Build a post-quantum cryptography library implementing quantum-resistant algorithms like Kyber for key exchange and Dilithium for digital signatures, comparing performance and security properties against classical RSA/AES implementations. This project teaches post-quantum cryptography, forward-looking security design, and demonstrates cryptographic implementation for future-proofing against quantum computing threats.
-
Understand quantum computing threats and post-quantum cryptography by learning that quantum computers with sufficient qubits could break RSA and ECC encryption used today: Shor's algorithm can factor large numbers exponentially faster on quantum computers than classical computers, threatening all current public-key cryptography. Post-quantum cryptography uses algorithms believed resistant to quantum attacks based on different mathematical problems: lattice-based (Kyber, Dilithium), multivariate polynomials, hash-based, and isogeny-based cryptography. Research NIST post-quantum standardization process selecting algorithms (Kyber selected for key encapsulation, Dilithium for digital signatures in 2022).
-
Implement or integrate Kyber key encapsulation mechanism (KEM) using existing libraries like
liboqs-python(open-source post-quantum cryptography library): understand Kyber security: module lattice problem, resistance to known quantum attacks, and performance characteristics. Build key generation (generates public key and private key), encapsulation (sender uses recipient's public key to generate shared secret and ciphertext), and decapsulation (recipient uses private key to recover shared secret). Implement key derivation ensuring shared secrets are suitable for encryption. -
Implement or integrate Dilithium digital signature algorithm using
liboqs-python: understand Dilithium provides digital signatures with quantum-resistant security. Build key generation, signing (create signature proving knowledge of private key), and verification (confirm signature validity using public key). Test correctness: sign messages and verify signatures work correctly, ensure tampered signatures fail verification. -
Create hybrid cryptography combining classical and quantum-resistant algorithms for practical security during transition period: generate both classical RSA/ECDSA and quantum-resistant Dilithium keys, create signatures using both algorithms (either/or or both required). Implement key agreement combining classical Diffie-Hellman with Kyber: compute classical shared secret and quantum-resistant shared secret, combine through KDF (Key Derivation Function) producing composite shared secret. This ensures even if classical crypto is broken later, communication remains secure.
-
Build file encryption tool using hybrid approach: implement AES-256 for bulk data encryption (symmetric crypto used because of performance, quantum computers don't break AES significantly), generate symmetric keys using hybrid key agreement. Sign files with hybrid signatures proving authenticity. Provide intuitive interface for encryption/decryption with key management.
-
Implement performance benchmarking comparing quantum-resistant vs. classical cryptography: measure key generation time, encryption/decryption speed, signature generation/verification time, and key/signature size. Document results: quantum-resistant algorithms typically slower and larger than classical but acceptable for most applications. Create comparison tables and graphs visualizing performance differences.
-
Build security analysis and documentation explaining post-quantum security rationale, hardness assumptions, known attacks and resistance levels. Document migration strategies: organizations should consider transitioning to post-quantum crypto over next 5-10 years before quantum computers become practical threats. Explain "store-now-decrypt-later" attacks: adversaries collect encrypted data today planning to decrypt later with quantum computers (motivates immediate adoption for long-lived sensitive data).
-
Create comprehensive educational documentation explaining quantum computing fundamentals without requiring deep physics knowledge, discussing post-quantum cryptography algorithms and why they're quantum-resistant, providing implementation examples and integration guidance. Discuss limitations (post-quantum algorithms not standardized until recently, fewer implementations than classical crypto, performance and size trade-offs), compare different post-quantum algorithms (lattice-based fastest, multivariate polynomial support smaller keys), and explain how quantum-resistant crypto fits into cryptographic roadmaps. Include use cases (government communications, financial systems, healthcare records needing 20+ year confidentiality). Compare your implementation to established libraries and discuss security considerations for deployment.
- Quantum computing and cryptographic threats
- Post-quantum cryptography algorithms
- Lattice-based cryptography (Kyber, Dilithium)
- Hybrid cryptography combining classical and PQC
- Key encapsulation and digital signatures
- Key derivation functions (KDF)
- Performance analysis and benchmarking
- Cryptographic implementation security
- Migration strategies and transition planning
- Kyber KEM implementation/integration
- Dilithium signature algorithm implementation
- Hybrid key agreement combining classical + PQC
- File encryption/decryption with hybrid crypto
- Hybrid digital signature implementation
- Performance benchmarking framework
- Security analysis and threat modeling
- Migration guidance documentation
- Educational resources and examples