Anthropic-Cybersecurity-Skills/skills/performing-post-quantum-cryptography-migration/references/api-reference.md

API Reference: Post-Quantum Cryptography Migration

NIST PQC Standards Summary

FIPS 203 -- ML-KEM (Module-Lattice-Based Key-Encapsulation Mechanism)

Formerly CRYSTALS-Kyber. Primary standard for key exchange and encryption.

Security Levels:

Parameter Set	NIST Level	Public Key	Ciphertext	Shared Secret
ML-KEM-512	Level 1	800 B	768 B	32 B
ML-KEM-768	Level 3	1,184 B	1,088 B	32 B
ML-KEM-1024	Level 5	1,568 B	1,568 B	32 B

Operations:

• KeyGen() -> (ek, dk) -- Generate encapsulation/decapsulation key pair
• Encaps(ek) -> (K, c) -- Encapsulate: produce shared secret K and ciphertext c
• Decaps(dk, c) -> K -- Decapsulate: recover shared secret K from ciphertext

Python (mlkem library):

from mlkem.ml_kem import ML_KEM

ml_kem = ML_KEM(768)  # ML-KEM-768
ek, dk = ml_kem.key_gen()
shared_secret, ciphertext = ml_kem.encaps(ek)
recovered_secret = ml_kem.decaps(dk, ciphertext)
assert shared_secret == recovered_secret

OpenSSL 3.5+ (native):

# Generate ML-KEM-768 key pair
openssl genpkey -algorithm mlkem768 -out mlkem768_key.pem

# Display key details
openssl pkey -in mlkem768_key.pem -text -noout

# Extract public key
openssl pkey -in mlkem768_key.pem -pubout -out mlkem768_pub.pem

FIPS 204 -- ML-DSA (Module-Lattice-Based Digital Signature Algorithm)

Formerly CRYSTALS-Dilithium. Primary standard for digital signatures.

Security Levels:

Parameter Set	NIST Level	Public Key	Secret Key	Signature
ML-DSA-44	Level 2	1,312 B	2,560 B	2,420 B
ML-DSA-65	Level 3	1,952 B	4,032 B	3,293 B
ML-DSA-87	Level 5	2,592 B	4,896 B	4,595 B

Operations:

• KeyGen() -> (pk, sk) -- Generate signing/verification key pair
• Sign(sk, M) -> sigma -- Sign message M with secret key
• Verify(pk, M, sigma) -> bool -- Verify signature on message

OpenSSL 3.5+ (native):

# Generate ML-DSA-65 key pair
openssl genpkey -algorithm mldsa65 -out mldsa65_key.pem

# Extract public key
openssl pkey -in mldsa65_key.pem -pubout -out mldsa65_pub.pem

# Sign a file
openssl dgst -sign mldsa65_key.pem -out signature.bin message.txt

# Verify signature
openssl dgst -verify mldsa65_pub.pem -signature signature.bin message.txt

FIPS 205 -- SLH-DSA (Stateless Hash-Based Digital Signature Algorithm)

Formerly SPHINCS+. Backup signature standard using conservative hash-based approach.

Parameter Sets (SHA2 variants):

Parameter Set	NIST Level	Public Key	Signature (fast)	Signature (small)
SLH-DSA-128	Level 1	32 B	17,088 B	7,856 B
SLH-DSA-192	Level 3	48 B	35,664 B	16,224 B
SLH-DSA-256	Level 5	64 B	49,856 B	29,792 B

Variants: Each level has fast (f) and small (s) variants with SHA2 or SHAKE hash.

Hybrid TLS Configuration

X25519MLKEM768 Key Exchange

The hybrid key exchange combines classical X25519 ECDH with ML-KEM-768 post-quantum KEM. Both must be broken for the handshake to be compromised.

Apache httpd:

# httpd.conf or ssl.conf
SSLEngine on
SSLProtocol -all +TLSv1.2 +TLSv1.3
SSLOpenSSLConfCmd Curves X25519MLKEM768:X25519:prime256v1
SSLCertificateFile /etc/ssl/certs/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.key

NGINX:

server {
    listen 443 ssl;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ecdh_curve X25519MLKEM768:X25519:prime256v1;
    ssl_prefer_server_ciphers on;
    ssl_certificate /etc/ssl/certs/server.crt;
    ssl_certificate_key /etc/ssl/private/server.key;
}

Verification:

# Test hybrid TLS connection
openssl s_client -connect server.example.com:443 -groups X25519MLKEM768

# Verify negotiated group
# Look for "Server Temp Key: X25519MLKEM768" in output

oqs-provider for OpenSSL 3.0+

Installation

# Clone and build oqs-provider
git clone https://github.com/open-quantum-safe/oqs-provider.git
cd oqs-provider
mkdir build && cd build
cmake -DCMAKE_INSTALL_PREFIX=/usr/local ..
make -j$(nproc)
sudo make install

Configuration

# /etc/ssl/openssl-oqs.cnf
openssl_conf = openssl_init

[openssl_init]
providers = provider_sect
ssl_conf = ssl_sect

[provider_sect]
default = default_sect
oqsprovider = oqsprovider_sect

[default_sect]
activate = 1

[oqsprovider_sect]
activate = 1
module = /usr/lib/oqs-provider/oqsprovider.so

[ssl_sect]
system_default = system_default_sect

[system_default_sect]
Groups = x25519_mlkem768:X25519:P-256:P-384
MinProtocol = TLSv1.2

Usage

# Set environment variable
export OPENSSL_CONF=/etc/ssl/openssl-oqs.cnf

# List available PQC algorithms
openssl list -kem-algorithms | grep -i ml
openssl list -signature-algorithms | grep -i ml

# Generate PQC key pair
openssl genpkey -algorithm mlkem768 -out key.pem

# Test hybrid TLS
openssl s_client -connect server:443 -groups x25519_mlkem768

Cryptographic Inventory Scanning

NIST SP 1800-38 Discovery Architecture

+------------------+     +------------------+     +------------------+
| Source Code Scan | --> |                  | --> | Risk Assessment  |
+------------------+    | Central Analysis |     +------------------+
+------------------+    |     Engine       |            |
| Binary Analysis  | -->|  (Normalization  |     +------------------+
+------------------+    |  & Correlation)  |     | Migration        |
+------------------+    |                  |     | Prioritization   |
| Network Traffic  | -->|                  |     +------------------+
+------------------+    +------------------+
+------------------+
| Certificate Scan | -->
+------------------+

Discovery Domains

Domain	What to Scan	Tools
CI/CD Pipeline	Source code, build configs, dependencies	SCA tools, Semgrep
Operational Systems	Running services, installed libraries, key stores	NIST SP 1800-38B tools
Network Services	TLS endpoints, VPN configs, IPsec tunnels	This agent, sslyze, testssl
Certificates	CA chains, code signing certs, TLS certificates	cert-manager, openssl

Quantum-Vulnerable Algorithm Reference

Algorithm	NIST Status (IR 8547)	Quantum Threat	Replacement
RSA (all sizes)	Deprecated 2030, removed 2035	Shor's algorithm	ML-KEM (encryption), ML-DSA (signing)
ECDH / ECDHE	Deprecated 2030, removed 2035	Shor's algorithm	ML-KEM / X25519MLKEM768 hybrid
ECDSA	Deprecated 2030, removed 2035	Shor's algorithm	ML-DSA
DSA	Already deprecated	Shor's algorithm	ML-DSA
DH / DHE	Deprecated 2030, removed 2035	Shor's algorithm	ML-KEM
AES-128	Acceptable with caveat	Grover's halves to 64-bit	AES-256
AES-256	Quantum-safe	Grover's reduces to 128-bit	No change needed
SHA-256	Quantum-safe	Grover's reduces to 128-bit	No change needed
SHA-3	Quantum-safe	Grover's reduces to 128-bit	No change needed

MITRE ATT&CK Relevance

Technique	ID	PQC Relevance
Adversary-in-the-Middle	T1557	Quantum computers can break key exchange in recorded sessions
Encrypted Channel	T1573	Harvest-now-decrypt-later targets encrypted C2 traffic
Steal Application Access Token	T1528	Quantum computers can forge digital signatures
Forge Web Credentials	T1606	Quantum computers can break certificate private keys

References

• NIST PQC Project: https://csrc.nist.gov/projects/post-quantum-cryptography
• FIPS 203 Final: https://csrc.nist.gov/pubs/fips/203/final
• FIPS 204 Final: https://csrc.nist.gov/pubs/fips/204/final
• FIPS 205 Final: https://csrc.nist.gov/pubs/fips/205/final
• NIST IR 8547 (Transition Timeline): https://csrc.nist.gov/pubs/ir/8547/ipd
• NIST SP 1800-38 (Migration Guide): https://www.nccoe.nist.gov/crypto-agility-considerations-migrating-post-quantum-cryptographic-algorithms
• CISA PQC Strategy: https://www.cisa.gov/sites/default/files/2024-09/Strategy-for-Migrating-to-Automated-PQC-Discovery-and-Inventory-Tools.pdf
• Open Quantum Safe: https://openquantumsafe.org/
• oqs-provider GitHub: https://github.com/open-quantum-safe/oqs-provider
• OQS TLS Applications: https://openquantumsafe.org/applications/tls.html
• IETF Hybrid Design Draft: https://datatracker.ietf.org/doc/draft-ietf-tls-hybrid-design/
• kyber-py (Python ML-KEM): https://github.com/GiacomoPope/kyber-py
• ml-kem (Python FIPS 203): https://github.com/AntonKueltz/ml-kem
• CycloneDX Crypto BOM: https://cyclonedx.org/use-cases/cryptographic-key/