About Post-Quantum Cryptography
Post-Quantum Cryptography (PQC) refers to cryptographic algorithms designed to be secure against attacks by quantum computers. As quantum computing advances, traditional public-key cryptography systems like RSA and ECC will become vulnerable.
In 2024, NIST standardized the first set of post-quantum cryptographic algorithms: ML-KEM (FIPS 203) for key encapsulation, ML-DSA (FIPS 204) for digital signatures based on lattice cryptography, and SLH-DSA (FIPS 205) for hash-based digital signatures. These algorithms provide security against both classical and quantum attacks.
Interactive Demonstrations
Hands-on experience with quantum-resistant cryptography
TLS Handshake
Experience a complete post-quantum TLS 1.3 handshake using ML-KEM-768 for key exchange and ML-DSA-65 for authentication. Visualize the entire process step-by-step.
Key Exchange
Perform ML-KEM (Module-Lattice-Based Key Encapsulation Mechanism) key exchanges. Generate key pairs, encapsulate secrets, and establish shared keys securely.
Certificate Issuance
Generate complete X.509 certificate chains using pure ML-DSA-65 or hybrid RSA+ML-DSA. Create quantum-safe certificates for TLS, email, and code signing.
Digital Signature
Sign and verify documents using ML-DSA-65 (FIPS 204) with CAdES format. Generate certificates, sign files, and validate signatures with quantum-safe algorithms.
Signature Verification
Verify CAdES signatures (.p7m files) and analyze certificate chains. Supports both post-quantum algorithms (ML-DSA) and traditional cryptography (RSA, ECDSA). Upload signed documents to validate signatures and inspect certificate details.
Merkle Tree Certificates
Visualize the issuance and verification of Merkle Tree Certificates (IETF PLANTS). Watch the transparency log grow, build Merkle inclusion proofs, sign batches and compare an MTC against a traditional X.509 certificate, with real ML-DSA cryptography.
NIST Standards
NIST (National Institute of Standards and Technology) standards are a set of guidelines, recommendations and technical standards to manage and reduce cybersecurity risks
FIPS 203
Key ExchangeML-KEM (Module-Lattice-Based Key Encapsulation Mechanism)
Enables secure key establishment resistant to quantum attacks. Three parameter sets:
- ML-KEM-512: NIST Level 1 (~128-bit security)
- ML-KEM-768: NIST Level 3 (~192-bit security)
- ML-KEM-1024: NIST Level 5 (~256-bit security)
FIPS 204
Digital SignaturesML-DSA (Module-Lattice-Based Digital Signature Algorithm)
Provides digital signature capabilities based on lattice cryptography. Three security levels available:
- ML-DSA-44: NIST Level 2 (~128-bit security)
- ML-DSA-65: NIST Level 3 (~192-bit security)
- ML-DSA-87: NIST Level 5 (~256-bit security)
FIPS 205
Digital SignaturesSLH-DSA (Stateless Hash-Based Digital Signature Algorithm)
Provides stateless hash-based digital signatures with conservative security assumptions. Three security levels available:
- SLH-DSA-128s/f: NIST Level 1 (~128-bit security, small/fast variants)
- SLH-DSA-192s/f: NIST Level 3 (~192-bit security, small/fast variants)
- SLH-DSA-256s/f: NIST Level 5 (~256-bit security, small/fast variants)