Skip to content

[W.I.P] adding ML-KEM512 to the iron-session seal and unseal functions. #933

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
MaximKing1 wants to merge 3 commits into
base: main
Choose a base branch
from
Open

[W.I.P] adding ML-KEM512 to the iron-session seal and unseal functions. #933

MaximKing1 wants to merge 3 commits into from

Conversation

@MaximKing1
Copy link

@MaximKing1 MaximKing1 commented Apr 11, 2025

Recently I attended a conference talking about secure implementation's regarding PQC Encryption, due to the latest trends and also the threat of "harvest now, decrypt later" I decided to try and rewrite an implementation of the iron-session lib which uses post quantum encryption under the hood, and falls back to iron-seal if not, this prevents any "harvest now, decrypt later" risk for when quantum computers become more available. Under the hood the session uses ML-KEM512 (formerly known as Kyber-512), a NIST-approved post-quantum key encapsulation mechanism, which provides 128-bit security that's resistant to attacks from quantum computers.

Users can also opt-in with a single flag (usePostQuantum: true) with no breaking changes, this allows people to use the lib as per usual without any breaking changes unless they want to enable it.

This is very much a work in progress, this is the first working build I have which passes every test:

 tests 25
 suites 0
 pass 25
 fail 0
 cancelled 0
 skipped 0
 todo 0
 duration_ms 159.677417

Post-quantum cookie size: 2984 bytes
Detected ML-KEM version: 512
Public key length: 800, Ciphertext length: 768
 should encrypt and decrypt data with post-quantum encryption (7.63525ms)

I have tried to update the README as much as possible, and also added a "When to use it" section. Any feedback or advice would be brilliant.

@MaximKing1
feat(pqc): Started implementing ML-KEM / Kyber
da82314
@MaximKing1
pqc
d5d5163
@MaximKing1
Fixed errors with compression and key size
16930b6 
- Added in compression to help key size using the compressData function which uses the browser's native compression.
- Changed from 1024 to 512, to further help cookie size limits.
- Introduced a more optimised PQSealResult to use a more compact format.
- Added post-quantum seal errors to present a better DX.
- Added tests to deal with post-quantum seal and unseal.
- Added constants for ML-KEM expected sizes.
- Added a function to check the ML-KEM version based on the publicKey/ciphertext lengths, which defaults to 512.
- Combine all components using a more compact format for the PQSeal Results.
-
@vercel
Copy link

vercel bot commented Apr 11, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
iron-session ✅ Ready (Inspect) Visit Preview 💬 Add feedback Apr 11, 2025 7:54am

@vvo vvo self-requested a review July 9, 2025 09:09
@vvo vvo changed the title [W.I.P] adding ML-KEM512 to the iron-session seal and unseal functions. feat(dashboard): add coupons to billing tab Jul 9, 2025
@vvo vvo changed the title feat(dashboard): add coupons to billing tab [W.I.P] adding ML-KEM512 to the iron-session seal and unseal functions. Jul 9, 2025
@vvo vvo removed their request for review August 25, 2025 07:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@MaximKing1