π― Goal
Understand the threat posed by quantum computing to classical cryptographic algorithms, and get hands-on with emerging post-quantum cryptography (PQC) tools and implementations.
π§ 1. The Quantum Threat
π Problem
Quantum computers (with enough qubits) could:
- Break RSA, DSA, and DH using Shorβs algorithm
- Break elliptic-curve crypto (ECC) like Curve25519
- Render GPG, SSL/TLS, and Bitcoin signatures insecure
Most modern crypto is quantum-vulnerable
π Timeline
| Milestone | Estimate |
|---|---|
| Large-scale quantum | ~10β20 years |
| Store-now-decrypt-later risk | β Now |
| PQC standards | β 2022β2024 (NIST) |
𧬠2. NIST Post-Quantum Algorithms
As of 2024, NIST has selected finalists:
β Approved Algorithms
| Purpose | Algorithm | Type |
|---|---|---|
| Key Encapsulation | Kyber | Lattice-based (Module-LWE) |
| Digital Signatures | Dilithium | Lattice-based (Module-LWE) |
| Signatures (Alt) | Falcon, SPHINCS+ | Hash-based & structured-lattice |
π 3. age + Post-Quantum Plugin
β¨ age-plugin-pq by Filippo Valsorda
Combines Kyber (post-quantum KEM) + X25519 for hybrid encryption.
π¦ Install age (if not already):
sudo apt install age
π¦ Install age-plugin-pq:
mkdir -p ~/.config/age/plugins
cd ~/.config/age/plugins
# Download the prebuilt binary from:
# https://github.com/FiloSottile/age-plugin-pq/releases
chmod +x age-plugin-pq
Verify install:
age-plugin-pq --help
π 4. Generate Post-Quantum Key
age-plugin-pq keygen > pqkey.txt
grep "public key" pqkey.txt > pqkey.pub
Example public key:
# public key: pq-pub1...
π 5. Encrypt & Decrypt with PQ
π Encrypt
age -r pq-pub1abcdef... -o encrypted.txt.age plaintext.txt
π Decrypt
age -d -i pqkey.txt -o plaintext.txt encrypted.txt.age
You are now encrypting with Kyber + X25519 hybrid encryption, secure against classical and quantum adversaries.
π‘ 6. PQ-TLS (Experimental Browsing / Networking)
π TLS Libraries with PQ Support
liboqs+OpenSSL(quantum-safe ciphersuites)- Chrome/Firefox (Cloudflare testnet)
- SSH PQ key types (OpenSSH 9.0+)
π§ͺ Try PQ in OpenSSH (if supported):
ssh-keygen -t x25519-sk # classical + PQ hybrids soon
Check for sntrup761x25519 support in:
ssh -vv user@host
π» 7. Try PQ Signing with openssl + liboqs
π§ͺ Install liboqs + oqs-openssl (if youβre on Linux)
Follow build instructions:
https://github.com/open-quantum-safe/oqs-openssl
You can then generate PQC certs:
./apps/openssl req -new -newkey dilithium3 -keyout pq.key -out pq.csr
Sign and test PQ certs (experimental).
π 8. PQ Resources & Projects
- π
age-plugin-pq: https://github.com/FiloSottile/age-plugin-pq - π§¬
liboqs: Open Quantum Safe project β https://openquantumsafe.org - π PQ TLS test: https://pq.cloudflareresearch.com
- π¦ PQ GPG (experimental): https://github.com/open-quantum-safe/liboqs-pgp
π 9. Journal & Git Commit
βοΈ Reflect on PQCrypto
echo "Bonus 1: Learned about quantum threats to classical crypto. Used age-plugin-pq to encrypt files with Kyber hybrid encryption. Reviewed NIST PQ algorithms and explored experimental TLS + SSH tools." >> notes/bonus1_pqcrypto.md
π¦ Git Commit
git add .
git commit -S -m "Bonus 1 β Post-Quantum Cryptography with Kyber and Dilithium"
β Bonus 1 Checklist
- Understood the threat of quantum computing to RSA/ECC
- Installed
age-plugin-pqand generated PQ keys - Encrypted/decrypted files with Kyber+X25519
- Explored PQTLS and PQSSH concepts
- Wrote journal entry and committed code
π§ Up Next Bonus Suggestions
- Bonus 2: Self-Sovereign Identity (DIDs + Verifiable Credentials)
- Bonus 3: Metadata-Resistant Messaging (Nym, Loopix, Sphinx)
- Bonus 4: Zero-Knowledge Proofs & zkSnarks
- Bonus 5: Privacy-Focused Smart Contracts
π Notes
- Post-quantum readiness is a moving target β monitor NIST, OQS, and browser announcements
- Hybrid crypto (classical + PQ) is currently the best of both worlds
age-plugin-pqis a secure and elegant way to get hands-on with PQC today