the Secure Shell (SSH) protocol

Document Type Expired Internet-Draft (individual)
Authors Panos Kampanakis  , Douglas Stebila  , Markus Friedl  , Torben Hansen  , Dimitrios Sikeridis 
Last updated 2021-04-24 (latest revision 2020-10-21)
Stream (None)
Intended RFC status (None)
Expired & archived
pdf htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This document defines hybrid key exchange methods based on classical ECDH key exchange and post-quantum key encapsulation schemes. These methods are defined for use in the SSH Transport Layer Protocol. It also defines post-quantum public key authentication methods based on post-quantum signature schemes. These methods are defined for use in the SSH Authentication Protocol. Note EDNOTE: The goal of this draft is to start the standardization of PQ algorithms in SSH early to mitigate the potential record-and-harvest later with a quantum computer attacks. This draft is not expected to be finalized before the NIST PQ Project has standardized PQ algorithms. After NIST has standardized then this document will replace TBD1, TBD3 with the appropriate algorithms and parameters before proceeding to ratification. EDNOTE: Discussion of this work is encouraged to happen on the IETF WG Mailing List or in the GitHub repository which contains the draft: . *Change Log* [EDNOTE: Remove befor publicaton]. draft-kampanakis-curdle-pq-ssh-00 * Initial draft


Panos Kampanakis (
Douglas Stebila (
Markus Friedl (
Torben Hansen (
Dimitrios Sikeridis (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)