ML-KEM-1024 FIPS 203
Hybrid post-quantum key exchange — X25519 + ML-KEM-1024 — bound under HKDF-SHA-256 with ciphertext binding. A third classical curve (X448) is already exchanged on the wire and is being folded into the session key as additional hardening. Library implementations (liboqs, BouncyCastle, @noble/post-quantum) cross-validated against shared test vectors.
Hybrid Key Exchange
We combine two independent key encapsulation mechanisms — X25519 (classical elliptic) and ML-KEM-1024 (lattice, NIST Level 5) — bound together with HKDF-SHA-256 and a ciphertext-binding label that closes known substitution attacks. If either algorithm is ever broken — classical or quantum — the session secret stays safe. A third curve, X448, is already exchanged during the handshake and is being integrated as further hardening.
- Two independent assumptions today: ECDLP + lattice (a third is in progress)
- HKDF-SHA-256 with ciphertext binding
- Forward-versioned protocol labels for clean migration
Side-channel hardened
ML-KEM uses FIPS 203 §8.3 implicit rejection: an invalid ciphertext produces a pseudo-random value rather than an error — no timing oracle. Tag comparison is constant-time. Memory holding key material is zeroized in two passes with a volatile fence so the compiler cannot elide the wipe.
- Implicit rejection on decapsulation failure (FIPS 203 §8.3)
- Constant-time authentication tag comparison
- Compiler-resistant memory zeroization
Continuous key rotation
Session keys rotate continuously throughout a call. The symmetric chain key advances after a small number of frames, and ephemeral key material is re-derived sub-second. An adversary recovering a key from second N learns nothing about the traffic before N or after the next rotation. Contact trust today relies on Trust-On-First-Use pairing, with stronger multi-tier verification on our roadmap.
- Sub-second forward-secrecy granularity
- TOFU-based trust today — stronger multi-tier model on the roadmap
- Replay protection with sliding sequence window
Architecture
Post-Quantum VPN Tunnel
Post-quantum VPN
A tunnel that quantum computers cannot break.
ML-KEM-1024 + ML-DSA-87 · NIST FIPS 203/204
Endpoint A
Sovereign Silicon
Endpoint B
Sovereign Silicon
Hybrid PQC handshake
Protects today's traffic against tomorrow's quantum computers.
Harvest-now, decrypt-later — neutralized
Captured ciphertext stays opaque even after Q-Day.
Sovereign endpoints
No backdoors, no trusted third party in the path.
The tunnel is terminated only by sovereign silicon at both ends. Keys are negotiated with NIST-standardized post-quantum primitives and bound to hardware identities — nothing in the middle can read it, today or after Q-Day.