Post-Quantum Cryptography
🔮 Post-Quantum Cryptography Future-Proof Security
Post-Quantum Cryptography provides security against attacks by quantum computers. As quantum computing advances, traditional RSA and elliptic curve cryptography will become vulnerable. MetaMUI implements NIST-standardized post-quantum algorithms to ensure your applications remain secure in the quantum era.
🔐 Available Algorithms
ML-KEM-768 (Kyber)
NIST-standardized Key Encapsulation Mechanism
Security Level
192-bit (NIST Level 3)
Public Key
1,184 bytes
Ciphertext
1,088 bytes
Standard
NIST FIPS 203
Key Exchange
NIST Standard
Dilithium (ML-DSA)
Lattice-based Digital Signatures
Security Level
128-256 bits
Public Key
1,312 bytes
Signature
2,420 bytes
Standard
NIST FIPS 204
Digital Signatures
NIST Standard
Falcon-512
Compact Post-Quantum Signatures
Security Level
128-bit
Public Key
897 bytes
Signature
690 bytes
Advantage
Smallest signatures
Digital Signatures
Compact
NTRU Prime
Alternative Post-Quantum KEM
Security Level
128-256 bits
Public Key
1,047 bytes
Ciphertext
1,047 bytes
Advantage
Alternative security
Key Exchange
Alternative
Why Post-Quantum?
The Quantum Threat
- Current RSA/ECC will be broken by quantum computers
- Shor’s algorithm can factor large numbers efficiently
- Grover’s algorithm weakens symmetric cryptography
Timeline
- NIST standardization completed in 2024
- Quantum computers advancing rapidly
- “Harvest now, decrypt later” attacks happening today
Usage Examples
Hybrid Key Exchange (Classical + Post-Quantum)
from metamui_crypto import X25519, MLKem768
# Generate both classical and post-quantum keys
x25519_keypair = X25519.generate_keypair()
mlkem_keypair = MLKem768.generate_keypair()
# Sender: Create hybrid shared secret
# Classical ECDH
x25519_shared = X25519.compute_shared_secret(
x25519_keypair.private_key,
receiver_x25519_public
)
# Post-quantum KEM
mlkem_ciphertext, mlkem_shared = MLKem768.encapsulate(
receiver_mlkem_public
)
# Combine both secrets
import hashlib
hybrid_secret = hashlib.sha256(
x25519_shared + mlkem_shared
).digest()
Post-Quantum Signatures
from metamui_crypto import Dilithium
# Generate signing keypair
keypair = Dilithium.generate_keypair()
# Sign document
document = b"Critical security update"
signature = Dilithium.sign(document, keypair.private_key)
# Verify signature
is_valid = Dilithium.verify(signature, document, keypair.public_key)
Migration Strategy
1. Hybrid Approach (Recommended)
Combine classical and post-quantum algorithms:
- Use X25519 + ML-KEM-768 for key exchange
- Use Ed25519 + Dilithium for signatures
- Provides security against both classical and quantum attacks
2. Gradual Migration
- Start with non-critical systems
- Test performance impact
- Monitor for compatibility issues
- Gradually expand deployment
3. Crypto Agility
Design systems to support algorithm changes:
# Good: Algorithm-agnostic design
def encrypt_data(data, algorithm="chacha20"):
cipher = get_cipher(algorithm)
return cipher.encrypt(data)
# Easy to switch to post-quantum
encrypted = encrypt_data(data, algorithm="mlkem768-aes256")
Performance Considerations
| Operation | ML-KEM-768 | Dilithium | Falcon-512 | RSA-2048 |
|---|---|---|---|---|
| KeyGen | 0.5ms | 1.2ms | 8.5ms | 100ms |
| Encrypt/Sign | 0.6ms | 2.1ms | 1.5ms | 2ms |
| Decrypt/Verify | 0.7ms | 0.8ms | 0.3ms | 0.1ms |
Security Levels
| Algorithm | Classical Security | Quantum Security |
|---|---|---|
| ML-KEM-768 | 256-bit | 192-bit |
| Dilithium3 | 256-bit | 128-bit |
| Falcon-512 | 256-bit | 128-bit |
| NTRU Prime | 256-bit | 128-bit |
Best Practices
- Use Hybrid Schemes: Combine with classical algorithms
- Plan for Larger Keys: Post-quantum keys are bigger
- Test Performance: Measure impact on your systems
- Stay Updated: Follow NIST recommendations
- Implement Crypto Agility: Make algorithms replaceable