SecurityPost Quantum

Post-Quantum Cryptography

FIPS 203, 204, and 205 implementation — ML-KEM-1024, ML-DSA-87, SLH-DSA-SHA2-256s. Operational today.

Drok implements post-quantum cryptographic algorithms as specified by NIST's finalized standards. These algorithms are designed to resist attacks by both classical computers and future quantum computers capable of running Shor's algorithm.

This is not on a roadmap. It is operational.

Standards Implemented

FIPS 203 — ML-KEM-1024

Module-Lattice-Based Key-Encapsulation Mechanism. Used for key exchange in SSH transport and internal service-to-service communication.

  • Security level — NIST Level 5 (equivalent to AES-256)
  • Public key size — 1,568 bytes
  • Ciphertext size — 1,568 bytes
  • Shared secret — 32 bytes

FIPS 204 — ML-DSA-87

Module-Lattice-Based Digital Signature Algorithm. Used for commit signing, package signing, and webhook payload signatures.

  • Security level — NIST Level 5
  • Public key size — 2,592 bytes
  • Signature size — 4,627 bytes

FIPS 205 — SLH-DSA-SHA2-256s

Stateless Hash-Based Digital Signature Algorithm. Used as a conservative fallback signature scheme with minimal cryptographic assumptions.

  • Security level — NIST Level 5
  • Public key size — 64 bytes
  • Signature size — 29,792 bytes
  • Signing — Slower than ML-DSA but based on well-understood hash function security

Implementation

Drok's post-quantum implementation is written in Rust using constant-time arithmetic to prevent side-channel attacks. The implementation includes:

  • 87 unit tests covering key generation, encapsulation/decapsulation, signing/verification
  • 7 documentation tests with usage examples
  • Known Answer Tests (KAT) validated against NIST reference vectors
  • Constant-time operations for all secret-dependent computations
  • Zeroization of secret material after use

SSH Key Exchange

Drok supports post-quantum SSH key exchange for organizations that require quantum-resistant transport security.

Configuration

Enable post-quantum SSH on your account:

drok config set ssh.key-exchange ml-kem-1024

Hybrid Mode

By default, Drok uses hybrid key exchange — combining ML-KEM-1024 with X25519. This provides quantum resistance while maintaining compatibility with classical security guarantees:

Key Exchange: X25519 + ML-KEM-1024

If either algorithm is broken, the combined key exchange remains secure as long as the other algorithm holds. This is the recommended configuration.

Pure Post-Quantum Mode

For environments requiring pure post-quantum key exchange:

drok config set ssh.key-exchange ml-kem-1024-only

This mode disables classical key exchange. Use only if your security policy mandates post-quantum-only transport.

Commit Signing

Sign commits with post-quantum signatures:

# Generate an ML-DSA-87 signing key
drok pq-key generate --algorithm ml-dsa-87
 
# Configure Git to use the key
drok pq-key configure-git
 
# Sign commits
git commit -S -m "Quantum-resistant signed commit"

Post-quantum signed commits display a verification badge in the Drok web interface indicating the signature algorithm used.

Package Signing

Packages published from Drok Pipelines can be signed with ML-DSA-87:

# .lehub/pipeline.yml
stages:
  - name: publish
    steps:
      - name: Publish with PQ signature
        run: drok package publish --sign ml-dsa-87

Consumers can verify package signatures:

drok package verify my-org/my-package@1.0.0

Verification

Verify the cryptographic implementation at any time:

drok pq-verify

This runs the full test suite including KAT vectors and outputs:

ML-KEM-1024:      PASS (87/87 tests)
ML-DSA-87:        PASS (87/87 tests)
SLH-DSA-SHA2-256s: PASS (87/87 tests)
KAT Vectors:      PASS (all reference vectors)
Constant-time:    VERIFIED

Why Post-Quantum Now

Quantum computers capable of breaking RSA and elliptic curve cryptography do not exist today. But:

  1. Harvest now, decrypt later — Adversaries can record encrypted traffic today and decrypt it when quantum computers become available
  2. Migration takes years — Cryptographic transitions in large organizations require years of planning and execution
  3. Standards are finalized — NIST published final standards in 2024. The algorithms are ready.

Drok's position is that organizations should not wait for quantum computers to arrive before deploying quantum-resistant cryptography. The migration cost is low today. The cost of delay is potentially catastrophic.

Previous
Security Overview
Next
Zero Trust Architecture