Jump to: navigation, search


Post-Quantum Cryptography (PQCrypto)

Quantum Computers[edit]

Quantum computers are based on the phenomena of quantum mechanics as opposed to classical computers familiar to everyone today. They are made up of qubits that can express many different states simultaneously, solving some types of mathematical problems in near instant time. Assembling a quantum computer is now an engineering problem rather than one impeded by laws of physics - a theoretically imperfect machine can still yield useful results. Such a computer is sought after by every heavy-weight signal intelligence agency because of implications for public-key cryptography systems widely used today. Ciphertext unbreakable by today's classical computers will be shredded into ribbons by a large quantum computer. The Snowden documents reveal that every piece of encrypted data traversing the internet is intercepted and stored indefinitely for decryption should there be a breakthrough. A global arms race by the United States, EU, Russia, China and Israel ensues.

The academic and corporate world estimate that a large quantum computer will be built in 10-15 years from now (as of 2016). Its safe to assume the time is even less for intelligence communities.

What's broken?[edit]

All asymmetric public-key crypto and signature algorithms used today - the type of crypto that protects your communications over the internet.

Symmetric crypto key size strength is halved (256-bit drops down to 128-bit) - the type used for Full Disk Encryption, encrypting data with a passphrase.

All current generation symmetric crypto authenticated modes such as CBC-MAC, PMAC, GMAC, GCM, and OCB are completely broken and this is also also applicable to many CAESAR competition candidates: CLOC, AEZ, COPA, OTR, POET,OMD, and Minalpher. [1]

For more details visit https://pqcrypto.org/

What now?[edit]

The answer is Post-Quantum (PQ) Cryptography. Its a drop in replacement for crypto libraries deployed now except it uses different types of math problems known to be "quantum hard" meaning its just as difficult for a Quantum Computer to solve as it is for Classical ones.

Competent cryptographers are in the process of improving performance of PQ Crypto and designing cipher-suites efficient for everyday use. The Tor Project are planning to migrate to quantum resistant ciphers by version 0.2.9.x.

Tor dev meeting: http://meetbot.debian.net/tor-dev/2016/tor-dev.2016-02-04-13.28.html

Initial recommendations for PQ Crypto algorithms were published September 2015.


This is a listing of Free Software known to known to resist quantum computers and not an endorsement for any particular tool. You are better off setting up arbitrary protocols over Tor Hidden Services once PQ crypto is deployed to mitigate exposure in case of unknown implementation failures in each and every other tool (with the exception of one-time pads that are information theoretically secure).[2]

Informal adoption checklist:[3]

  • Quantum-resistant algorithms have withstood susbstantial cryptanalytic efforts.
  • Crypto libraries written by competent cryptographers and audited for correct implementation.
  • Widely adopted for better blending in.

Setup Guides[edit]


This is a GnuPG-like unix program for encryption and signing that uses only quantum-computer-resistant algorithms:[4][5]

  • McEliece cryptosystem (compact QC-MDPC variant) for encryption
  • Hash-based Merkle tree algorithm (FMTSeq variant) for digital signatures

Codecrypt is free software. The code is licensed under terms of LGPL3 in a good hope that it will make combinations with other tools easier.


Unfortunately not possible to install on Jessie even with apt pinning as it will mix core packages between stable and unstable causing Whonix to break.[6] A supported version has already landed in Stretch however.


AnnealMail is a modified Enigmail implementation built around the Codecrypt PQ-crypto suite. Some interesting features include encrypted subject lines. Until it is packaged for Debian[7][8] it can be easily built from source.

1. Download the build dependencies and execute the commands[9] then install the resulting addon file from Icedove's extension tab.

2. Follow the instructions for setting up AnnealMail with Codecrypt[10]


OneTime[11] is a program that sets up a one-time pad on your computer and protects from reusing pads and shooting yourself in the foot. OneTime is available in Debian.[12] One-time pads are the only provably unbreakable encryption scheme ever invented (assuming a functional/non-backdoored RNG).[13][14]

OneTime can encrypt any kind of file -- it doesn't matter if the file's contents are Base64-encoded or not, because OneTime is not interpreting the contents of the file. It just treats the file as a string of bits. (The same is true of just about all encryption software, by the way; OneTime is not unique in this regard.)

One-time pads should be secure against cryptographic attacks by quantum computers for the same reason they're secure against any other kind of attack: if the encryption key is truly random, and the key is as long as the message, then all possible plaintexts are equally likely. Quantum computers are not telepathic, so there shouldn't be any way they can attack a message properly encrypted with a one-time pad. Indeed, there really is no possible cryptographic attack against such a message. (Of course, using the system in practice can be difficult, due to the logistics of key exchange, but quantum computing won't affect that.)[15]


  • The message and the key are identical in size - but with large hard-disks these days this is not a problem.
  • There is no way to securely contact someone you don't know - you must exchange the pad file in person or by other trustworthy peers. Sending the pad online makes it as strong as the asymmetric crypto you are using.
  • No message integrity. There is no way for the recipient to discover if the ciphertext has been tampered with during transit.
  • You must never ever reuse the pad to encrypt another message. Doing so breaks the the encryption.[16]



  1. [https://arxiv.org/pdf/1602.05973v3.pdf Breaking Symmetric Cryptosystems using Quantum Period Finding]
  2. https://en.wikipedia.org/wiki/Information_theoretic_security
  3. https://forums.whonix.org/t/post-quantum-cryptography-pqc/2011/17
  4. https://github.com/exaexa/codecrypt
  5. http://e-x-a.org/codecrypt/
  6. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839178#38
  7. https://github.com/annealmail/annealmail/issues/10
  8. https://bugs.debian.org/849321
  9. https://github.com/annealmail/annealmail/blob/master/COMPILING
  10. https://github.com/annealmail/annealmail/blob/master/README.md
  11. https://github.com/kfogel/OneTime
  12. https://packages.debian.org/search?searchon=names&keywords=onetime
  13. https://en.wikipedia.org/wiki/One-time_pad
  14. http://users.telenet.be/d.rijmenants/en/onetimepad.htm
  15. https://github.com/kfogel/OneTime/issues/14#issuecomment-218038898
  16. https://en.wikipedia.org/wiki/Venona_project#Decryption

Impressum | Datenschutz | Haftungsausschluss

https | (forcing) onion
Share: Twitter | Facebook | Google+
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! See Conditions for Contributions to Whonix, then Edit! IP addresses are scrubbed, but editing over Tor is recommended. Edits are held for moderation. Whonix (g+) is a licensee of the Open Invention Network. Unless otherwise noted above, the content of this page is copyrighted and licensed under the same Free (as in speech) license as Whonix itself.