DEV Community

Cover image for Introduction to QuantCrypt: A Python Library for Quantum-Resistant Cryptography
Mattias Aabmets
Mattias Aabmets

Posted on

Introduction to QuantCrypt: A Python Library for Quantum-Resistant Cryptography

As we stand on the brink of a quantum computing era, the cryptographic landscape is undergoing a transformative shift. Traditional encryption methods, such as RSA, ECC, and DH, which form the backbone of current internet security, are poised to become vulnerable against the formidable computational capabilities of quantum machines. This impending reality underscores the necessity for quantum-resistant cryptography, which the QuantCrypt library together with the PQClean project seeks to fulfill.

This article explores the features of the QuantCrypt library, its alignment with the Commercial National Security Algorithm (CNSA) Suite advisories by the NSA, and the ongoing NIST Post-Quantum Cryptography (PQC) Standardization efforts, highlighting how it prepares developers for a post-quantum world.

Features

QuantCrypt merges quantum-resistant algorithms with an accessible design and extensive documentation, marking it as an indispensable asset for those looking to protect data against quantum threats. It offers a versatile set of features for secure communication, data integrity, and file protection, addressing modern cryptographic needs. Here are its standout features:

Shared-Secret Exchange: Utilizes advanced KEM algorithms to facilitate the secure exchange of shared secrets between parties. This feature is crucial for establishing secure communication channels, ensuring that the exchanged data remains confidential and tamper-proof.

Signing and Verifying Data: Incorporates DSS algorithms that allow users to sign and verify data, ensuring its integrity and authenticity. This feature is vital for scenarios where the verification of the sender's identity and the integrity of the transmitted data is paramount.

File Signing and Verification: Offers helper methods specifically designed for signing and verifying files of any type and size. This functionality extends the utility of DSS algorithms beyond simple data packets to comprehensive file management.

Symmetric Encryption: Introduces the Krypton Cipher, a symmetric encryption algorithm based on AES-256, that implements additional protection mechanisms for increased data security and brute-force resistance. Krypton uses 64-byte keys, which is double that of basic AES-256. Read more about Krypton from here.

File Encryption and Decryption: The Krypton cipher provides helper methods to encrypt and decrypt files of any type and size using symmetric keys for data encryption and also asymmetric KEM keys in a hybrid cryptosystem.

Detailed Documentation: The library is thoroughly documented either through its GitHub Wiki page or source-code docstrings, which are readily accessible through autocomplete and intellisense helpers of compatible IDE-s.

Argon2 and KKDF (KMAC-KDF) Methods: Incorporates Argon2 and KKDF helper methods, which are integral to the functioning of the Krypton Cipher for key derivation, but are also available for standalone use. These methods provide additional layers of security and flexibility in cryptographic operations.

Comprehensive CLI Support: The majority of QuantCrypt’s functionality, including file encryption, signatures, and generating Post-Quantum Cryptography (PQC) algorithm keys, is accessible via a user-friendly command-line interface, powered by Typer. This feature enables users to integrate and automate QuantCrypt’s capabilities into their workflows efficiently, making Post-Quantum Cryptography accessible for everybody, including those with minimal programming experience.

CNSA and NIST PQC Standardization

The National Institute of Standards and Technology (NIST) is at the forefront of the PQC Standardization effort, aiming to establish a set of secure and efficient cryptographic standards resistant to quantum attacks.

The first event held by NIST on PQC standardization took place on April 2, 2015, nearly nine years ago from today (Feb 5, 2024). The process has evolved so far that on April 10, this year, during the Fifth Conference, we will very likely see the publication of the standardized PQC algorithms. Since NIST has already written draft FIPS proposals 203, 204 and 205, we already know which algorithms are going to be standardized. Note that we might see an additional KEM algorithm being standardized during the conference.

The National Security Agency (NSA), whose task is to protect US National Security Systems information up to the top secret level, has provided us with a helpful timeline for implementing PQC algorithms across various systems. We can see that by the beginning of the next year (2025), multiple essential systems should use PQC algorithms by default:

  • Software and firmware signatures
  • HTTPS connections between web browsers and servers

CNSA Timeline

The combination of these events and timelines has made it possible and even essential to develop these vital PQC libraries for tomorrow, today. The looming danger posed by quantum computers necessitates the migration to quantum-resistant algorithms before the machines become powerful enough to wreak havoc on legacy cryptosystems. This is the goal and purpose of QuantCrypt - to provide the necessary tools in an easily-accessible package to facilitate this migration away from the vulnerable algorithms towards the new standards.

Top comments (0)