Post-Quantum Algorithms
Quantum-resistant cryptographic algorithms designed to withstand attacks from quantum computers.
Available Post-Quantum Algorithms
Key Encapsulation Mechanisms (KEMs)
ML-KEM-768 (Kyber)
NIST-standardized lattice-based key encapsulation mechanism.
- Security Level: NIST Level 3 (192-bit equivalent)
- Public Key: 1,184 bytes
- Ciphertext: 1,088 bytes
- Shared Secret: 32 bytes
- Use Cases: TLS, VPN, secure messaging
Digital Signatures
Dilithium (ML-DSA)
NIST-standardized lattice-based digital signature algorithm.
- Security Levels: 2, 3, 5 (128, 192, 256-bit equivalent)
- Public Key: 1,312 bytes (Level 2)
- Signature: 2,420 bytes (Level 2)
- Use Cases: Code signing, document authentication
Falcon-512
Compact lattice-based signatures with smaller key sizes.
- Security Level: NIST Level 1 (128-bit equivalent)
- Public Key: 897 bytes
- Signature: ~690 bytes (variable)
- Use Cases: Constrained environments, IoT
Alternative KEMs
NTRU Prime
Alternative lattice-based KEM with different security assumptions.
- Security Level: 128-bit equivalent
- Public Key: 1,230 bytes
- Ciphertext: 1,047 bytes
- Use Cases: Diversification, research applications
Algorithm Comparison
| Algorithm | Type | Security Level | Public Key Size | Signature/CT Size |
|---|---|---|---|---|
| ML-KEM-768 | KEM | 192-bit | 1,184 bytes | 1,088 bytes |
| Dilithium-2 | Signature | 128-bit | 1,312 bytes | 2,420 bytes |
| Dilithium-3 | Signature | 192-bit | 1,952 bytes | 3,293 bytes |
| Falcon-512 | Signature | 128-bit | 897 bytes | ~690 bytes |
| NTRU Prime | KEM | 128-bit | 1,230 bytes | 1,047 bytes |
Security Considerations
Quantum Threat Timeline
- Current: Classical computers cannot break these algorithms
- Near-term: Quantum computers pose no immediate threat
- Long-term: Large-scale quantum computers would break RSA/ECC
Migration Strategy
- Hybrid Approach: Combine classical + post-quantum algorithms
- Gradual Transition: Start with less critical applications
- Algorithm Agility: Design systems to easily swap algorithms
- Performance Testing: Evaluate impact on system performance
Performance Characteristics
Speed Rankings
- ML-KEM-768: Fast key generation and encapsulation
- NTRU Prime: Moderate performance
- Falcon-512: Fast verification, slower signing
- Dilithium: Moderate performance, larger sizes
Memory Requirements
- Low: Falcon-512 (stack-based)
- Medium: ML-KEM-768, NTRU Prime
- High: Dilithium (matrix operations)
Use Case Recommendations
For TLS/Network Protocols
- Primary: ML-KEM-768 for key exchange
- Signatures: Dilithium-2 or Falcon-512
- Hybrid: Combine with X25519 + Ed25519
For Code Signing
- Recommended: Dilithium-3 (higher security)
- Alternative: Falcon-512 (smaller signatures)
- Transition: Dual signatures during migration
For IoT/Embedded
- Preferred: Falcon-512 (compact)
- Alternative: ML-KEM-768 (if memory allows)
- Consideration: Power and bandwidth constraints
For Long-term Storage
- Recommended: Dilithium-5 (highest security)
- Backup: Multiple algorithm signatures
- Future-proofing: Plan for algorithm updates
Implementation Status
All post-quantum algorithms in MetaMUI Crypto Primitives are:
- ✅ NIST-compliant implementations
- ✅ Constant-time where applicable
- ✅ Cross-platform compatible
- ✅ Extensively tested with official test vectors
- ✅ Ready for production use
Standards and Specifications
- NIST PQC: Post-Quantum Cryptography Standardization
- ML-KEM: FIPS 203 (Module-Lattice-Based Key-Encapsulation Mechanism)
- ML-DSA: FIPS 204 (Module-Lattice-Based Digital Signature Algorithm)
- Falcon: NIST Round 3 Submission
- NTRU Prime: Specification