Remembrance is the act of ensuring that truth remains immutable over time. In the physical world, we rely on archives to preserve our stories. In the digital world, we rely on cryptography to preserve identity, authorship, and trust. A new threat from quantum computing now challenges that foundation. At scale, it will be capable of erasing or forging the cryptographic records that define our digital lives.
To protect the integrity of collective memory, and to ensure that identity cannot be harvested by future adversaries, I have moved beyond legacy cryptographic standards and implemented the highest level of post-quantum security available today.
The Dual Threat: Shor and Grover
Quantum computing introduces two distinct mathematical threats to modern cryptography. Understanding the shift to post-quantum standards requires understanding both.
Shor’s Algorithm: The Public Key Breaker
Shor’s algorithm is the existential threat. It efficiently solves the integer factorization and discrete logarithm problems that underpin nearly all classical public key cryptography, including RSA, Diffie-Hellman, and elliptic curve systems (ECC). This is not a degradation; it is a total break. A sufficiently powerful quantum computer can derive a private key from a public key, rendering classical identity systems fundamentally unsafe.
Grover’s Algorithm: The Symmetric Squeezer
Grover’s algorithm targets symmetric cryptography and hash functions. It provides a quadratic speedup for brute force searches, effectively halving the security strength of a key. This is why AES-256 matters: even after Grover’s reduction, it retains 128 bits of effective security.
The Practical Consequence: Store Now, Decrypt Later
The most immediate danger is the Store Now, Decrypt Later (SNDL) attack. Encrypted traffic, identity assertions, certificates, and signatures can be harvested today while classical cryptography still holds, then stored indefinitely. Once quantum capability matures, those archives can be retroactively decrypted or forged. If our cryptographic foundations fail, our ability to bear witness to our own digital history fails with them.
Moving Beyond Legacy Standards: Why ML-DSA-87
For years, the gold standard in high security environments was elliptic curve cryptography, particularly P-384 (ECDSA). While P-384 provides roughly 192 bits of classical security, it offers zero resistance to Shor’s algorithm. It was designed for a classical world, and that world is ending.
For this reason, I have implemented ML-DSA-87 for root CA and signing operations. ML-DSA-87 is the highest security tier defined in FIPS 204, providing Category 5 security, computationally equivalent to AES-256. Choosing this level, rather than the more common ML-DSA-65, ensures that the identity of my network is built with the largest possible security margin available today.
Hardware Reality: aarch64 and the PQC Load
Post-quantum cryptography is no longer theoretical. It is deployable now, even on routers and mobile class hardware. I am running a custom OpenSSL 3.5.0 build on an aarch64 Mediatek Filogic 830/880 platform. This SoC is unusually well suited for post-quantum workloads.
Vector Scaling with NEON
ML-KEM and ML-DSA rely heavily on polynomial arithmetic. ARM NEON vector instructions allow these operations to be performed in parallel, significantly reducing TLS handshake latency even with large PQ key material.
Memory Efficiency
Post-quantum keys are large. An ML-KEM-1024 public key is 1568 bytes versus 48 bytes for P-384. The 64-bit address space of aarch64 allows these buffers to be managed cleanly, avoiding the fragmentation and pressure issues seen on older architectures.
Technical Verification: Post-Quantum CLI Checks
After installing the custom toolchain on the aarch64 target, the post-quantum stack can be verified directly.
KEM Verification
openssl list -kem-algorithmsExpected Output:
ML-KEM-1024
SecP384r1MLKEM1024 (High-security Hybrid)Signature Verification
openssl list -signature-algorithms | grep -i mlExpected Output:
ML-DSA-87 (256-bit security)The presence of these algorithms confirms that the SoC can verify post-quantum signed certificates, protecting against quantum impersonation attacks. In practice, signature verification latency is acceptable once optimized for ARMv8-A.
Summary: My aarch64 Post-Quantum Stack
- Library: OpenSSL 3.5.0 (custom aarch64 build)
- SoC: Mediatek Filogic 830 / 880
- Architecture: ARMv8-A (aarch64)
- Key Exchange: ML-KEM-1024 + hybrids
- Identity & Signing: ML-DSA-87
- Compliance Target: CNSA 2.0
- Status: Production-ready
By moving directly to ML-KEM-1024 and ML-DSA-87, I have bypassed the legacy bottlenecks of the past decade. My network is no longer preparing for the quantum transition; it has already crossed it. The rest of the industry will follow.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.