The arrival of cryptographically relevant quantum computers threatens the public-key primitives (RSA, Diffie-Hellman, and elliptic-curve cryptography) that secure essentially all current file-transfer and key-exchange systems, including through harvest-now-decrypt-later attacks. This paper presents QuantumVault, a working web-based file-sharing platform whose entire key-establishment and authentication path is built on the post-quantum algorithms standardized by NIST: ML-KEM (FIPS 203) for key encapsulation and ML-DSA (FIPS 204) for digital signatures, with AES-256-GCM for authenticated bulk encryption and a SHA-256 hash chain for tamper-evident auditing. We describe a hybrid sign-then-encrypt design in which each file is encrypted once under a random data-encryption key that is independently re-wrapped for every recipient using that recipient's post-quantum public key, enabling true multi-recipient sharing and constant-time revocation without re-encrypting file data. We report on the system architecture, the cryptographic workflow, an automated suite of 73 unit and end-to-end tests, an in-application cryptographic self-test, and the security properties the implementation enforces. We also state the system's boundaries candidly: encryption is performed server-side, and we outline a concrete path toward client-side end-to-end encryption as future work.
Almoussa et al. (Thu,) studied this question.
Synapse has enriched 5 closely related papers on similar clinical questions. Consider them for comparative context: