Post-quantum cryptography

This page introduces the threat model of post-quantum cryptography (PQC) and explains how Privatemode is designed to be quantum-resistant.

Threat model

The primary threat posed by quantum computers to current cryptographic systems is the ability to break widely used public-key algorithms (like RSA and elliptic curve cryptography). A significant concern is the "store now, decrypt later" (SNDL) attack, also known as "harvest now, decrypt later" (HNDL). In this scenario, an adversary intercepts and stores encrypted traffic today, intending to decrypt it in the future once a sufficiently powerful quantum computer becomes available.

Privatemode encryption overview

Privatemode protects data against both current and future threats, including those from quantum computing, by securing data both in-use and in-transit.

Data in-use

To protect data while being processed, Privatemode uses hardware-based memory encryption provided by AMD SEV and Intel TDX. This encryption is managed directly by the hardware and is transparent to the software.

• AMD SEV: Uses AES encryption.
  • AES-256: Supported on AMD EPYC™ 9004 (Genoa) and 9005 (Turin) series.
• Intel TDX: Uses AES encryption.
  • AES-128: Supported on 4th Gen (Sapphire Rapids) and 5th Gen (Emerald Rapids) Intel® Xeon® Scalable Processors.
  • AES-256: Supported starting with 6th Gen (Granite Rapids) Intel® Xeon® Scalable Processors.

Data in-transit

To protect data as it moves between the client and the service, Privatemode employs strong encryption and quantum-resistant key exchange mechanisms.

Prompt encryption

All prompts are encrypted using AES-256. For more details on the architecture, please refer to the Encryption section.

AES-256 is considered quantum-resistant. While quantum computers equipped with Grover's algorithm could reduce its effective security from 256 to 128 bits, this still requires approximately 2¹²⁸ operations, which is computationally infeasible. Thus, AES-256 remains a robust choice for protecting data against both classical and quantum adversaries.

Key exchange

For key exchange, Privatemode relies on the Go TLS implementation to establish the secure channel between the client and the secret service. This implementation uses a hybrid method that combines classical and post-quantum algorithms, ensuring security against both conventional and quantum attacks.

Privatemode uses X25519MLKEM768, which is a hybrid key exchange mechanism combining:

• X25519: A widely trusted classical elliptic curve Diffie-Hellman (ECDH) algorithm.
• ML-KEM-768: A post-quantum key encapsulation mechanism (KEM) standardized by NIST.

Standardization and adoption

NIST standardization: ML-KEM (Module-Lattice-Based Key-Encapsulation Mechanism) is based on the CRYSTALS-Kyber algorithm. It has been formalized by the National Institute of Standards and Technology (NIST) in FIPS 203. It's the primary standard for general-purpose post-quantum key establishment.

Go and industry adoption: The X25519MLKEM768 hybrid scheme has become the industry standard for securing TLS 1.3 against quantum threats. Starting with Go 1.24, the standard library's crypto/tls package supports X25519MLKEM768 and enables it by default. This ensures that applications built with modern Go versions (including Kubernetes v1.33+) automatically benefit from quantum resistance.

For more background on PQC and the algorithms used, please refer to:

• NIST FIPS 203: Module-Lattice-Based Key-Encapsulation Mechanism Standard
• Go 1.24 Release Notes: New crypto/mlkem package
• BSI TR-02102-1: "Cryptographic Mechanisms: Recommendations and Key Lengths" (Technical Guideline)

Conclusion

Privatemode is designed to be quantum-resistant. By utilizing AES-256 for prompt encryption and hardware memory encryption (on supported generations), along with the X25519MLKEM768 hybrid key exchange, Privatemode protects your data against "store now, decrypt later" attacks and ensures long-term confidentiality.