Cryptographic Threat Models

Comprehensive threat analysis for all 49 algorithms in the MetaMUI Crypto Primitives suite.

Overview

This section provides detailed threat models for every cryptographic algorithm implemented in MetaMUI, covering quantum threats, classical attacks, implementation vulnerabilities, and protocol-level risks.

General Threat Models

Foundational Threat Analysis

• Post-Quantum Cryptography Threat Model - Quantum computing threats and timeline
• Classical Cryptography Threat Model - Traditional cryptographic threats
• Hybrid System Threats - Risks in classical/PQC hybrid deployments

Algorithm-Specific Threat Models

Post-Quantum Algorithms (19 algorithms)

NIST Standardized (FIPS 203/204/205)

• ML-KEM-512 Threat Model
• ML-KEM-768 Threat Model
• ML-KEM-1024 Threat Model
• ML-DSA-44 Threat Model
• ML-DSA-65 Threat Model
• ML-DSA-87 Threat Model
• SLH-DSA-SHA2-128f Threat Model
• SLH-DSA-SHAKE-256f Threat Model

NIST Round 4 Additional

• Falcon-512 Threat Model
• Falcon-1024 Threat Model

Korean Post-Quantum (KPQC)

• SMAUG-T Threat Model
• Haetae Threat Model
• AIMer Threat Model
• NTRU+ Threat Model

Stateful Hash-Based Signatures

• XMSS Threat Model
• LMS Threat Model

Code-Based & Additional KEMs

• HQC-128 Threat Model
• Classic McEliece Threat Model
• FrodoKEM Threat Model

Classical Algorithms (30 algorithms)

Hash Functions (11 algorithms)

• SHA-256 Threat Model
• SHA-384 Threat Model
• SHA-512 Threat Model
• SHA3-256/512 Threat Model
• Keccak-256 Threat Model
• Blake2b Threat Model
• Blake2s Threat Model
• Blake3 Threat Model
• SHAKE-256 Threat Model
• SipHash Threat Model
• FlatHash Threat Model

Symmetric Encryption (8 algorithms)

• AES-256-GCM Threat Model
• AES-256-CTR Threat Model
• ChaCha20 Threat Model
• ChaCha20-Poly1305 Threat Model
• Ascon-128 Threat Model
• ARIA-256 Threat Model
• Camellia-256 Threat Model
• Deoxys-II Threat Model

Message Authentication (4 algorithms)

• HMAC-SHA256 Threat Model
• HMAC-SHA512 Threat Model
• Poly1305 Threat Model
• CMAC Threat Model

Key Derivation (4 algorithms)

• HKDF-SHA256 Threat Model
• PBKDF2 Threat Model
• Argon2id Threat Model
• BLAKE3-KDF Threat Model

Digital Signatures & Key Exchange (5 algorithms)

• Ed25519 Threat Model
• Ed25519-ZIP215 Threat Model
• Sr25519 Threat Model
• RSA-2048 Threat Model - TRANSITIONAL - Deprecated 2030
• X25519 Threat Model

Random Generation & Utility (2 algorithms)

• HMAC-DRBG Threat Model
• BIP39 Threat Model

Threat Categories

Detailed analysis of specific attack vectors:

Attack Vector Analysis

• Timing Attacks - Timing-based information leakage
• Side-Channel Attacks - Power, EM, cache attacks
• Fault Injection - Physical and software fault attacks
• Quantum Attacks - Shor’s, Grover’s, and other quantum algorithms
• Implementation Attacks - Software vulnerabilities

Risk Assessment Matrix

Overall Algorithm Risk Levels

Algorithm Category	Quantum Risk	Classical Risk	Implementation Risk	Overall Risk
NIST PQC (ML-KEM/DSA/SLH-DSA)	Very Low	Very Low	Medium	Low
Falcon Signatures	Very Low	Very Low	High	Medium
KPQC Algorithms	Very Low	Low	Medium	Low-Medium
Stateful Signatures	Very Low	Very Low	High*	Medium
Classical Symmetric	N/A**	Very Low	Low	Low
Classical Hash	Low***	Very Low	Low	Very Low
Classical Signatures	High**	Very Low	Medium	High*****

State management critical
Grover’s algorithm requires 2x key size
***Grover’s provides quadratic speedup
**Vulnerable to Shor’s algorithm
****Requires migration to PQC

Compliance & Standards

Regulatory Requirements

• NIST: PQC migration by 2030
• CNSA 2.0: Quantum-resistant algorithms by 2025-2033
• EU/ENISA: Following NIST guidelines
• ISO/IEC: Standardization in progress

Industry Standards

• IETF: Protocol specifications for PQC
• ETSI: Quantum-safe cryptography standards
• ITU-T: Telecommunications security standards

Quick Reference

By Security Level

• 128-bit Classical / 64-bit Quantum: Most current algorithms
• 192-bit Classical / 96-bit Quantum: ML-KEM-768, ML-DSA-65
• 256-bit Classical / 128-bit Quantum: ML-KEM-1024, ML-DSA-87, Falcon-1024

By Deployment Priority

1. Immediate: Long-term data encryption (use PQC now)
2. High: Digital signatures for long-lived certificates
3. Medium: TLS/HTTPS connections
4. Low: Short-lived session keys

Threat Intelligence Updates

Last Updated: 2025-10-14

Recent Developments

• Quantum computer progress tracking
• New cryptanalytic techniques
• Implementation vulnerability discoveries
• Standards updates

Related Documentation

• Security API Main Page
• Algorithm Security APIs
• Security Best Practices
• Implementation Guidelines

---

Note: Threat models are reviewed quarterly and updated based on emerging threats and cryptanalytic advances.