Lab

Post-quantum cryptography guide

Plain-language explanations of post-quantum cryptography (PQC), security notes, and privacy promises.

Educational demo - don't copy/paste into production

All cryptography runs locally in your browser. Keys and plaintext never leave your device, but this is still a simplified demo.

What this is

Plain-language notes that explain post-quantum cryptography (PQC) terms, sizes, and tradeoffs without the academic jargon. Use it to interpret the demo results and make migration decisions.

Who it's for

Leaders building PQC migration plans.
Engineers who need context for the demos.
Security teams writing stakeholder briefings.

What NIST standardized

NIST finalized the first post-quantum standards as FIPS 203, 204, and 205:

ML-KEM (FIPS 203), derived from CRYSTALS-Kyber.
ML-DSA (FIPS 204), derived from CRYSTALS-Dilithium.
SLH-DSA (FIPS 205), derived from SPHINCS+.

ML-KEM is a KEM

ML-KEM encapsulates a shared secret. It does not encrypt messages by itself. In the demo, the shared secret is turned into a symmetric AES-256 key with HKDF-SHA-256, and then AES-GCM encrypts the message.

Sizes and performance

ML-KEM keys and ciphertexts are larger than classical RSA or ECDH.
ML-DSA signatures are a few kilobytes, but signing is fast.
SLH-DSA signatures are very large and signing is slower by design.

Each demo shows actual sizes from the selected parameter set.

Security notes

This is an educational demo, not production-ready crypto.
Use domain separation and authenticated encryption for real systems.
Parameter sets trade speed, size, and security level.

Privacy promise

Keys and plaintext stay in your browser.
No secrets are sent to the server.
No keys or messages are stored in URL fragments.
Closing the tab forgets in-memory keys.

Implementation

This demo uses the open source @noble/post-quantum library (version 0.5.4) for ML-KEM, ML-DSA, and SLH-DSA operations.