Inhaltsverzeichnis

1. Concepts

Fundamental concepts of post-quantum cryptography and this library.

Contents

Topic Description
1.1 Algorithms ML-DSA, ML-KEM, NIST standards
1.2 Security Threat model, Harvest-Now-Decrypt-Later
1.3 Comparison with .NET 10 Why WvdS instead of Microsoft PQC?

Why Post-Quantum?

The Problem: Classical cryptography (RSA, ECDSA) can be broken by quantum computers. Data intercepted today could be decrypted in the future.

The Solution: Post-quantum algorithms (ML-DSA, ML-KEM) are resistant to quantum attacks. They are standardized by NIST1) and implemented in OpenSSL 3.6+.

Our Approach: Hybrid cryptography - classical and PQ algorithms in parallel. Backward compatible, future-proof.

Library Scope

WvdS.System.Security.Cryptography.Extensions focuses on asymmetric post-quantum cryptography:

In Scope (WvdS) Out of Scope (.NET Built-in)
ML-DSA signatures AES-GCM encryption
ML-KEM key exchange ChaCha20-Poly1305
Hybrid certificates Symmetric encryption
X.509 PQ extensions Hash functions (SHA-256/384/512)

Rule of thumb: Use WvdS only for asymmetric operations (signatures, key exchange, certificates). For symmetric encryption, use the .NET standard library directly.

The Three Crypto Modes

Mode Algorithms Compatibility Usage
Classic RSA, ECDSA, ECDH Universal Legacy systems
Hybrid RSA + ML-DSA, ECDH + ML-KEM Forward/Backward Migration (recommended)
PostQuantum ML-DSA, ML-KEM PQ-capable only New PQ-only systems

flowchart TD START(["Which mode to choose?"]) --> Q1{"All systems
PQ-capable?"} Q1 -->|Yes| Q2{"Backward
compatibility
needed?"} Q1 -->|No| Q3{"OpenSSL 3.6
available?"} Q2 -->|No| PQ["PostQuantum
ML-DSA / ML-KEM"] Q2 -->|Yes| HYB["Hybrid
RSA+ML-DSA / ECDH+ML-KEM"] Q3 -->|Yes| HYB Q3 -->|No| CLS["Classic
RSA / ECDSA / ECDH"] style PQ fill:#4caf50,color:#fff style HYB fill:#2196f3,color:#fff style CLS fill:#ff9800,color:#fff style START fill:#9c27b0,color:#fff

Classic Mode

CryptoConfig.DefaultMode = CryptoMode.Classic;

Only classical algorithms. For legacy compatibility or systems without OpenSSL 3.6. 

CryptoConfig.DefaultMode = CryptoMode.Hybrid;

Both algorithms in parallel. Legacy clients ignore PQ extension, modern ones validate both.

PostQuantum Mode

CryptoConfig.DefaultMode = CryptoMode.PostQuantum;

Only use when all participating systems are PQ-capable!

Override Per-Operation

// Global: Hybrid
CryptoConfig.DefaultMode = CryptoMode.Hybrid;
 
// This operation: PostQuantum
var cert = request.CreateSelfSigned(notBefore, notAfter, CryptoMode.PostQuantum);

Algorithm Overview

→ Details: Algorithms

Signatures (ML-DSA):

Key Exchange (ML-KEM):

Further Reading

Wolfgang van der Stille @ EMSR DATA d.o.o. - Post-Quantum Cryptography Professional

, ,
1)
NIST PQC: https://csrc.nist.gov/projects/post-quantum-cryptography
2)
NIST FIPS 204: https://csrc.nist.gov/pubs/fips/204/final
3)
NIST FIPS 203: https://csrc.nist.gov/pubs/fips/203/final