Nicola Tuveri
A Doctoral Researcher at Tampere University (Finland), I contributed to OpenSSL for the first time in 2010, later I had the honor of becoming an OpenSSL Committer and I have been serving in the OpenSSL Technical Committee since 2019. Since the last election, I also serve as representative for Academics in the Business Advisory Committee at the OpenSSL Foundation.
My research specializes in software and micro architecture side-channel analysis and the integration of modern cryptosystems (lately mainly PQC) in mainstream libraries such as OpenSSL.
I am leading the efforts of Tampere University within the QUBIP Horizon Europe project to integrate PQC into OpenSSL, NSS, and Firefox using loadable modules.
Tampere University
Job title –Doctoral Researcher
Session
As post-quantum cryptography (PQC) continues to evolve, ensuring a smooth and adaptable transition for end users, developers, and system administrators remains a top priority. Building on discussions from the last DevConf and the latest NIST recommendations, this session presents recent updates in the Fedora ecosystem with cryptographic components, including crypto-policies, demonstrating real-world PQC integration.
Our live demo will showcase a familiar user experience — a routine Firefox browsing session — that seamlessly incorporates PQC. By inspecting the security tab when connecting to a web server, we illustrate how the user experience remains intentionally "boring," signaling a successful, non-disruptive deployment of advanced cryptographic protocols. Beneath this simplicity, however, lies a powerful infrastructure of client-side and server-side components.
On the client side, we employ a nightly build of Firefox enhanced with PQC authentication and key exchange capabilities, made possible through Qryoptic — a rust based soft-token derived from the Kryoptic project — loaded alongside Firefox's default NSS soft-token. On the server side, we leverage vanilla nginx running over OpenSSL 3.2 with our Aurora provider, a rust written OpenSSL Provider designed to boost cryptographic agility by allowing flexible backend implementations for PQC primitives.
While some of these results could be approximated using vanilla Firefox and OpenSSL with the oqsprovider, our approach enhances cryptographic agility through shallow loadable modules — decoupling stable systems from rapidly evolving PQC ecosystems. Beyond the demo, we’ll dive into the experience of writing OpenSSL Providers in Rust and explore how open-source efforts like Kryoptic can be customized to build experimental PKCS#11 soft-tokens, offering valuable tools for developers and security researchers.
Concluding the session, we’ll discuss the broader methodology behind these efforts and how shallow loadable modules can empower users, sysadmins, developers, and cryptographers alike to achieve greater flexibility and security in a post-quantum world.