ContextQMD
Back to Ruview

Tick 28 — 2026-05-22 09:40 UTC

docs/research/sota-2026-05-22/ticks/tick-28.md

1.99.0-pip3.3 KB
Original Source

Tick 28 — 2026-05-22 09:40 UTC

Thread: ADR-108 (Kyber post-quantum key exchange) Verdict: Final ADR in the privacy + federation chain. Closes the quantum-resistance gap deferred from ADR-107. Hybrid mode (Kyber-768 + X25519) for 2027-2030 migration; pure Kyber-768 for Phase 3.

What shipped

  • docs/adr/ADR-108-kyber-post-quantum-key-exchange.md — full ADR draft.

Headline

PhaseTimelineCryptography
Phase 0NOW (2026)Classical X25519 (ADR-107 default)
Phase 12026-Q4 → 2027Kyber-768 opt-in via --enable-pqc
Phase 22027-Q2 → 2028Hybrid (X25519 + Kyber-768) becomes default
Phase 32030+Pure Kyber-768 (classical retired)

Why Kyber-768: NIST FIPS 203 (2024); ~AES-192 equivalent; CNSA 2.0 default; used by Cloudflare/Google/AWS in 2024-2026 rollouts.

Why hybrid for Phase 2: belt-and-braces against future Kyber breaks (Kyber is ~5 years old) OR classical breaks OR implementation bugs in either primitive.

Why now (the record-now-decrypt-later argument)

Adversaries can record federated updates today and decrypt them in 2035 when quantum capabilities arrive. Without ADR-108, the (ε, δ) guarantees of ADR-106 silently expire when quantum computers arrive.

Bandwidth + LOC budgets

Bandwidth: ~3 kB/round/installation extra during hybrid mode (negligible).

LOC: +220 on top of ADR-107.

Total federation budget across ADR-105+106+107+108: ~1,550 LOC.

ADR chain closes

Final ADR in the privacy + federation chain:

#ADRWhat it closes
1ADR-100cog packaging (foundation)
2ADR-103first cog example (cog-person-count)
3ADR-104MCP + CLI distribution
4ADR-105within-installation federation
5ADR-106DP-SGD + biometric primitive isolation
6ADR-107cross-installation + secure aggregation
7ADR-108post-quantum key exchange

No remaining unspecified privacy gap at any threat horizon (classical OR quantum).

Composes with prior threads

  • R3 / R14 / R15 / R7 / R12 PABS — privacy chain intact through quantum transition
  • R10 / R11 (long-deployment wildlife / maritime) — benefit most from forward secrecy because data ages for years

Honest scope

  • Kyber is ~5 years old (less battle-tested than X25519); hybrid mode mitigates
  • "When do we need this?" is uncertain (2030 aggressive / 2050+ conservative); proactive migration is cheap insurance
  • ESP32-S3 timing impact (~10 ms per handshake) estimated negligible vs 30 s round duration; needs benchmarking
  • Migration timeline depends on pqcrypto-kyber Rust crate maturity
  • Phase 3 retirement of classical needs future decision

Future ADRs catalogued

  • ADR-109: PQC signatures (Dilithium for cog signing, replaces Ed25519 in ADR-100)
  • ADR-110: PQC hardware acceleration on Cognitum-v0 if timing becomes binding
  • ADR-111: PQC for cog-store distribution chain

Coordination

ticks/tick-28.md. No PROGRESS.md edit. Branch research/sota-adr108-kyber.

Remaining loop work

  • R12.1: pose-PABS closed loop (needs Rust, out of scope for synthetic ticks)
  • Loop retrospective / 00-summary.md (~2.3h until cron stop — premature)

~2.3h to cron stop. 28 ticks landed. 4 ADRs in the privacy chain (105/106/107/108). Loop covers everything except R12.1 implementation.