GitHub has announced the implementation of a hybrid post-quantum key exchange algorithm for SSH access when working with Git repositories. This strategic move aims to protect data against future threats posed by quantum computing advancements that could potentially decrypt SSH sessions encrypted with today’s standards.
Hybrid Algorithm Sntrup761x25519 Combines Classical and Post-Quantum Cryptography
The new sntrup761x25519-sha512 algorithm merges the post-quantum cryptography scheme Streamlined NTRU Prime with the classical elliptic curve X25519. This hybrid approach ensures compatibility with existing systems while simultaneously adding protection against quantum attacks.
The update affects SSH connections for Git data transmission (not HTTPS) and began rolling out on September 17, 2025, for GitHub.com and GitHub Enterprise Cloud regions outside the United States. The US region is temporarily excluded due to stricter FIPS cryptographic standard requirements, which the new algorithm does not yet meet. GitHub Enterprise Server 3.19 will also receive support for the post-quantum option.
Post-Quantum Cryptography Addresses Quantum Computer Threats
Post-quantum cryptography (PQC) represents a class of cryptographic algorithms designed to withstand attacks from quantum computers. Currently widely used public-key algorithms, such as RSA and elliptic curve cryptography (ECC), rely on mathematical problems like integer factorization and discrete logarithm, which can be efficiently solved by sufficiently powerful quantum computers using Shor’s algorithm.
If quantum computers reach practical scale, these schemes could be broken within seconds, creating a threat to the confidentiality and integrity of secure communications. To counter this risk, researchers and organizations led by initiatives such as the NIST Post-Quantum Cryptography Standardization Project have developed quantum-resistant algorithms based on different mathematical foundations, including lattice problems, code-based cryptography, and multivariate equations.
Minimal Impact on User SSH Clients and Workflows
From the user perspective, most workflows will remain unchanged. If an SSH client supports the new algorithm—such as OpenSSH version 9.0 or newer—it will automatically negotiate and prefer it by default, provided the configuration hasn’t overridden standard settings. Clients without support for the new algorithm will continue using classical key exchange without interruption.
GitHub provides commands for verification: ssh -Q kex to view the list of supported key exchange algorithms and ssh -v [email protected] exit | grep 'kex: algorithm:' to determine the selected algorithm during connection.
Protection Against “Store Now, Decrypt Later” Strategy
The motivation behind this implementation is to counter the “store now, decrypt later” threat, where adversaries could collect SSH-encrypted traffic today and decrypt it in the future when quantum computers become sufficiently powerful. By employing a hybrid scheme that combines classical security with post-quantum cryptography, GitHub ensures SSH traffic protection even in scenarios where quantum computing renders current algorithms vulnerable.
GitHub notes that while the new algorithm is more recent and has less real-world exposure, it has been designed to never be weaker than existing classical key exchange methods. Looking forward, GitHub plans to monitor post-quantum cryptography developments and expand support for additional quantum-secure algorithms, particularly those meeting FIPS requirements.
OpenSSH and Alternative Post-Quantum SSH Protocol Implementations
OpenSSH has been moving toward post-quantum cryptographic algorithms. Starting with version 9.0, released in April 2022, OpenSSH includes the sntrup761x25519-sha512 algorithm for key agreement. The later OpenSSH 9.9 version added mlkem768x25519-sha256, and by version 10.0, this scheme became the default for key exchange.
Similarly, Tectia Quantum-Safe Edition offers hybrid and quantum-safe SSH implementations by combining classical encryption with post-quantum algorithms such as Crystals/Kyber, FrodoKem, and NTRU. Their approach also ensures compatibility with FIPS mode and classical SSH clients and servers.
TinySSH, a minimalist SSH server, has also taken early steps toward hybrid post-quantum key exchange. It supports configurations combining NTRU Prime with ED25519 curve operations, adding quantum-forward secrecy to SSH key agreement.
GitHub’s implementation of post-quantum SSH protection represents a critical milestone in preparing infrastructure for the quantum era while maintaining backward compatibility and ensuring protection of developers’ mission-critical data against future threats. The industry demonstrates a proactive security approach by implementing protective measures before quantum computers become a practical threat.