[PHP-DEV] PQC readiness beyond OpenSSL/sodium

Mon, 20 Apr 2026 06:48:34 -0700 

Hi!
I recently read Paragon Initiative's post "Post-Quantum Cryptography for the PHP Community" [1] and have been following the broader PQC discussions, particularly Google's and Cloudflare's migration timelines, which seem to be pulling the industry's expectations forward quite a bit. 


I want to stress upfront: I am not a security expert, and this question 
may be naive. I'm asking to understand whether there's anything that needs 
to be done on the language/runtime side.



My working assumption has been that the heavy lifting for PQC in PHP will 
come through the libraries that ext/openssl and ext/sodium wrap, in other 
words, that once OpenSSL ships stable ML-KEM / ML-DSA / hybrid primitives 
and libsodium follows suit, exposing them in PHP is largely a matter of 
binding new functions and constants, similar to how past algorithms were 
added. Paragon's ext-pqcrypto and pqcrypto_compat seem to cover the gap in 
the meantime.



What I'm less sure about is whether there are PHP-specific concerns beyond 
"wait for the libraries." A few things I've wondered about, though I may 
be framing them wrong:



* Whether the substantially larger key/signature/ciphertext sizes of PQC 
algorithms interact badly with any internal assumptions in PHP (string 
handling is presumably fine, but things like stream buffer defaults, 
TLS-related INI defaults, or session serialization come to mind).



* Whether anything in the bundled extensions that does its own crypto 
(PHAR signatures, password_hash, openssl_* wrappers, PHP's own TLS stream 
context options) will need design-level decisions rather than just new 
constants — e.g., how hybrid KEMs get surfaced in stream contexts, or 
whether PHAR will gain PQ signature support.



* Whether there's an expectation that PHP tracks a minimum OpenSSL version 
that supports PQC by some date, and what that might mean for distros.



* Whether any of this warrants an RFC-level discussion now rather than 
closer to 2029.



Is any of the above already being tracked or discussed? Are there concerns 
I'm missing entirely? I'd rather ask a possibly-dumb question now than 
find out in 2028 that something obvious was overlooked. :-)


Thanks for your time,
Sebastian

--
Sebastian Bergmann                                 https://phpunit.expert

Stay up to date with PHPUnit: https://phpunit.expert/newsletter














    











					Reply via email to