Memory means ensuring the immutability of truth over time. In the physical world, we use archives to preserve our stories. In the digital world, we use cryptography to protect identity, authorship, and trust.
A new threat posed by quantum computers now challenges this foundation. On a massive scale, it will be capable of erasing or falsifying the cryptographic records that define our digital lives.
To protect the integrity of our collective memory and prevent future attackers from stealing identities, I have moved beyond previous cryptographic standards and am today implementing the highest available level of security: post-quantum technology.
The Dual Threat: Shor and Grover
Quantum computing poses two distinct mathematical threats to modern cryptography. To understand the transition to post-quantum standards, it is essential to be familiar with both.
Shor's Algorithm: The Public-Key Destroyer
Shor's algorithm represents the existential threat. It efficiently solves the problems of integer factorization and discrete logarithms—the mathematical underpinnings of almost all classical public-key cryptosystems, including RSA, Diffie-Hellman, and elliptic curve cryptography (ECC). This is not merely a weakening, but a complete break. A sufficiently powerful quantum computer can derive private keys from public keys, thereby undermining fundamental identity systems.
Grover's Algorithm: The Symmetric Weakener
Grover's algorithm targets symmetric cryptography and hash functions. It offers a quadratic speedup for brute-force searches, effectively halving the security strength of a key. This is why AES-256 is so crucial: even after Grover's reduction, it still offers 128 bits of effective security—a level that is practically unbreakable.
The Practical Consequence: Store Now, Decrypt Later
The most immediate threat is the SNDL (Store Now, Decrypt Later) attack. Encrypted traffic, identity credentials, certificates, and signatures can be intercepted today—while classical cryptography is still valid—and stored indefinitely. Once quantum technology matures, these archives can be retroactively decrypted or forged. If our cryptographic foundations fail, we also lose the ability to document our own digital history.
Beyond Obsolete Standards: Why ML-DSA-87?
For years, elliptic curve cryptography—specifically P-384 (ECDSA)—was the gold standard in high-security environments. While P-384 offers approximately 192 bits of classical security, it possesses absolutely no resistance to Shor's algorithm. It was designed for a classical world, and that world is coming to an end.
Therefore, I have implemented ML-DSA-87 for Root CA and signing operations. ML-DSA-87 represents the highest security level among modern lattice-based standards (Category 5), computationally equivalent to AES-256. Choosing this level—rather than the widely adopted ML-DSA-65—ensures that my network's identity is established with the greatest possible security margin available today.
Hardware Reality: AArch64 and the PQC Workload
Post-quantum cryptography is no longer theoretical. It is now deployable, even on routers and mobile devices. I am running a customized OpenSSL 3.5.0 build on an AArch64 MediaTek Filogic 830/880 platform. This SoC is unusually well-suited for post-quantum workloads.
Vector Scaling with NEON
ML-KEM and ML-DSA rely heavily on polynomial arithmetic. ARM NEON vector instructions enable the parallel execution of these operations, thereby significantly reducing TLS handshake latency—even when handling large amounts of PQ key material.
Memory Efficiency
Post-quantum keys are large. A public ML-KEM-1024 key comprises 1568 bytes, compared to 49 bytes for P-384. AArch64's 64-bit address space enables efficient management of these buffers and avoids the fragmentation issues of older architectures.
Technical Verification: Post-Quantum CLI Checks
After installing the customized toolchain on the AArch64 target system, the post-quantum stack can be verified directly.
KEM Verification
openssl list -kem-algorithmsExpected Output:
ml-kem-1024
secp384r1mlkem1024 (high-security hybrid)Signature Verification
openssl list -signature-algorithms | grep -i mlExpected Output:
ml-dsa-87 (256-bit security)The presence of these algorithms confirms that the platform supports both post-quantum key exchange (ML-KEM-1024) and quantum-resistant signatures (ML-DSA-87).
Summary: My AArch64 Post-Quantum Stack
- Library: OpenSSL 3.5.4 (customized AArch64 build)
- SoC: MediaTek Filogic 830 / 880
- Architecture: ARMv8-A (AArch64)
- Key Exchange: ML-KEM-1024 + hybrid
- Identity & Signature: ML-DSA-87
- Security Level: Level 5 (quantum-ready)
- Status: Production-ready
By migrating directly to ML-KEM-1024 and ML-DSA-87, I have bypassed the obsolete bottlenecks of the last decade. My network is no longer preparing for the quantum transition—it has already completed it. The rest of the industry will follow.