This is a background article for expert admins to show what we are doing in terms of moving to Post-quantum cryptography. It's similar - in a way - to Moving users to TLS.

And yes, if one would do a threat assessment then this issue would likely come last (as of 2025). We are still trying to move users to TLS, closing port 6667 and getting people to use a valid trusted certificate, -sigh- :(

Network threat: Protect against harvest now, decrypt later

The first major threat with quantum computers is to protect against the Harvest now, decrypt later scenario. The way to protect against this is to use a quantum-proof key exchange and the standard way (since August 2024) to do this is to use Kyber with X25519 (a "hybrid"). This so if X25519 is cracked, then Kyber still protects things. And if Kyber is cracked (due to unforeseen crypto analysis) then one still has X25519.

Updating UnrealIRCd to use PQC

UnrealIRCd 6.2.0+ (2025-09-09)

UnrealIRCd 6.2.0 (released Sep 9, 2025) uses the hybrid TLS group X25519MLKEM768, so Kyber with X25519, if both the server and client support it. This requires OpenSSL 3.5.0 or later (released April, 2025) on the UnrealIRCd side. Just to get an idea: browsers like Chrome and Firefox started supporting this in 2024. The OpenSSL 3.5+ requirement was first met by Debian 13 (Aug 9, 2025) and Ubuntu 25.10 (Oct 9, 2025).

unrealircd.org infrastructure

Web servers (completed 2025-07-25)

We use Cloudflare in front, which already supports X25519MLKEM768 since 2024 or so. Our Origin servers didn't yet at that point so that was of limited use. The connection from Cloudflare to our Origin servers started to use X25519MLKEM768 from 2025-07-25 onwards. So since that date, *.unrealircd.org is fully using PQC for https traffic. Of course, the client (eg: browser) needs to support this as well.

IRC servers (completed 2025-09-24)

At the end of July, 2025 X25519MLKEM768 was test deployed on irc2, this worked without issues. On Sep 15, 2025 the hub.unrealircd.org was upgraded, so server traffic could be safe. And finally, on September 24, 2025 the last IRC servers were upgraded. This also gave a first picture of how many clients support X25519MLKEM768 in real life, which was 10% (14 out of 140).

Network threat: Protect against active attacks

This threat is about when quantum computers are actually there and they would actively inject/rewrite traffic on the wire, so a man-in-the-middle attack. This targets RSA/ECC certificates, and thus we would needs a replacement/successor of those. As of 2025 this is not a serious threat and likely won't be for several years. Various working groups are working on this issue with various proposals (such as ML-DSA). A change like this has lots of impact. It's not only about adding support for new certificate types in TLS libraries and other software, but also affects root CA certificates (otherwise one would just attack the RSA/ECC cert of the Certificate Authority instead of the end-user cert). Just to illustrate the current state outside UnrealIRCd: The CA/Browser Forum does not allow handing out such certificates yet (it only allows ECDSA and RSA) so you can't get a trusted certificate with this at the moment. There's some talk about this happening in 2026 or 2027.

Updating UnrealIRCd

UnrealIRCd 6.2.1+ (2025-XX-XX)

In UnrealIRCd 6.2.1 we allow you to load multiple certificates/keys. This allows you to load "classic" ECDSA with "post quantum" ML-DSA. There's a long commit comment about how to do so. Again, this is mostly for testing purposes, since you can't get a trusted ML-DSA or other PQC certificate.

PGP signatures

We sign releases and patches with PGP. These are validated by the ./unrealircd upgrade and similar hot-patch/cold-patch commands with gnupg. We currently use an RSA4096 key on a YubiKey. When this would be broken due to quantum computers, a signature could be faked. Note that the signatures for downloads/patches are fetched over https, so faking them would also require the Network threat: Protect against active attacks mentioned previously, which is unlikely to happen within a few years.

As of 2025, this attack is still years off. There's also no PQC (eg ML-DSA/hybird/..) in stable GnuPG yet, so we can't use it anyway.

The plan is to start using PQC PGP when it is mature and in GnuPG at major distros, not sooner. The last RSA 4096 key was created with an expiry of 2030-11-17. If we assume things look good by 2030 then that will be a good time to switch over (with the key being issued 1+ year before).

Databases on disk

UnrealIRCd supports encryption of database files (such as history) via Dev:UnrealDB. It uses the XChaCha20 cipher, which similarly to AES should be safe from quantum computers. The key derivation is through Argon2, which too should be safe with a good password. Of course "safe" is always a relative term, this is with regards to current knowledge and we are only talking quantum crypto issues here.