Why Your Secret Sharing Tool Needs Post-Quantum Cryptography Today

Whaaat! — Mon, 12 Jan 2026 21:24:02 +0000

The "Harvest Now, Decrypt Later" Threat

Quantum computers capable of breaking RSA and ECC encryption don't exist yet. But here's the problem: adversaries are already collecting encrypted data today, planning to decrypt it once quantum computers arrive.

For sensitive data that needs to remain confidential for years, this is a real threat.

What is Post-Quantum Cryptography?

Post-quantum cryptography (PQC) uses mathematical problems that are hard for both classical AND quantum computers to solve. In August 2024, NIST standardized three PQC algorithms:

ML-KEM (Kyber) - Key encapsulation
ML-DSA (Dilithium) - Digital signatures
SLH-DSA (SPHINCS+) - Hash-based signatures

Implementing PQC in a Web Application

I recently added PQC support to NoTrust.now, a zero-knowledge secret sharing tool. Here's how:

Key Exchange with ML-KEM-768

// Using crystals-kyber-js library
import { MlKem768 } from 'crystals-kyber-js';

// Receiver generates keypair
const [publicKey, privateKey] = await MlKem768.generateKeyPair();

// Sender encapsulates a shared secret
const [ciphertext, sharedSecret] = await MlKem768.encapsulate(publicKey);

// Receiver decapsulates to get the same shared secret
const decryptedSecret = await MlKem768.decapsulate(ciphertext, privateKey);

Hybrid Approach

For defense in depth, combine PQC with classical crypto:

Generate ephemeral X25519 keypair (classical)
Generate ephemeral ML-KEM-768 keypair (post-quantum)
Combine both shared secrets: finalKey = HKDF(x25519Secret || kyberSecret)

This ensures security even if one algorithm is broken.

Try It Out

You can test PQC secret sharing at NoTrust.now/createpqc. The encryption happens entirely in your browser - zero-knowledge architecture means the server never sees your plaintext.

Resources

What do you think about PQC adoption? Too early or just in time? Let me know in the comments.

DEV Community: Whaaat!