Post-Quantum Cryptography Basics

Post-quantum cryptography (PQC) refers to cryptographic algorithms designed to be secure against attacks by both classical and quantum computers.
QuantumSafe is built on current NIST-standardized algorithms and does not guarantee absolute security. This is a quantum-readiness tool, not a quantum-proof solution.

Why PQC?

Today’s public-key cryptography (RSA, ECDSA, EdDSA) relies on mathematical problems that quantum computers can solve efficiently:
ProblemUsed ByQuantum Attack
Integer factorizationRSAShor’s algorithm — polynomial time
Discrete logarithmDSA, DHShor’s algorithm — polynomial time
Elliptic curve discrete logECDSA, EdDSAShor’s algorithm — polynomial time
A sufficiently powerful quantum computer running Shor’s algorithm could break ECDSA (used by Bitcoin, Ethereum, and most blockchains) in hours or minutes. PQC algorithms are based on different mathematical problems that are believed to be hard for both classical and quantum computers.

NIST Standardization

In 2024, NIST published the first three post-quantum cryptographic standards:

FIPS 203 — ML-KEM

Module-Lattice Key Encapsulation Mechanism. For key exchange. Based on CRYSTALS-Kyber. Replaces ECDH/RSA key exchange.

FIPS 204 — ML-DSA

Module-Lattice Digital Signature Algorithm. For signatures. Based on CRYSTALS-Dilithium. Replaces ECDSA/EdDSA.

FIPS 205 — SLH-DSA

Stateless Hash-Based Digital Signature Algorithm. For signatures. Based on SPHINCS+. Conservative, hash-only construction.

ML-DSA (FIPS 204)

ML-DSA is the primary signature algorithm used by QuantumSafe. It is based on lattice problems and offers excellent performance characteristics:
VariantSecurity LevelPublic KeySignatureSpeed
ML-DSA-442 (128-bit)~1.3 KB~2.4 KBFast
ML-DSA-653 (192-bit)~1.9 KB~3.3 KBFast
ML-DSA-875 (256-bit)~2.6 KB~4.6 KBFast
ML-DSA-65 is the recommended default for most use cases. It provides 192-bit security — well above the current 128-bit security of ECDSA on secp256k1.

Trade-offs

  • Larger key sizes compared to ECDSA (1.9 KB vs 33 bytes for a public key)
  • Larger signatures (3.3 KB vs 64 bytes)
  • Very fast signing and verification (comparable to ECDSA)
  • Strong security confidence backed by decades of lattice problem research

SLH-DSA (FIPS 205)

SLH-DSA is a hash-based signature scheme. Its security relies only on the security of hash functions — making it the most conservative choice:
VariantSecurity LevelPublic KeySignatureSpeed
SLH-DSA-128s1 (128-bit)32 B~7.8 KBSlower
SLH-DSA-128f1 (128-bit)32 B~17 KBFaster

Trade-offs

  • Very small public key (32 bytes)
  • Much larger signatures (8-17 KB)
  • Slower signing than ML-DSA
  • Maximum security confidence — relies only on hash functions
SLH-DSA is ideal when you want the most conservative security assumptions. However, it cannot be upgraded to Managed (KMS) mode in future versions.

ML-KEM (FIPS 203)

ML-KEM is a key encapsulation mechanism for establishing shared secrets. While not directly used in QuantumSafe v1 (which focuses on signatures), it is relevant for future encrypted communication features.

Further Reading