Quantum-Safe Encryption
Every notification sent through Smooven is protected by quantum-safe encryption. This is not a premium feature or an optional add-on. It is built into every tier, for every customer.
Why quantum safety matters now
Section titled “Why quantum safety matters now”Most internet encryption today relies on RSA and Elliptic Curve cryptography. These algorithms are secure against classical computers but vulnerable to quantum computers running Shor’s algorithm.
The threat is not hypothetical. Adversaries are already practising “harvest now, decrypt later”: recording encrypted traffic today with the intention of decrypting it once quantum computers are powerful enough. For any data that needs to remain confidential for years (medical records, financial transactions, identity data), this is a real risk today.
How Smooven implements quantum safety
Section titled “How Smooven implements quantum safety”Hybrid key exchange
Section titled “Hybrid key exchange”Smooven uses a hybrid key exchange that combines:
- Classical ECDH (Elliptic Curve Diffie-Hellman) for proven, battle-tested security against today’s threats
- CRYSTALS-Kyber (ML-KEM) for resistance against quantum attacks
Both key exchanges run in parallel. The resulting session key is derived from both, meaning an attacker would need to break both classical and quantum-resistant algorithms simultaneously.
NIST standards compliance
Section titled “NIST standards compliance”Smooven implements the post-quantum cryptographic standards finalised by NIST in August 2024:
| Algorithm | Standard | Purpose |
|---|---|---|
| ML-KEM (CRYSTALS-Kyber) | FIPS 203 | Key encapsulation (secure key exchange) |
| ML-DSA (CRYSTALS-Dilithium) | FIPS 204 | Digital signatures for API authentication |
| SLH-DSA (SPHINCS+) | FIPS 205 | Hash-based signature alternative |
Key derivation
Section titled “Key derivation”API keys and session tokens are derived using quantum-resistant key derivation functions. This ensures that the Dual-Key paradigm (App ID + Secret Key) maintains its security properties even in a post-quantum world.
What this means for you
Section titled “What this means for you”- No code changes required. Quantum safety is handled at the transport layer. Your API calls work exactly the same way.
- No performance penalty. The hybrid key exchange adds negligible latency (under 1ms) to connection establishment.
- No extra cost. Quantum safety is included in every plan, from Developer (free) through Enterprise.
Compliance and regulatory readiness
Section titled “Compliance and regulatory readiness”Governments and regulators worldwide are mandating quantum-safe cryptography:
| Region | Mandate |
|---|---|
| United States | Federal systems must adopt PQC by 2035 (NSM-10) |
| European Union | ENISA recommending hybrid approaches starting 2025 |
| United Kingdom | NCSC advising preparation for PQC migration |
| Australia | ASD updating ISM guidance for quantum readiness |
By using Smooven, your notification infrastructure already meets these emerging requirements.