Algorithms — QSafe Vault

🔑

ML-KEM

MODULE LATTICE KEY ENCAPSULATION MECHANISM · NIST FIPS 203 (2024)

CRYSTALS-Kyber Lattice-Based MLWE Hardness

ML-KEM (formerly CRYSTALS-Kyber) is the primary NIST post-quantum Key Encapsulation Mechanism, standardized as FIPS 203 in August 2024. It is based on the hardness of the Module Learning With Errors (MLWE) problem over polynomial rings. Even a quantum computer running Shor's algorithm cannot efficiently break MLWE — unlike RSA and Diffie-Hellman, which it destroys.

Problem

Module-LWE

Ring

Z_3329[X]/(X^256+1)

Standard

FIPS 203

Type

KEM

Quantum Safe

YES

Published

Aug 2024

VARIANTSECURITYPK SIZESK SIZECT SIZEUSED FOR

ML-KEM-512128-bit800 B1632 B768 BGeneral purpose

ML-KEM-768192-bit1184 B2400 B1088 BHigh value data

ML-KEM-1024256-bit1568 B3168 B1568 BMaximum security

✍️

ML-DSA

MODULE LATTICE DIGITAL SIGNATURE ALGORITHM · NIST FIPS 204 (2024)

CRYSTALS-Dilithium Lattice-Based MSIS/MLWE

ML-DSA (formerly CRYSTALS-Dilithium) is the NIST post-quantum Digital Signature Algorithm, standardized as FIPS 204. It uses the Fiat-Shamir with Aborts paradigm over module lattices. The hardness relies on MLWE (Module Learning With Errors) and MSIS (Module Short Integer Solution) problems. It replaces ECDSA and RSA signatures in post-quantum contexts.

Problem

MLWE + MSIS

Paradigm

Fiat-Shamir

Standard

FIPS 204

Type

Signature

Quantum Safe

YES

QSafe Uses

ML-DSA-65

VARIANTSECURITYPK SIZESK SIZESIG SIZEUSED IN QSAFE

ML-DSA-44128-bit1312 B2528 B2420 B—

ML-DSA-65192-bit1952 B4000 B3293 B✓ DEFAULT

ML-DSA-87256-bit2592 B4864 B4627 B—

⚡

AES-256-GCM

ADVANCED ENCRYPTION STANDARD · 256-BIT KEY · GALOIS/COUNTER MODE

NIST FIPS 197 Symmetric Authenticated

AES-256-GCM is the industry-standard authenticated encryption algorithm. While not post-quantum by itself, AES-256 remains secure against quantum attacks (Grover's algorithm reduces it to 128-bit equivalent security — still computationally infeasible). In QSafe Vault, AES handles the actual file encryption while ML-KEM provides quantum-safe key exchange. This hybrid approach gives the best of both worlds.

Key Size

256-bit

Block Size

128-bit

Mode

GCM / AEAD

IV Size

96-bit

Auth Tag

128-bit

API

Web Crypto

Comparison

PQC vs Classical Algorithms

How QSafe Vault's algorithms compare to classical cryptography against quantum attacks.

Property	RSA-2048	ECDSA-256	X25519	ML-KEM (Ours)	ML-DSA (Ours)
Quantum Safe	✗ No	✗ No	✗ No	✓ Yes	✓ Yes
NIST Standard	FIPS 186	FIPS 186	RFC 7748	FIPS 203	FIPS 204
Broken by Shor's	✗ Yes	✗ Yes	✗ Yes	✓ No	✓ No
Classical Security	112-bit	128-bit	128-bit	128–256-bit	128–256-bit
Harvest-Now Safe	✗ No	✗ No	✗ No	✓ Yes	✓ Yes
Hard Problem	Factoring	ECDLP	DLP	MLWE	MLWE+MSIS

NIST PQC Journey

From Competition to Standard

2016

NIST PQC Competition Launched

NIST announces a call for post-quantum cryptographic algorithm submissions, recognizing that future quantum computers would break current public-key cryptography.

2017

CRYSTALS Submitted

The CRYSTALS (Cryptographic Suite for Algebraic Lattices) team submits both Kyber (KEM) and Dilithium (signatures) to the NIST competition. 69 total submissions are received.

2019–2022

Multiple Rounds of Evaluation

NIST conducts three public evaluation rounds. Kyber and Dilithium advance through all rounds, demonstrating strong security properties and efficient implementation characteristics.

July 2022

Finalists Announced

NIST announces CRYSTALS-Kyber and CRYSTALS-Dilithium as selected algorithms for standardization, alongside FALCON and SPHINCS+.

August 2024

FIPS 203 & 204 Published

NIST publishes the final standards: FIPS 203 (ML-KEM / Kyber) and FIPS 204 (ML-DSA / Dilithium). These are the algorithms QSafe Vault implements.

Cryptographic Algorithms

ML-KEM

ML-DSA

AES-256-GCM

PQC vs Classical Algorithms

From Competition to Standard

Use These Algorithms