Skip to content
Certivu Docs

Post-Quantum Cryptography

The problem with classical signatures

Section titled “The problem with classical signatures”

RSA and ECDSA — the algorithms behind most HTTPS certificates and code signing today — are broken by Shor’s algorithm running on a sufficiently powerful quantum computer. NIST estimates that cryptographically relevant quantum computers could arrive within 10–15 years.

Content signed today with ECDSA could be retrospectively forged once that compute exists. For provenance infrastructure that’s meant to last — legal evidence, archival records, compliance trails — that’s a problem.

ML-DSA (Dilithium) — NIST FIPS 204

Section titled “ML-DSA (Dilithium) — NIST FIPS 204”

Certivu uses ML-DSA-65 (Module-Lattice Digital Signature Algorithm), standardized as NIST FIPS 204 in August 2024. It’s based on the hardness of lattice problems, which have no known quantum speedup.

Key properties:

PropertyML-DSA-65RSA-2048
Quantum resistant✅ Yes❌ No
Signature size~3.3 KB256 bytes
Public key size~1.3 KB256 bytes
Signing speedFastFast
NIST standardFIPS 204 (2024)PKCS#1
Security levelNIST Level 3~112-bit classical

The larger key and signature sizes are the only real tradeoff — for content provenance, this is trivially acceptable.

How Certivu uses it

Section titled “How Certivu uses it”
content (image)
  → SHA-3-256 hash                    # @noble/hashes
  → canonical JSON of signed_payload  # deterministic serialization
  → ML-DSA-65 sign (private key)      # @noble/post-quantum
  → base64 signature stored in DB

Verification replays the same canonical JSON, then runs ML-DSA.verify(publicKey, message, signature).

The signing library is @noble/post-quantum — a pure TypeScript, audited implementation. The crypto layer is isolated in packages/crypto so the underlying library can be swapped without touching any business logic.

What we never use

Section titled “What we never use”

RSA and ECDSA are not used anywhere in Certivu. Not for signing, not for key exchange, not for tokens. This is a hard constraint in the codebase.

ML-KEM (Kyber) — future

Section titled “ML-KEM (Kyber) — future”

ML-KEM (NIST FIPS 203, formerly Kyber) is the post-quantum key encapsulation mechanism. It’s planned for a future version of Certivu for secure key delivery and generator onboarding — but is not part of the current signing/verification flow.