{"slug": "adding-a-post-quantum-hybrid-handshake-to-a-rust-vpn", "title": "Adding a post-quantum hybrid handshake to a Rust VPN", "summary": "A developer added a hybrid post-quantum key exchange to the Rust-based VPN Qeli, combining X25519 and ML-KEM-768 to protect against 'harvest now, decrypt later' attacks. The handshake runs both algorithms and mixes their results in the KDF, ensuring security unless both are broken. The Rust implementation serves as the single source of truth, with other clients (C# for Windows/macOS, Kotlin for Android) calling it via FFI and JNI.", "body_md": "I maintain [Qeli](https://github.com/litvinovtd/qeli), a self-hosted VPN whose core and server are written in Rust. For the 0.7.x line I added a **hybrid post-quantum key exchange** to the inner handshake, and wired the same primitive into the non-Rust clients. Here is how it is built and what bit me.\n\nThe threat is \"harvest now, decrypt later\": traffic captured today, decrypted once a large quantum computer exists. Classical X25519 does not survive that; pure ML-KEM is young, and I do not want one new primitive to be the only thing between you and plaintext. So the handshake runs **both** and mixes the results - you are safe unless *both* X25519 and ML-KEM-768 fall.\n\nMixing both secrets in the KDF (instead of picking one) is what makes it hybrid: an attacker has to break *both* to recover the key.\n\nQeli has native clients on Windows/macOS (C#) and Android (Kotlin). Rather than reimplement ML-KEM three times, the Rust implementation is the single source of truth, and the other clients call into a small native core over **FFI** (C#) and **JNI** (Android). Same wire format everywhere, and the PQ code gets reviewed once.\n\nCode is open (AGPL-3.0 core, MPL-2.0 clients): [https://github.com/litvinovtd/qeli](https://github.com/litvinovtd/qeli) - and there is a project site at [https://qeli.ru](https://qeli.ru). Feedback on the handshake and transport code is very welcome.", "url": "https://wpnews.pro/news/adding-a-post-quantum-hybrid-handshake-to-a-rust-vpn", "canonical_source": "https://dev.to/alexandr_litvinov/adding-a-post-quantum-hybrid-handshake-to-a-rust-vpn-pk8", "published_at": "2026-06-18 22:13:48+00:00", "updated_at": "2026-06-18 22:29:59.364048+00:00", "lang": "en", "topics": ["artificial-intelligence", "machine-learning", "large-language-models", "robotics", "autonomous-vehicles"], "entities": ["Qeli", "Rust", "X25519", "ML-KEM-768", "FFI", "JNI", "AGPL-3.0", "MPL-2.0"], "alternates": {"html": "https://wpnews.pro/news/adding-a-post-quantum-hybrid-handshake-to-a-rust-vpn", "markdown": "https://wpnews.pro/news/adding-a-post-quantum-hybrid-handshake-to-a-rust-vpn.md", "text": "https://wpnews.pro/news/adding-a-post-quantum-hybrid-handshake-to-a-rust-vpn.txt", "jsonld": "https://wpnews.pro/news/adding-a-post-quantum-hybrid-handshake-to-a-rust-vpn.jsonld"}}