Skip to main content

Post Quantum secure your Rust programs

Summary: #

This article talks about how Rust developers can make their applications Quantum secure, What algorithms are safe and which once are not. How does the threat model look like and what can we do now?

What is the deal with Quantum Computers? #

Quantum computers has been talked about for decades, what we only seen in sciense fiction is now becoming a reality and the space is moving very fast according to the latest reports by IBM, Dell and other giants.

Imagine a really tough puzzle: given a huge number that’s been made by multiplying two secret numbers, can you figure out what those original numbers are? Today’s computers find this puzzle almost impossible when the numbers are large, and that difficulty is what protects many of the passwords we use on the internet (example: the locks on your email, login password, banking, secure websites etc).

Shors algorithm #

In 1994, the mathematician Peter Shor discovered a quantum way to solve that puzzle quickly. His method, called Shor’s algorithm, uses the special abilities of quantum computers—things called “super‑position” and “entanglement”—to try many possibilities at once and then let the right answer emerge through a kind of interference pattern. In effect, a quantum computer can factor huge numbers in a shorter timespan, whereas a classical computer would need centuries to do so.

Shor’s algorithm gives quantum computers a shortcut to break the encryption that protects most of our online life.

Roll up your sleeves and start preparing for Quantum threats now by moving to post quantum‑safe cryptography to stay protected.

When will the Threat be here? #

Cryptographer and Privacy advocate Dr. Richard Carback, has created this amazing site where we can track the Quantum Doomsday Clock predicts that quantum computers could break the encryption protecting systems like Bitcoin and online data by March 2028.

To understand what’s required, think of a logical qubit not as a single part, but as a single, perfectly reliable worker. Today’s quantum parts are like easily distracted kindergartners—they make constant errors. A logical qubit is what you get when you link thousands of these error-prone parts together so they constantly check each other’s work, creating one stable, flawless unit.

This date of 2028 is their estimate for when quantum machines will be powerful enough to run algorithms requiring 1,673 of these perfect units to break ECC-256 (used in Bitcoin) and 2,314 to break RSA-2048 (used for web security).

2 years left! #

This is highly debated doe, as other sources predict 5+ years away.
Ed25519 and x25519

What algorithms are at risk? #

ECDSA + Curve25519 #

According to the Quantum Doom Clock website, any cryptocurrency that uses the Elliptic Curve Digital Signature Algorithm (ECDSA), like Bitcoin and Ethereum, is considered not safe against a future quantum computing attack.

Bitcoin and Ethereum will be at Risk! #

Accounts made with ECDSA such as Bitcoin accounts, researchers are indicating that a bit over 6million bitcoin is at Risk.
https://www.chainalysis.com/blog/quantum-computing-crypto-security/

SSH is at risk! #

One of the most used cryptographic key exchanges that happens everyday and every minute, is ssh, According to the offical OpenSSH website, the software is using quantum secure key exchange since version 9, released in April 2022 and made post quantum default in April 2025. Source:
https://www.openssh.org/pq.html

But that leaves a large chunk of out of date internet connected devices.

According to the internet cartographer Shodan, 25 482 708 servers are running an OpenSSH version that is lower than 9.

https://www.shodan.io/search?query=product%3AOpenssh+%22OpenSSH_6%22 https://www.shodan.io/search?query=product%3AOpenssh+%22OpenSSH_7%22 https://www.shodan.io/search?query=product%3AOpenssh+%22OpenSSH_8%22 https://www.shodan.io/search?query=product%3AOpenssh+%22OpenSSH_4%22 https://www.shodan.io/search?query=product%3AOpenssh+%22OpenSSH_5%22

The OpenSSH developers have issued several calls to action to users to upgrade there systems to a >9 version of OpenSSH, in order to avoid a “store now, decrypt later” scenario where bad actors are storing all your data and once they are able to decrypt it(in 2-5 years time), they will do so. Switch to post quantum today!

Post-Quantum Cryptography with Nist #

“It is critical to begin planning for replacement of hardware, software, and services that use public-key algorithms now so that the information is protected from future attacks” - Nist

Nist is continously pushing towards more adoption of Post Quantum safe cryptography, catch up with the latest Nist Quantum news:

https://nvlpubs.nist.gov/nistpubs/ir/2022/NIST.IR.8413-upd1.pdf https://csrc.nist.gov/Projects/post-quantum-cryptography/round-4-submissions https://csrc.nist.gov/projects/post-quantum-cryptography https://www.nccoe.nist.gov/crypto-agility-considerations-migrating-post-quantum-cryptographic-algorithms

The future of Lattice based Cryptography #

Imagine standing in front of this wooden lattice fence. This grid of overlapping slats creates a regular, repeating set of open spaces.

Your secret key is a specific, simple sequence of moves: “go right 3 slats, then up 2 slats.” This path leads to one specific, open square in the fence—your public key.

The Hard Problem: #

For an attacker who only sees that final square, finding your simple, original path is incredibly difficult. They are lost in the grid, with countless possible “right/up” combinations to check. The direct path is hidden by the overlapping structure.

Quantum computers are brilliant at solving neat puzzles, but this is a messy search problem in a dense thicket. There’s no clever shortcut; they are forced to guess and check an overwhelming number of paths, just like a classical computer. This lack of a quantum advantage makes the lattice fence a powerful, quantum-resistant shield.

Real world examples of Lattice based cryptography systems: #

Kyber #

Kyber aka ML-KEM is one of the most promise looking quantum-safe Key Encapsulation Mechanism, there are already traction for it in the community, Designed to be secure against attacks from both classical and quantum computers. It was developed as part of the NIST Post-Quantum Cryptography Standardization Project and has been selected as one of the algorithms for standardization under FIPS-203.

Dilithium #

We are not talking about the fictonal Dilithium metal from Star Treck, what we are taking about is the quantum safe digital signature scheme. Dilithium is also designed to be able to replace current digital signatures made with RSA and ECDSA.

CRYSTALS-Dilithium: A Lattice-Based Digital Signature Scheme

FALCON #

This is another NIST-standardized signature scheme. It offers even smaller signature sizes than Dilithium but is significantly more complex to implement correctly, as it requires very high precision floating-point arithmetic, which can be a source of vulnerabilities.

Picnic #

https://microsoft.github.io/Picnic/

Code-Based Cryptography: #

This approach dates back to the 1970s with the McEliece cryptosystem.

How it works: #

It hides a message by encoding it with a random-looking error-correcting code and then intentionally adding errors. The legitimate recipient knows the secret structure of the code to remove the errors, but an attacker faces the NP-hard “Syndrome Decoding Problem.”

Pros: It has withstood cryptanalysis for over 40 years and is considered very robust. Decryption is extremely fast.

Cons: The major disadvantage is the enormous size of the public key (hundreds of kilobytes to over a megabyte), which makes it impractical for some applications.

Read more here: https://en.wikipedia.org/wiki/McEliece_cryptosystem

What Rust crates should i use? #

Post Quantum safe cryptography crates: #

Moar post quantum crates: https://crates.io/keywords/post-quantum?sort=downloads

What Rust crates should I avoid? #

  • ed25519-dalek
  • x25519-dalek
  • curve25519-dalek

Try to avoid all key exchanges that rely on Curve255190

Non‑quantum‑safe rust example: # 

use x25519_dalek::{x25519, PublicKey, StaticSecret};
use rand::rngs::OsRng;

fn main() {
    // Generate Alice's key pair
    let alice_secret = StaticSecret::new(OsRng);
    let alice_public: PublicKey = (&alice_secret).into();

    // Generate Bob's key pair
    let bob_secret = StaticSecret::new(OsRng);
    let bob_public: PublicKey = (&bob_secret).into();

    // Alice and Bob exchange their public keys

    // Alice computes the shared secret
    let alice_shared_secret = x25519(alice_secret.to_bytes(), bob_public.as_bytes());

    // Bob computes the shared secret
    let bob_shared_secret = x25519(bob_secret.to_bytes(), alice_public.as_bytes());

    // Check if the shared secrets match
    if alice_shared_secret == bob_shared_secret {
        println!("Shared secrets match!");
        println!("Shared secret: {:?}", alice_shared_secret);
    } else {
        println!("Shared secrets do not match!");
    }
}

How to make it better?

Kyber Quantum safe: # 

use pqcrypto_kyber::kyber768;
use rand::rngs::OsRng;

fn main() {
    // Generate Alice's key pair
    let mut alice_rng = OsRng;
    let (alice_pk, alice_sk) = kyber768::keypair(&mut alice_rng);

    // Generate Bob's key pair
    let mut bob_rng = OsRng;
    let (bob_pk, bob_sk) = kyber768::keypair(&mut bob_rng);

    // Alice generates a ciphertext and a shared secret
    let mut alice_rng = OsRng;
    let (alice_ciphertext, alice_shared_secret) = kyber768::encapsulate(&bob_pk, &mut alice_rng);

    // Bob decapsulates the ciphertext to get the shared secret
    let bob_shared_secret = kyber768::decapsulate(&alice_ciphertext, &bob_sk);

    // Check if the shared secrets match
    if alice_shared_secret == bob_shared_secret {
        println!("Shared secrets match!");
        println!("Shared secret: {:?}", alice_shared_secret);
    } else {
        println!("Shared secrets do not match!");
    }
}

“omg, I just found out that my code base has non quantum safe code, what should I do?”

Prepare for a Quantum Safe release: #

1: Pin point your crypto stack: #

Analyze you crates and depencies, is anyone of them using RSA-1024 or Curve 25519?

2: Replace with new lattice based cryptography #

Future #

Cryptographer’s are whispering about the holy grail of cryptography that may be possible in the future: Indistinguishability obfuscation.

https://cryptography.rs/
https://github.com/rustcrypto
https://eprint.iacr.org/2020/1003.pdf
https://simons.berkeley.edu/talks/sora-suegami-ethereum-foundation-machina-io-2025-06-24
https://github.com/The-DevX-Initiative/RCIG_Coordination_Repo?tab=readme-ov-file
Satus Report on the Fourth Round of the NIST Post-Quantum Cryptography Standardization Process https://en.wikipedia.org/wiki/Lattice-based_cryptography
https://en.wikipedia.org/wiki/Kyber

Nov 24, 2025
https://blog.rust.careers/post/quantum_safe_rust_cryptography/ Rust Careers