The move to post-quantum cryptography pushes classical RSA to larger sizes (3072, 4096 bit) and introduces hybrid classical-plus-PQC deployments. Both paths require more and bigger primes, more often. Ethoryx accelerates the fresh-prime-generation layer complementing NIST's ML-KEM (Kyber) and ML-DSA (Dilithium) standards with the RSA and NTT-prime layer they depend on.
The most immediate PQC migration for RSA-based systems is a key-size upgrade: 3072-bit and 4096-bit RSA per NIST SP 800-56B. These primes are expensive to generate. Ethoryx reduces primality-test count by 66% at 2048-bit and more at larger sizes.
Real-world deployments pair classical RSA or ECC with PQC KEMs (Kyber) and signatures (Dilithium, Falcon) for defence-in-depth. Both halves need fresh primes per deployment. Ethoryx serves the RSA side; NIST-finalised PQC primitives handle the rest.
Several PQC schemes (Falcon, NTRU variants, custom PQC designs) require NTT-friendly primes in their internal design. Ethoryx NTT can generate primes at the bit sizes and arithmetic forms needed for these schemes.
A typical hybrid handshake: classical RSA-4096 for today, Kyber-1024 for quantum-safe, signed by Dilithium. Ethoryx accelerates the RSA-4096 keypair generation.
# 1. Generate a 4096-bit RSA keypair in under 2s (was ~6-10s standard) curl "https://api.ethoryx.io/v1/generate/rsa-pair?bits=2048" \ -H "X-API-Key: YOUR_KEY" # Response { "p": "...", "q": "...", "n": "...", "bits_each": 2048, "rsa_modulus_bits": 4096, "total_miller_rabin_tests": 564, "generation_ms": 1347.82 } # 2. Pair with Kyber (NIST ML-KEM) for quantum-safe key agreement # (Kyber is handled by your standard PQC library e.g., liboqs or oqs-rust) use oqs::kem::{Kem, Algorithm}; let kyber = Kem::new(Algorithm::Kyber1024)?; let (kyber_pk, kyber_sk) = kyber.keypair()?; # 3. Sign the hybrid cert with Dilithium (NIST ML-DSA) use oqs::sig::{Sig, Algorithm as SigAlg}; let dilithium = Sig::new(SigAlg::Dilithium3)?; let (dil_pk, dil_sk) = dilithium.keypair()?; // Combined hybrid identity: RSA-4096 (Ethoryx) + Kyber-1024 + Dilithium-3
CAs must regenerate root and intermediate CA keys at larger sizes during the PQC transition. Ethoryx reduces the compute cost of these operations at scale; particularly when CAs issue hybrid certificates containing both classical and PQC components.
NIST's Commercial National Security Algorithm Suite (CNSA 2.0) mandates PQC migration by 2030 for US government systems. Interim guidance recommends 3072-bit+ RSA and hybrid-mode signatures. Ethoryx serves the fresh-prime-generation portion of this migration.
Data encrypted today and stolen today may be decrypted in the quantum-computing era ("harvest now, decrypt later"). Systems storing long-confidentiality data of medical records, national secrets, long-term financial contracts which are migrating preemptively.
SWIFT, Visa, and central-bank digital-currency systems have begun PQC readiness reviews. The prime-generation layer of their key-management infrastructure is a natural upgrade target when moving to larger RSA sizes.
| Standard | Former name | Purpose | Ethoryx role |
|---|---|---|---|
| FIPS 203 · ML-KEM | Kyber | Key encapsulation | Standard NIST primitive: no primes needed |
| FIPS 204 · ML-DSA | Dilithium | Digital signature | Standard NIST primitive: no primes needed |
| FIPS 205 · SLH-DSA | SPHINCS+ | Hash-based signature | Standard NIST primitive: no primes needed |
| Falcon (draft) | Falcon-512, -1024 | Lattice signature | Internal NTT primes - Ethoryx serves |
| RSA (hybrid) | RSA-3072, RSA-4096 | Classical fallback | RSA prime generation - Ethoryx core |
Ethoryx does not accelerate the NIST-finalised primitives themselves (Kyber and Dilithium use fixed parameter sets, no prime generation needed). What Ethoryx accelerates is the generation of fresh primes required in (a) the classical half of hybrid systems, (b) the internal NTT parameters of Falcon and similar lattice schemes, (c) custom PQC designs that need scheme-specific primes, and (d) any system migrating to larger RSA sizes.