EtherML
Post-quantum crypto for Ethereum wallets
Created on 8th October 2025
•
EtherML
Post-quantum crypto for Ethereum wallets
The problem EtherML solves
The Problem It Solves
Quantum Computer Threat to Cryptocurrency Security
Current Ethereum wallets use classical cryptography (secp256k1 ECDSA) that will be completely broken by quantum computers. Experts estimate quantum computers capable of breaking current encryption could arrive within 5-10 years, putting trillions of dollars in crypto assets at risk.
What This Wallet Solves:
🛡️ Future-Proof Security
- Protects private keys with ML-KEM-1024, a NIST-standardized post-quantum algorithm
- Ensures your Ethereum assets remain secure even when quantum computers become viable
- No migration needed - your keys are already quantum-safe
🔐 Physical Security ($5 Wrench Attack Protection)
- Deniable encryption provides plausible deniability under coercion
- Dual-mode key derivation lets you reveal a "decoy" wallet while keeping your real assets hidden
- Protects against physical threats, not just digital ones
💼 Enterprise-Grade Key Management
- Argon2id key derivation resistant to brute-force attacks
- Secure memory handling with automatic key zeroing
- Professional TUI for managing multiple wallets efficiently
Who Benefits:
- Long-term HODLers who need quantum-resistant storage for multi-year holdings
- High-value wallet owners concerned about future quantum threats
- Privacy-focused users who need plausible deniability
- Security researchers exploring post-quantum cryptography in practice
- Institutions preparing for post-quantum security compliance
Why Now:
The crypto industry needs to transition to quantum-resistant security before quantum computers arrive. By the time quantum computers can break current encryption, it will be too late to protect existing wallets. This wallet enables the proactive adoption of post-quantum security today.
Challenges I ran into
1. ML-KEM-1024 Hybrid Encryption Architecture
The Problem: Go 1.24's new
crypto/mlkem
library implements a key encapsulation mechanism (KEM), not traditional encryption. ML-KEM can't directly encrypt wallet data.The Solution: Built a hybrid system where ML-KEM-1024 encapsulates a random symmetric key, which then encrypts data with AES-256-GCM. Achieved ~109ms key generation and 1.4GB/s throughput through careful optimization of Argon2id parameters and memory allocation patterns.
2. Deniable Encryption Implementation
The Problem: Protecting against physical coercion ($5 wrench attack) requires plausible deniability - the ability to reveal a "decoy" password that unlocks a different wallet set.
The Solution: Designed dual-mode key derivation using Argon2id with different salt strategies. Both passwords decrypt to valid wallet files, making it cryptographically impossible to determine which is "real." Implemented constant-time operations to prevent timing-based detection.
3. Secure Memory Handling in Go
The Problem: Go's garbage collector doesn't guarantee immediate memory clearing. Private keys sitting in memory could leak via memory dumps or debugging tools.
The Solution: Created
SecureString
type with automatic zeroing, usedsubtle.ConstantTimeCopy
for side-channel resistance, and added tests to verify memory is actually cleared. Every private key operation now usesdefer
to ensure cleanup even during panics.4. Testing Post-Quantum Cryptography
The Problem: How do you validate security against theoretical quantum attacks that don't exist yet?
The Solution: Built three-layer test suite:
- Unit tests for cryptographic correctness and round-trip integrity
- Benchmark tests for performance regression detection (~109ms key gen baseline)
- Fuzz tests for robustness against malformed inputs
Achieved 100% coverage for all cryptographic functions with statistical validation of constant-time operations.
Key Takeaway: Building quantum-resistant crypto meant balancing cutting-edge security with real-world usability. Post-quantum algorithms are inherently slower than classical crypto, but the security benefits justify the ~109ms overhead for wallet creation.
Technologies used
Cheer Project
Cheering for a project means supporting a project you like with as little as 0.0025 ETH. Right now, you can Cheer using ETH on Arbitrum, Optimism and Base.