Post-Quantum Cryptography: We've Already Put It in Your Hands

Post-Quantum Cryptography: We’ve Already Put It in Your Hands

by
Why we’re talking about ML-KEM and ML-DSA only now, when our PQCServer platform has been live and open source for two months.

The context

On May 5, 2026, Proton Mail announced support for post-quantum cryptography for emails between Proton users. It’s an important move and deserves recognition: the email industry needed to see a mainstream player take a stand on “Q-day” — the day quantum computers will render classical asymmetric cryptography (RSA, ECC, Diffie-Hellman) obsolete. But we want to be honest with our users on one point: this is not an industry-wide first. It’s a first for Proton. For two months now, anyone using the Onion Mail ecosystem has had access to an operational post-quantum cryptography platform called PQCServer, built on the same NIST standards Proton just adopted, and with one additional property: the code is fully open source under the AGPL-3.0 license. In this article we explain what post-quantum cryptography is, why it matters, and what you can actually do with our tools today.

Why post-quantum cryptography matters

The cryptography that protects almost all of the Internet today — HTTPS, OpenPGP-encrypted email, Signal messages, banking transactions — relies on mathematical problems considered intractable for classical computers: integer factorization (RSA) and discrete logarithm over elliptic curves (ECC). A sufficiently powerful quantum computer running Shor’s algorithm would break both in polynomial time. Estimates for when such a machine arrives range from 5 to 20 years, but the problem isn’t only in the future. It’s called “harvest now, decrypt later”. State-level actors and well-resourced organizations are already archiving encrypted traffic they can’t currently read, betting they’ll be able to decrypt it tomorrow. Your encrypted emails from 2026 could become readable in 2035. For many use cases — investigative journalism, activism, medical communications, trade secrets — this is a real threat, not a theoretical one. In August 2024, NIST standardized the first quantum-resistant algorithms: ML-KEM (FIPS-203, formerly Kyber) for key exchange and ML-DSA (FIPS-204, formerly Dilithium) for digital signatures. These are the algorithms anyone claiming “post-quantum” must implement. And these are exactly the algorithms PQCServer is built on.

What PQCServer is

PQCServer is a zero-knowledge post-quantum cryptography platform, part of the OnionSearchEngine LLC ecosystem alongside Onion Mail, Onion Drive, and Onion Search Engine. The code is public on GitHub: github.com/onion-search-engine/pqcserver. In concrete terms, it lets you do three things: Generate your own post-quantum keypairs directly in the browser. You go to keygen, generate an ML-KEM pair (for encryption) and an ML-DSA pair (for signing). Private keys are downloaded locally to your device and never leave the browser. Public keys are published to your profile at pqcserver.com/u/yourname, where anyone can fetch them to send you encrypted messages. Send post-quantum encrypted messages to anyone, even without an account. Write the message, pick the recipient (or paste their public key), the browser encrypts everything with ML-KEM + AES-256-GCM, and you get a short link like pqcserver.com/m/xxxxxxxx. Paste it into an email, a chat, an SMS — it works anywhere. The recipient doesn’t need to install anything. Optional: “burn after read” and configurable TTL. Notarize documents with a post-quantum signature. You upload a file (the hash is computed locally, the file never leaves the browser), sign it with your ML-DSA key, the server co-signs with a timestamp, and you receive a JSON receipt that’s publicly verifiable at a permanent URL. It’s the equivalent of a notarial timestamp, but quantum-resistant and without trusted intermediaries. The architecture is zero-knowledge: the server only sees ciphertext it cannot decrypt. All cryptographic operations happen in the browser through the pqc library (a pure JavaScript implementation of ML-KEM and ML-DSA) and the Web Crypto API for AES.

What this means for Onion Mail users

Onion Mail was built around a clear idea: anonymous email over Tor, no personal data, crypto payments. PQCServer extends this philosophy down to the cryptographic layer. Practically speaking, anyone who wants to start protecting their communications today against the “harvest now, decrypt later” threat can: Generate their own PQC keys at pqcserver.com/keygen, share their public profile (pqcserver.com/u/username) with their correspondents, and use PQCServer to exchange post-quantum encrypted messages by attaching the short link to a regular Onion Mail email. The result is a message that travels over Tor, through an anonymous inbox, with a quantum-resistant encrypted payload. For website operators, the embeddable widget lets you add a “send me a post-quantum encrypted message” button with a single line of code — useful for journalists, lawyers, and activists who want to receive tips that stay protected even against the future.

Onion Mail vs Proton: two different approaches to post-quantum

It’s worth being precise about the difference, because it matters for anyone choosing between the two platforms. Proton integrated post-quantum cryptography inside its standard OpenPGP flow, transparently for the user: emails between Proton users are now encrypted with a hybrid scheme (classical + PQ). It’s an elegant approach for a consumer user base, but it’s a closed system: it works inside Proton, between Proton accounts. PQCServer takes a different approach: an explicit, independent, interoperable, open source tool. You generate keys yourself, publish them wherever you want, and the encrypted message travels through any channel (email, chat, forum, printed paper if you want — it’s just a short link). No walled gardens. The code is inspectable, auditable, self-hostable. These are different philosophies, not necessarily competing ones: one prioritizes mass-market user experience, the other technical sovereignty and interoperability. We believe both make sense, and that the real winner of this phase is the industry’s transition to NIST standards. But if you care about full control, code visibility, and not depending on a single provider’s choices, the tool is already in your hands. Has been since March.

Why open source matters, especially for cryptography

There’s an unwritten rule in the cryptographic community: don’t trust crypto you can’t inspect. It applies to RSA, it applies to ECC, and it applies even more to new algorithms like ML-KEM and ML-DSA, where bad implementations can introduce side channels (timing attacks, memory leaks) that void the theoretical security. PQCServer is released under AGPL-3.0, one of the most rigorous open source licenses: anyone can read the code, modify it, run it on their own servers. Anyone distributing modified versions must release their code in turn. This means two things. First, security isn’t an act of faith in Onion Mail. If a researcher finds a flaw, they find it in public code, not in a black box. We have a SECURITY.md for responsible disclosure and we welcome community audits — security audit of the cryptographic implementation is explicitly listed among the areas where we welcome contributions. Second, anyone who wants independent PQC infrastructure — a company, a journalism organization, an NGO operating in hostile regimes — can take the code and self-host it. You’re not locked in to us. It’s the opposite of a walled garden.

What to do today, in 5 minutes

If you want to start protecting your communications against Q-day right now:
  1. Go to pqcserver.com and create an account (no personal data required).
  2. Generate your ML-KEM and ML-DSA keypairs — everything happens in the browser, private keys stay on your device.
  3. Share your public profile link (pqcserver.com/u/username) with your correspondents, including over Onion Mail.
  4. When you receive an important message you want to protect “for the next 30 years”, ask the sender to use PQCServer and send it to you as a short link inside an Onion Mail email.
If you’re a developer or sysadmin and want to self-host the service for your organization, the repo is here: github.com/onion-search-engine/pqcserver. You’ll find INSTALL.md with the full guide, install.sh for automated setup on Ubuntu 22.04/24.04, and instructions for generating your own server signing keys for the notary service.

Conclusion

Proton’s announcement is good news: it means post-quantum cryptography stops being a topic for academic papers and becomes part of the mainstream email experience. We applaud it. But for those who’ve been following us since March, it’s not news. Onion Mail and PQCServer have already made post-quantum cryptography available to real users — built on the same NIST FIPS-203 and FIPS-204 standards — with a different approach: open source, zero-knowledge, interoperable, independent of any closed ecosystem. We don’t know when Q-day will arrive. We only know that, when it does, the emails you encrypt today already need to be protected. The tool is in your hands. Use it.
Onion Mail — Anonymous email over Tor, no personal data, crypto payments. PQCServer — Post-quantum messaging, file vault, and document notary. Open source under AGPL-3.0. onionmail.org · pqcserver.com · github.com/onion-search-engine/pqcserver
Post Views: 89
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted
0
Would love your thoughts, please comment.x
()
x