Your progress so far

Pick up where you left off.

You've completed 0 of 23 exhibits. Here's what you've seen, and what's still ahead.

0 / 23 exhibits

0%

Import

Hall 1 · Cryptographic Foundations

0/5 · 0%

0/2 · 0%

0/4 · 0%

0/5 · 0%

0/4 · 0%

0/3 · 0%

Eight interactive labs that take what you learned and let you push on it — including a bench that runs real ML-KEM and ML-DSA in your browser.

Five short puzzles. Did the math actually land?

See the whole museum from the front door.

Asymmetric cryptography (RSA, ECC, DH) falls completely to Shor’s algorithm; symmetric cryptography (AES) survives with key-size upgrades under Grover’s.
NIST standardized ML-KEM (FIPS 203), ML-DSA (FIPS 204), and SLH-DSA (FIPS 205) in August 2024 across multiple mathematical families for diversification.
The hybrid X-Wing KEM (X25519 + ML-KEM-768) is the responsible migration default — endorsed by NSA, NIST, NCSC, and the EU.
Mosca’s inequality (X + Y > Z) means data with multi-decade confidentiality requirements has already failed for classical asymmetric crypto.
Major regulators converge on 2030 for critical infrastructure and 2035 for full migration.