Icarus Post-Quantum Crypto
Icarus is the post-quantum cryptography engine of Syn_OS. v9.0 implements all three NIST-standardised PQC algorithms and exposes them through a single Rust crate (synos-icarus) used by every component that signs, encrypts, or attests anything.
The name is the test: fly toward the sun if you must, but make sure your wings are made of something that doesn’t melt under quantum heat.
What’s implemented
Section titled “What’s implemented”| Algorithm | Standard | Class | Use in Syn_OS |
|---|---|---|---|
| ML-KEM | FIPS 203 | Key encapsulation | TLS 1.3 hybrid, ARCANUM mesh peer agreement, Sanctum federation tunnels |
| ML-DSA | FIPS 204 | Module-lattice digital signature | ALFRED model provenance, lab integrity manifests, audit-trail signatures |
| SLH-DSA | FIPS 205 | Stateless hash-based signature | Long-lived release signing where statefulness is unacceptable |
Why three?
Section titled “Why three?”Different PQC families have different security assumptions. Syn_OS uses all three so that a future cryptanalytic breakthrough in one family does not collapse the entire trust chain.
- ML-KEM — relies on the hardness of Module Learning With Errors (MLWE). Fast, small ciphertexts. Default for transport security.
- ML-DSA — also lattice-based. Larger signatures than ECDSA but acceptably small. Default for high-frequency signing (audit trail entries, log signatures, mesh attestation).
- SLH-DSA — purely hash-based. Conservative, no lattice assumptions, but with much larger signatures (~30 KB) and slower signing. Used for release artefacts and other long-lived signatures where the future risk of lattice cryptanalysis is unacceptable.
Where it’s wired in
Section titled “Where it’s wired in”| Subsystem | Algorithm | Notes |
|---|---|---|
| TLS terminators (Sanctum federation, ARCANUM mesh) | ML-KEM hybrid with X25519 | rustls-pqc fork, hybrid key share |
| Curtain v3 capability tokens | ed25519 today, ML-DSA migration prepared | Token format already carries an algorithm OID for clean rotation |
Audit trail (synos-audit-trail) | ML-DSA per entry, SLH-DSA on epoch roots | HMAC-SHA256 chained, signed roots |
| Build attestation (v48 Forge) | SLH-DSA on release manifests | Signed alongside cosign / Sigstore |
| ALFRED model provenance | ML-DSA on ONNX / Ollama model fingerprints | v42 Carcossa Burning |
| Lab integrity manifests | ML-DSA on SHA-256 manifest roots | Verified by lab-integrity xtask |
| Fragment Field IDS reports | ML-DSA per report | Mesh-distributed, must verify across peers |
Performance
Section titled “Performance”Measured on Haswell-era i7-4790 (the THEDARKNESS admin node baseline):
| Operation | ML-KEM | ML-DSA | SLH-DSA |
|---|---|---|---|
| Keygen | 47 µs | 61 µs | 6.8 ms |
| Encapsulate / Sign | 62 µs | 88 µs | 140 ms |
| Decapsulate / Verify | 78 µs | 175 µs | 12 ms |
| Public key size | 800 B | 1312 B | 32 B |
| Ciphertext / Signature size | 768 B | 2420 B | ~30 KB |
For high-frequency signing (audit trail entries) ML-DSA is the hot path. SLH-DSA is reserved for slow paths where 140 ms per signature is acceptable in exchange for the hash-based security floor.
Hybrid mode
Section titled “Hybrid mode”For transport security Icarus runs hybrid — combining classical (X25519 / Ed25519) with the post-quantum algorithm — so that if either primitive falls, the connection is still secure under the other. This matches NIST and IETF guidance for transition deployments.
use synos_icarus::tls::HybridSuite;
let suite = HybridSuite::X25519MLKEM768; // transportlet signer = HybridSigner::Ed25519MLDSA65; // signingThe synos-icarus crate exposes a stable Rust API that the rest of the workspace uses; consumers don’t need to know whether the underlying primitive is pure-PQC, hybrid, or classical. The choice is made by configuration policy.
What is not implemented
Section titled “What is not implemented”- CRYSTALS-Kyber-512 / Dilithium2 legacy parameter sets — superseded by FIPS 203 / 204; not shipped
- Falcon / FALCON-512 — NIST round-3 alternate; available as a feature-flagged extension crate but not default
- Stateful hash-based signatures (LMS / XMSS) — explicitly avoided. Statefulness is operationally hostile.
Quantum-safe today vs quantum-safe tomorrow
Section titled “Quantum-safe today vs quantum-safe tomorrow”Icarus is quantum-safe today in the sense that every signing and key-agreement primitive that defends Syn_OS infrastructure is either FIPS-203/204/205 or a hybrid that includes one of those. There is no classical-only path in production Sanctum federation traffic, audit trail, or release attestation as of v60.
The migration of Curtain v3 capability tokens from ed25519 to ML-DSA is the last remaining transition; it is feature-gated behind a config flag pending counsel review of token format compatibility with downstream MSA terms.
Related
Section titled “Related”- Custom Kernel → —
synos-icarusis also linked into kernel modules for module-signing - Forge → — SLH-DSA on release artefacts
- Curtain → — capability token signing