Post-Quantum Safe

As industry makes progress in quantum computing technology, traditional cryptographic algorithms, such as Rivest-Shamir-Adleman (RSA), or Elliptic Curve Cryptography (ECC), may become vulnerable to attacks from quantum computers. To address this challenge, Post-Quantum Cryptography (PQC) efforts aim to develop algorithms that remain secure even in the presence of large-scale quantum computers.

In light of this, the AGNTCY will support various post-quantum algorithms, including NIST-approved ones, which are available as optional key types through the AGNTCY's cryptographic interface.

To become familiar with PQC algorithms and naming conventions, please refer to the NIST Post-Quantum Cryptography Project.

Supported PQC Algorithms in the AGNTCY

`CRYSTALS-Dilithium`

Standardized Name: ML-DSA (Module Lattice–based Digital Signature Algorithm)
NIST Standard: FIPS 204
KTY: "AKP"
ALG: "ML-DSA-44" / "ML-DSA-65" / "ML-DSA-87"

🔧 Implementations:

🔒 JWK Integration

PQC algorithms can be represented using the JSON Web Key (JWK) format, with extensions to support new key types:

{
    "kid": "T4xl70S7MT6Zeq6r9V9fPJGVn76wfnXJ21-gyo0Gu6o",
    "kty": "AKP",
    "alg": "ML-DSA-44",
    "pub": "base64url-encoded-public-key",
    "seed": "base64url-encoded-32-byte-seed",
    "priv": "base64url-encoded-private-key"
}

Supported PQC Algorithms in the AGNTCY​

CRYSTALS-Dilithium​

🔧 Implementations:​

🔒 JWK Integration​

Supported PQC Algorithms in the AGNTCY

`CRYSTALS-Dilithium`

🔧 Implementations:

🔒 JWK Integration