The "Harvest Now, Decrypt Later" Threat
Quantum computers capable of breaking RSA and ECC encryption don't exist yet. But here's the problem: adversaries are already collecting encrypted data today, planning to decrypt it once quantum computers arrive.
For sensitive data that needs to remain confidential for years, this is a real threat.
What is Post-Quantum Cryptography?
Post-quantum cryptography (PQC) uses mathematical problems that are hard for both classical AND quantum computers to solve. In August 2024, NIST standardized three PQC algorithms:
- ML-KEM (Kyber) - Key encapsulation
- ML-DSA (Dilithium) - Digital signatures
- SLH-DSA (SPHINCS+) - Hash-based signatures
Implementing PQC in a Web Application
I recently added PQC support to NoTrust.now, a zero-knowledge secret sharing tool. Here's how:
Key Exchange with ML-KEM-768
// Using crystals-kyber-js library
import { MlKem768 } from 'crystals-kyber-js';
// Receiver generates keypair
const [publicKey, privateKey] = await MlKem768.generateKeyPair();
// Sender encapsulates a shared secret
const [ciphertext, sharedSecret] = await MlKem768.encapsulate(publicKey);
// Receiver decapsulates to get the same shared secret
const decryptedSecret = await MlKem768.decapsulate(ciphertext, privateKey);
Hybrid Approach
For defense in depth, combine PQC with classical crypto:
- Generate ephemeral X25519 keypair (classical)
- Generate ephemeral ML-KEM-768 keypair (post-quantum)
- Combine both shared secrets:
finalKey = HKDF(x25519Secret || kyberSecret)
This ensures security even if one algorithm is broken.
Try It Out
You can test PQC secret sharing at NoTrust.now/createpqc. The encryption happens entirely in your browser - zero-knowledge architecture means the server never sees your plaintext.
Resources
What do you think about PQC adoption? Too early or just in time? Let me know in the comments.
Top comments (0)