Post-Quantum Cryptography MCP Server
Enables AI assistants to perform quantum-resistant cryptographic operations using NIST-standardized algorithms including ML-KEM, ML-DSA, and SPHINCS+. Supports key generation, encryption, digital signatures, and security analysis for post-quantum cryptography research and development.
README
Post-Quantum Cryptography MCP Server
A Model Context Protocol (MCP) server that provides post-quantum cryptographic operations using Open Quantum Safe's liboqs. Enables AI assistants like Claude to perform quantum-resistant cryptographic operations including key generation, encryption, signing, and verification.
Why Post-Quantum Cryptography?
Current cryptographic systems (RSA, ECC, ECDSA) will be broken by quantum computers running Shor's algorithm. NIST has standardized new quantum-resistant algorithms:
| Standard | Algorithm | Type | Status |
|---|---|---|---|
| FIPS 203 | ML-KEM (Kyber) | Key Encapsulation | Finalized 2024 |
| FIPS 204 | ML-DSA (Dilithium) | Digital Signature | Finalized 2024 |
| FIPS 205 | SLH-DSA (SPHINCS+) | Hash-based Signature | Finalized 2024 |
This MCP server makes these algorithms accessible to AI agents for research, development, and integration.
Features
- 32 Key Encapsulation Mechanisms (KEMs): ML-KEM, FrodoKEM, HQC, BIKE, Classic McEliece
- 221 Signature Algorithms: ML-DSA, Falcon, SPHINCS+, MAYO, CROSS, UOV
- Full MCP Integration: Works with Claude Desktop, Claude Code, Cursor, and any MCP client
- NIST Standards Compliant: Implements FIPS 203, 204, and 205 algorithms
- Security Analysis: Compare classical vs quantum security levels
Quick Start
Prerequisites
Installation
1. Install liboqs
macOS (Homebrew with shared library):
# Homebrew only provides static library, build from source for shared:
git clone --depth 1 --branch 0.15.0 https://github.com/open-quantum-safe/liboqs.git
cd liboqs && mkdir build && cd build
cmake -DBUILD_SHARED_LIBS=ON -DCMAKE_INSTALL_PREFIX=$HOME/.local ..
make -j4 && make install
Ubuntu/Debian:
sudo apt-get install liboqs-dev
2. Clone and Install
git clone https://github.com/scottdhughes/post-quantum-mcp.git
cd post-quantum-mcp
# Create virtual environment with Python 3.10+
uv venv --python 3.10 .venv
source .venv/bin/activate
# Install dependencies
uv pip install liboqs-python "mcp>=1.0.0"
3. Configure Claude Code / Claude Desktop
Add to your MCP configuration:
Claude Code (~/.claude.json):
{
"mcpServers": {
"pqc": {
"type": "stdio",
"command": "/path/to/post-quantum-mcp/run.sh",
"args": [],
"env": {}
}
}
}
Claude Desktop (claude_desktop_config.json):
{
"mcpServers": {
"pqc": {
"command": "/path/to/post-quantum-mcp/run.sh"
}
}
}
Available Tools
pqc_list_algorithms
List all available post-quantum algorithms.
Input: { "type": "kem" | "sig" | "all" }
Output: List of available algorithms with NIST standard mappings
pqc_algorithm_info
Get detailed information about a specific algorithm.
Input: { "algorithm": "ML-KEM-768" }
Output: Key sizes, security level, performance characteristics
pqc_generate_keypair
Generate a quantum-resistant key pair.
Input: { "algorithm": "ML-DSA-65" }
Output: Base64-encoded public and secret keys
pqc_encapsulate
Perform key encapsulation (create shared secret).
Input: { "algorithm": "ML-KEM-768", "public_key": "<base64>" }
Output: Ciphertext and shared secret
pqc_decapsulate
Recover shared secret from ciphertext.
Input: { "algorithm": "ML-KEM-768", "secret_key": "<base64>", "ciphertext": "<base64>" }
Output: Shared secret
pqc_sign
Sign a message with a post-quantum signature.
Input: { "algorithm": "ML-DSA-65", "secret_key": "<base64>", "message": "Hello, quantum world!" }
Output: Base64-encoded signature
pqc_verify
Verify a post-quantum signature.
Input: { "algorithm": "ML-DSA-65", "public_key": "<base64>", "message": "...", "signature": "<base64>" }
Output: { "valid": true/false }
pqc_hash_to_curve
Hash a message using quantum-safe hash functions.
Input: { "message": "data", "algorithm": "SHA3-256" | "SHA3-512" | "SHAKE128" | "SHAKE256" }
Output: Digest in hex and base64
pqc_security_analysis
Analyze security properties of an algorithm.
Input: { "algorithm": "ML-KEM-768" }
Output: NIST level, classical/quantum security equivalents, Grover/Shor resistance
Supported Algorithms
Key Encapsulation Mechanisms (KEMs)
| Algorithm | NIST Level | Public Key | Ciphertext | Shared Secret |
|---|---|---|---|---|
| ML-KEM-512 | 1 | 800 B | 768 B | 32 B |
| ML-KEM-768 | 3 | 1,184 B | 1,088 B | 32 B |
| ML-KEM-1024 | 5 | 1,568 B | 1,568 B | 32 B |
| FrodoKEM-640 | 1 | 9,616 B | 9,720 B | 16 B |
| HQC-128 | 1 | 2,249 B | 4,481 B | 64 B |
Digital Signatures
| Algorithm | NIST Level | Public Key | Signature | Notes |
|---|---|---|---|---|
| ML-DSA-44 | 2 | 1,312 B | 2,420 B | Balanced |
| ML-DSA-65 | 3 | 1,952 B | 3,309 B | Recommended |
| ML-DSA-87 | 5 | 2,592 B | 4,627 B | High security |
| Falcon-512 | 1 | 897 B | 653 B | Smallest sigs |
| Falcon-1024 | 5 | 1,793 B | 1,280 B | Compact |
| SPHINCS+-SHA2-128f | 1 | 32 B | 17,088 B | Stateless, hash-based |
| SPHINCS+-SHA2-256f | 5 | 64 B | 49,856 B | Maximum security |
Example Usage with Claude
Once configured, you can ask Claude:
"Generate an ML-KEM-768 keypair and show me the security analysis"
"Sign the message 'Hello quantum world' using ML-DSA-65 and verify it"
"Compare the signature sizes of Falcon-512 vs SPHINCS+-SHA2-128f"
"What's the quantum security level of ML-KEM-1024?"
Architecture
post-quantum-mcp/
├── pqc_mcp_server/
│ ├── __init__.py # Main MCP server implementation
│ └── __main__.py # Entry point
├── run.sh # Wrapper script (sets DYLD_LIBRARY_PATH)
├── pyproject.toml # Package configuration
└── README.md
Security Considerations
- Key Storage: This server generates keys in memory. For production use, implement secure key storage.
- Side Channels: liboqs implementations aim to be constant-time but may not be suitable for all threat models.
- Algorithm Selection: ML-KEM and ML-DSA are NIST-approved. Other algorithms are experimental.
- Version Compatibility: Ensure liboqs version matches liboqs-python expectations.
Development
# Run tests
python -m pytest tests/
# Format code
python -m black pqc_mcp_server/
# Type checking
python -m mypy pqc_mcp_server/
Related Projects
- Open Quantum Safe - The liboqs library
- Model Context Protocol - MCP specification
- quantum-proof-bitcoin - Bitcoin with PQC signatures
Contributing
Contributions are welcome! Please read CONTRIBUTING.md for guidelines.
License
MIT License - see LICENSE for details.
Acknowledgments
- Open Quantum Safe Project for liboqs
- Anthropic for the Model Context Protocol
- NIST for PQC standardization efforts
Recommended Servers
playwright-mcp
A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.
Magic Component Platform (MCP)
An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.
Audiense Insights MCP Server
Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.
VeyraX MCP
Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.
graphlit-mcp-server
The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.
Kagi MCP Server
An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.
E2B
Using MCP to run code via e2b.
Neon Database
MCP server for interacting with Neon Management API and databases
Exa Search
A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.
Qdrant Server
This repository is an example of how to create a MCP server for Qdrant, a vector search engine.