Three independent, spec-faithful implementations of the NIST post-quantum standards. No CGO, no assembly, constant-time arithmetic. Ready for the post-ECDLP era.
In March 2026, Google Quantum AI demonstrated that Shor's algorithm can break the 256-bit Elliptic Curve Discrete Logarithm on secp256k1 with dramatically fewer resources than previously estimated. On-spend attacks on Bitcoin and Ethereum transactions are within reach of near-term quantum hardware.
Each package is self-contained, independently testable, and faithful to the NIST specification.
Establish shared secret keys over insecure channels. Replaces ECDH key exchange with quantum-resistant lattice-based key encapsulation using the Fujisaki-Okamoto transform.
Sign and verify messages with quantum-resistant digital signatures. Replaces ECDSA and Schnorr signatures using Fiat-Shamir with Aborts over module lattices.
The most conservative post-quantum choice. Security relies purely on SHAKE-256 hash properties -- no algebraic structure for quantum algorithms to exploit. Uses WOTS+, FORS, XMSS, and hypertree layers.
Drop-in Go packages. No configuration required.
import "github.com/jiayaoqijia/altpq/mlkem" // Generate a keypair dk, err := mlkem.GenerateKey768(rand.Reader) ek := dk.EncapsulationKey() // Sender: encapsulate a shared secret sharedKey, ciphertext := ek.Encapsulate() // Receiver: decapsulate to recover the shared secret sharedKey2, err := dk.Decapsulate(ciphertext) // sharedKey == sharedKey2 (32 bytes)
import "github.com/jiayaoqijia/altpq/mldsa" // Generate a keypair pk, sk, err := mldsa.GenerateKey65(rand.Reader) // Sign a message sig, err := sk.Sign(rand.Reader, message, nil) // Verify the signature ok := pk.Verify(message, sig) // ok == true
import "github.com/jiayaoqijia/altpq/slhdsa" // Generate a keypair (SHAKE-128f for speed) sk, pk, err := slhdsa.GenerateKey(slhdsa.SHAKE_128f, rand.Reader) // Sign a message sig, err := sk.Sign(rand.Reader, message, nil) // Verify the signature ok := pk.Verify(message, sig) // ok == true
# Install the library $ go get github.com/jiayaoqijia/altpq # Run tests $ go test ./mlkem/ ./mldsa/ -timeout 120s $ go test ./slhdsa/ -timeout 300s # Requires Go 1.25+ # Only dependency: golang.org/x/crypto (SHA-3/SHAKE)
| ML-KEM (FIPS 203) | ML-DSA (FIPS 204) | SLH-DSA (FIPS 205) | |
|---|---|---|---|
| Purpose | Key exchange | Digital signatures | Digital signatures |
| Hardness | Lattice (MLWE) | Lattice (MLWE + MSIS) | Hash functions only |
| Speed | Fast | Moderate | Slow (signing) |
| Signature Size | n/a | 2.4 - 4.6 KB |
7.8 - 50 KB |
| Confidence | High | High | Highest (minimal assumptions) |
| Best For | TLS, encrypted comms | Code signing, certificates | Long-term signatures, max security |
The Ethereum Foundation has elevated post-quantum security to a top strategic priority, targeting L1 upgrades by 2029. altpq implements the algorithms they're evaluating.
Ethereum's execution layer roadmap evaluates Dilithium for transaction signatures. Dilithium is now standardized as ML-DSA (FIPS 204) -- the exact algorithm implemented in altpq's mldsa package.
SPHINCS+ is under evaluation as the conservative fallback. It's now standardized as SLH-DSA (FIPS 205) -- implemented in altpq's slhdsa package with all 6 SHAKE parameter sets.
Account abstraction allows Ethereum accounts to use arbitrary signature schemes. altpq's ML-DSA and SLH-DSA can serve as drop-in PQ signature verifiers for smart contract wallets.
Validator communication, L2 bridges, and encrypted messaging channels can adopt ML-KEM (FIPS 203) to replace ECDH-based key agreement with quantum-resistant key encapsulation.
Go 1.25+ · Single dependency · Pure Go · BSD-3-Clause