Shipping post-quantum cryptogr... Note

Shipping post-quantum cryptography to Python

Post-quantum cryptography is now readily accessible to the Python ecosystem through the pyca/cryptography library. This update implements support for ML-KEM, a NIST-standard key establishment primitive, and ML-DSA, a NIST-standard digital signature primitive. The U.S. government is accelerating its transition to post-quantum cryptography by December 31, 2030, for key establishment and by December 31, 2031, for digital signatures. The success of this migration hinges on cryptographic libraries like pyca/cryptography, which is used by numerous popular Python projects.The new post-quantum algorithms, while offering quantum resistance, introduce tradeoffs. Public keys, signatures, and ciphertexts are significantly larger than their classical counterparts, and operations are slower. For example, ML-DSA signatures are 3,309 bytes compared to Ed25519's 64 bytes. Similarly, ML-KEM ciphertexts are 1,088 bytes against X25519's 32-byte shared secret. Protocols relying on fixed-size data fields will require adjustments.The pyca/cryptography library now provides Python APIs for using ML-DSA and ML-KEM. ML-DSA is a lattice-based signature scheme, and ML-KEM is a key encapsulation mechanism for establishing shared secrets, fundamentally different from Diffie-Hellman. Work is ongoing for SLH-DSA, NIST's hash-based signature standard, which offers a more conservative approach. The ultimate goal is the integration of these post-quantum primitives into real-world protocols and applications. This foundational work was funded by the Sovereign Tech Agency.