Suite Packages
Overview
MetaMUI Crypto suite packages provide curated collections of algorithms optimized for specific use cases. Each suite is carefully selected to provide comprehensive cryptographic capabilities while maintaining compatibility and performance.
Available Suites
| Suite | Algorithms | Focus | Best For |
|---|---|---|---|
| PQC Suite | 10 algorithms | NIST Post-Quantum | Future-proof security |
| KPQC Suite | 4 families | Korean Standards | Regional compliance |
| Recommended | 8 algorithms | Balanced selection | General purpose |
PQC Suite
NIST Standardized Post-Quantum Cryptography
The PQC Suite provides all NIST-standardized post-quantum algorithms, ensuring your applications are protected against both classical and quantum computer attacks.
Included Algorithms
Key Encapsulation Mechanisms (3)
- ML-KEM-512 - Security Level 1 (128-bit)
- ML-KEM-768 - Security Level 3 (192-bit) ⭐ Recommended
- ML-KEM-1024 - Security Level 5 (256-bit)
Digital Signatures (7)
- ML-DSA-44 - Dilithium Level 2
- ML-DSA-65 - Dilithium Level 3 ⭐ Recommended
- ML-DSA-87 - Dilithium Level 5
- Falcon-512 - Compact signatures Level 1
- Falcon-1024 - Compact signatures Level 5
- SLH-DSA-SHA2-128f - Hash-based with SHA2
- SLH-DSA-SHAKE-256f - Hash-based with SHAKE
Use Cases
- TLS 1.3: Quantum-safe HTTPS connections
- VPN: Future-proof tunnel establishment
- Code Signing: Long-term signature validity
- Certificate Authorities: Quantum-resistant PKI
- Blockchain: Post-quantum consensus mechanisms
Implementation Example
from metamui_crypto.suites import PQCSuite
# Key Exchange
kem_public, kem_private = PQCSuite.ML_KEM_768.generate_keypair()
ciphertext, shared_secret = PQCSuite.ML_KEM_768.encapsulate(kem_public)
# Digital Signatures
sig_public, sig_private = PQCSuite.ML_DSA_65.generate_keypair()
signature = PQCSuite.ML_DSA_65.sign(message, sig_private)
valid = PQCSuite.ML_DSA_65.verify(message, signature, sig_public)
# Compact Signatures
falcon_pub, falcon_priv = PQCSuite.Falcon512.generate_keypair()
compact_sig = PQCSuite.Falcon512.sign(message, falcon_priv)
Performance Characteristics
| Algorithm | Operation | Time | Size |
|---|---|---|---|
| ML-KEM-768 | Keygen | 50 μs | 2.4 KB keypair |
| ML-DSA-65 | Sign | 300 μs | 3.3 KB signature |
| Falcon-512 | Sign | 200 μs | 690 B signature |
| SLH-DSA | Sign | 5 ms | 17 KB signature |
KPQC Suite
Korean Post-Quantum Cryptography Standards
The KPQC Suite implements algorithms standardized by the Korean Information Security Agency (KISA) and National Security Research Institute (NSR), providing sovereign cryptographic capabilities.
Included Algorithm Families
SMAUG-T (Lattice KEM)
- SMAUG-T1 - Level 1 (128-bit security)
- SMAUG-T3 - Level 3 (192-bit security) ⭐ Recommended
- SMAUG-T5 - Level 5 (256-bit security)
Haetae (Lattice Signatures)
- Haetae-2 - Level 2 signatures
- Haetae-3 - Level 3 signatures ⭐ Recommended
- Haetae-5 - Level 5 signatures
AIMer (MPC Signatures)
- AIMer-128f - 128-bit security
- AIMer-192f - 192-bit security ⭐ Recommended
- AIMer-256f - 256-bit security
NTRU+ (NTRU Variant)
- NTRU+-576 - Compact parameters
- NTRU+-768 - Balanced parameters ⭐ Recommended
- NTRU+-864 - High security
- NTRU+-1152 - Maximum security
Regional Compliance
- Korean government systems
- Financial institutions in Korea
- Critical infrastructure protection
- Defense and military applications
Implementation Example
import id.metamui.crypto.suites.KPQCSuite;
// SMAUG-T Key Exchange
KeyPair smaugKeys = KPQCSuite.SmaugT3.generateKeypair();
EncapsulationResult result = KPQCSuite.SmaugT3.encapsulate(smaugKeys.getPublic());
// Haetae Signatures
KeyPair haetaeKeys = KPQCSuite.Haetae3.generateKeypair();
byte[] signature = KPQCSuite.Haetae3.sign(message, haetaeKeys.getPrivate());
// AIMer MPC Signatures
KeyPair aimerKeys = KPQCSuite.Aimer192f.generateKeypair();
byte[] mpcSignature = KPQCSuite.Aimer192f.sign(message, aimerKeys.getPrivate());
// NTRU+ Key Exchange
KeyPair ntruKeys = KPQCSuite.NtruPlus768.generateKeypair();
EncapsulationResult ntruResult = KPQCSuite.NtruPlus768.encapsulate(ntruKeys.getPublic());
MetaMUI Recommended Suite
Carefully Curated Algorithm Selection
The Recommended Suite provides a balanced selection of 8 algorithms covering all essential cryptographic operations with optimal performance and security trade-offs.
Included Algorithms
| Category | Algorithm | Rationale |
|---|---|---|
| Hash | BLAKE3 | Fastest, parallelizable |
| Hash | SHA-256 | Industry standard |
| AEAD | ChaCha20-Poly1305 | Modern, fast |
| AEAD | AES-256-GCM | Hardware accelerated |
| Signature | Ed25519 | Compact, fast |
| PQ Signature | Falcon-512 | Quantum-resistant |
| PQ KEM | ML-KEM-768 | NIST standard |
| KDF | Argon2id | Password hashing |
Why These Algorithms?
BLAKE3
- 3x faster than SHA-256
- Parallel processing support
- Streaming and keyed modes
ChaCha20-Poly1305
- No timing side-channels
- Better than AES on CPUs without AES-NI
- Standard in TLS 1.3
Ed25519
- 62 byte signatures
- Fast verification
- No random number requirements
ML-KEM-768
- Balanced security/performance
- NIST standardized
- 192-bit quantum security
Usage Patterns
using MetaMUI.Crypto.RecommendedSuite;
public class CryptoService
{
// Fast hashing
public byte[] HashData(byte[] data)
{
return Recommended.Blake3.ComputeHash(data);
}
// Secure encryption
public (byte[] ciphertext, byte[] tag) EncryptData(byte[] data, byte[] key)
{
var nonce = Recommended.GenerateNonce();
return Recommended.ChaCha20Poly1305.Encrypt(data, key, nonce);
}
// Digital signatures
public byte[] SignDocument(byte[] document, byte[] privateKey)
{
return Recommended.Ed25519.Sign(document, privateKey);
}
// Post-quantum key exchange
public byte[] QuantumSafeKeyExchange(byte[] peerPublicKey)
{
var (ciphertext, sharedSecret) = Recommended.MlKem768.Encapsulate(peerPublicKey);
return sharedSecret;
}
// Password hashing
public string HashPassword(string password)
{
return Recommended.Argon2id.Hash(password);
}
}
Performance Comparison
| Operation | Algorithm | Speed | vs Alternative |
|---|---|---|---|
| Hash 1MB | BLAKE3 | 0.8ms | 3x faster than SHA-256 |
| Encrypt 1MB | ChaCha20 | 1.2ms | 1.5x faster than AES (no HW) |
| Sign | Ed25519 | 0.05ms | 10x faster than RSA-2048 |
| KEM | ML-KEM-768 | 0.1ms | 100x faster than RSA-3072 |
Choosing the Right Suite
Decision Matrix
| Requirement | PQC Suite | KPQC Suite | Recommended |
|---|---|---|---|
| Quantum resistance | ✅✅✅ | ✅✅✅ | ✅✅ |
| Performance | ✅✅ | ✅✅ | ✅✅✅ |
| Compliance (US) | ✅✅✅ | ✅ | ✅✅ |
| Compliance (Korea) | ✅ | ✅✅✅ | ✅✅ |
| Ease of use | ✅✅ | ✅✅ | ✅✅✅ |
| Algorithm variety | ✅✅✅ | ✅✅ | ✅✅ |
Recommendations by Industry
Financial Services
- Primary: PQC Suite (regulatory compliance)
- Secondary: Recommended Suite (performance)
Government/Defense
- US/NATO: PQC Suite
- Korea: KPQC Suite
- Others: PQC Suite + Recommended
Technology Companies
- Primary: Recommended Suite
- Migration: Add PQC Suite progressively
Healthcare
- Primary: Recommended Suite
- Long-term records: PQC Suite
Custom Suite Creation
For Enterprise+ customers, we offer custom suite creation:
# custom-suite.yaml
name: MyCompany Crypto Suite
version: 1.0.0
algorithms:
hash:
- BLAKE3
- SHA3-256
aead:
- ChaCha20-Poly1305
- AES-256-GCM
signatures:
- Ed25519
- ML-DSA-65
kem:
- ML-KEM-768
- SMAUG-T3
kdf:
- Argon2id
- HKDF-SHA256
Contact enterprise@metamui.id for custom suite development.
Suite Migration Guide
From Classical to Post-Quantum
# Phase 1: Hybrid Mode
def hybrid_key_exchange():
# Classical ECDH
ecdh_shared = perform_ecdh()
# Post-quantum KEM
pq_shared = PQCSuite.ML_KEM_768.encapsulate(public_key)[1]
# Combine both
final_key = kdf(ecdh_shared + pq_shared)
return final_key
# Phase 2: Full Migration
def quantum_safe_key_exchange():
return PQCSuite.ML_KEM_768.encapsulate(public_key)[1]
Performance Testing
func BenchmarkSuites() {
// Test each suite
suites := []Suite{PQCSuite, KPQCSuite, RecommendedSuite}
for _, suite := range suites {
benchmark(suite)
measureMemory(suite)
testCompatibility(suite)
}
}