PQC and Lightweight Cryptography Updates – Bouncy Castle 1.80 Java

The release of Bouncy Castle 1.80 Java introduces several important updates for developers, particularly those working with post-quantum cryptography (PQC) and lightweight cryptography. Below is an overview of the four key enhancements.

Support for ML-DSA and SLH-DSA in Java Keytool

For post-quantum cryptographic (PQC) testing and implementation, ML-DSA and SLH-DSA algorithms in Bouncy Castle are now compatible with the Java keytool.  Previously, the Java keytool failed to recognize the context parameters associated with these algorithms, limiting their usability.

Developers use keytool to generate, import, and manage cryptographic keys and certificates in Java's keystore (JKS or PKCS12). Bouncy Castle extends keytool's functionality by supporting additional algorithms not natively supported by Java, such as the PQC algorithms.

This update ensures a streamlined, command-line-based process for generating keys and certificates for PQC algorithms.

Integration of OASIS Shamir Secret Splitting Algorithms

For developers utilizing secret splitting for key management, Bouncy Castle low-level API support has been added for OASIS Shamir Secret Splitting algorithms. These algorithms allow single keys to be split into shares among multiple users, with all or just a subset of shares, required to reconstruct the key.

OASIS Shamir Secret Splitting provides a secure and shared approach to key management, reducing reliance on traditional password hashing. It enables developers to implement shared responsibility for private keys, typically used in scenarios like electronic voting or distributed credential management.

Update to ASCON Algorithms (FIPS SP 800-232 Draft)

The ASCON family of lightweight cryptographic algorithms (part of the NIST lightweight cryptography standard) has been updated to align with the FIPS SP 800-232 draft.

The ASCON family of algorithms is optimized for IoT devices with limited resources, offering energy-efficient, small-footprint solutions for encryption, authentication, and hashing. Its robust security, resistance to side-channel attacks, and easy integration make it ideal for securing IoT communications, firmware updates, and device-to-cloud ecosystems.

With this update, we aim to demonstrate our commitment to keeping Bouncy Castle relevant by aligning our libraries with emerging standards, and we are hopeful this will continue to meet the evolving needs of the IoT market.

Updates to PQC Round 4 Algorithms

The Round 4 post-quantum cryptographic (PQC) algorithms have been updated to ensure ongoing compatibility and relevance for research, experimentation, and development. These enhancements provide PQC researchers and developers working with Round 4 algorithms in Bouncy Castle access to the latest advancements in PQC technology.

This update reinforces Bouncy Castle as a dependable option for PQC experimentation and adoption, and we are confident that we will continue to support the cryptography community’s evolving needs.

Download BC 1.80 Java  Read the release notes