Most encryption is judged by one question: can anyone read this today? It's the wrong question. The data you seal now may still be private in twenty years — or it may not, depending on a machine that doesn't fully exist yet.
That machine is a large-scale quantum computer, and the attack it enables already has a name: harvest now, decrypt later.
The attack is patient
An adversary doesn't need to break your encryption today. They only need to copy the ciphertext and wait. Encrypted traffic, backups, leaked archives — all of it can sit in cold storage until a quantum computer capable of running Shor's algorithm arrives and unwinds the public-key cryptography that protected it.
For data with a long shelf life — medical records, legal documents, personal photographs, anything you'd hate to lose or expose — "secure for now" is not the same as secure.
Encrypted today. Unreadable tomorrow.
What post-quantum cryptography actually changes
Post-quantum cryptography (PQC) replaces the key-exchange step with algorithms believed to resist quantum attacks. StenVault uses a hybrid approach — pairing a lattice-based scheme with a classical one — so that your keys stay protected unless both are broken.
key exchange X25519 + ML-KEM-768 (FIPS 203)
signatures Ed25519 + ML-DSA-65 (FIPS 204)
payload AES-256-GCM
derivation Argon2id · 46 MiB · t=1 · p=1Symmetric encryption is largely unaffected — AES-256 keeps roughly 128-bit strength even against a quantum attacker, which remains far out of reach. The danger is concentrated in the asymmetric layer, and that's exactly where the hybrid KEM does its work.
Why we're doing it now, not later
If you wait for quantum computers to arrive before adopting PQC, the harvested data is already lost — it was copied years ago. The only defense against a patient attacker is to seal data with post-quantum cryptography before the threat materialises. That's not caution. It's the whole point.
Your memories shouldn't have an expiry date. Neither should the encryption that protects them.