Run real post-quantum crypto.
This is not a simulation. Every byte below is generated right now, in your browser, by the audited @noble/post-quantum library — the same ML-KEM and ML-DSA defined in NIST FIPS 203 and FIPS 204.
Nothing leaves your machine and nothing is precomputed — refresh and the bytes change, because fresh keys are sampled each run.
1. ML-KEM-768 key encapsulation
FIPS 203 · the quantum-safe replacement for RSA/ECC key exchange
Alice publishes a public key. Bob encapsulates a random shared secret against it, producing a ciphertext. Alice decapsulates that ciphertext with her secret key. If the scheme works, both sides hold the identical 32-byte secret — without it ever crossing the wire.
2. Hybrid: X25519 + ML-KEM-768
The construction shipping in TLS 1.3 today (x25519_mlkem768)
A real X25519 elliptic-curve exchange and a real ML-KEM-768 encapsulation, combined into one session secret. An attacker must break both the classical and the post-quantum layer — so the day a quantum computer breaks X25519, the ML-KEM half still holds.
3. ML-DSA-65 sign & verify
FIPS 204 · the quantum-safe replacement for RSA/ECDSA signatures
Type a message, sign it with a freshly generated ML-DSA key, and verify the signature. Then watch verification fail the instant a single byte of the message changes.