Forge 101 — Quantum Nexum

🔒 How Encryption Works Today

Today's encryption (RSA, ECC) relies on math problems that take billions of years to solve on classical computers.

⚠️ Quantum Computers Change Everything

Quantum computers solve those specific problems efficiently. A powerful enough quantum computer could break RSA and ECC in hours.

⚠️ RSA and ECC protect nearly all encrypted communication today. Both will be vulnerable to quantum computers.

🕵️ Harvest Now, Decrypt Later

Attackers can record encrypted traffic today and decrypt it once quantum computers arrive. Long-lived data — medical records, government secrets, financial records — is most at risk.

⏰ When?

NSA guidance (CNSA 2.0) plans for quantum capability by 2035. Data recorded today may still matter when that day arrives.

🧮 Different Problems, Same Job

The fix: use math that quantum computers also find hard. New algorithms do the same jobs as the old ones with different math underneath.

🔓

Old (Quantum Vulnerable)

RSA, ECDSA, X25519

→

🔐

New (Quantum Safe)

ML-KEM, ML-DSA, SLH-DSA

🏛️ NIST Picked the Winners

After an eight-year global competition, NIST published the final post-quantum standards in August 2024:

🔑ML-KEM (FIPS 203) — Key encapsulation. Replaces ECDH and X25519.
✍️ML-DSA (FIPS 204) — Digital signatures. Replaces RSA and ECDSA signatures.
🛡️SLH-DSA (FIPS 205) — Hash-based signatures. Backup option using different math.

✅ These are not experimental. They are published NIST standards with assigned FIPS numbers. They are ready for production use.

📦 The Trade-Off: Size

Post-quantum keys and signatures are significantly larger than classical ones.

RSA-2048
Key

256 B

ML-KEM-768
Key

1.2 KB

ECDSA
Sig

64 B

ML-DSA-65
Sig

3.3 KB

📊 Keys are about 5x larger. Signatures are about 50x larger. This affects bandwidth, storage, and handshake time.

🔀 Hybrid Mode: Use Both

Hybrid mode runs classical and post-quantum algorithms together. If either holds, your data stays safe.

🔐

X25519 + ML-KEM-768

The most common hybrid for TLS. Already supported in Chrome, Firefox, and Cloudflare.

🛡️

Why Hybrid?

If the new math has a flaw, the old math still protects you. If quantum breaks the old math, the new math protects you.

✅ Hybrid mode is the recommended transition approach.

🚀 Try It Yourself

🔧

Forge Tools

Generate PQC keys, test TLS connections, and compare algorithms in your browser.

🌐

Live PKI

Browse a real PKI infrastructure built entirely with post-quantum algorithms.

🥄

Spork 101

Learn about certificate authorities and why they need to switch to new algorithms.

📚

Vault 101

Go back to basics. Encryption and certificates explained from the ground up.

⌨️ Quick Commands

          # Generate a post-quantum key pair

          openssl genpkey -algorithm ML-DSA-65 -out key.pem

          # Test hybrid TLS to a live server

          openssl s_client -connect quantumnexum.com:6443 \

            -groups X25519MLKEM768

Go to Forge Tools Learn About Spork