Tools
Pqc Shield
By Post-Quantum Cryptography plugin for OpenClaw — ML-KEM-768 + ML-DSA-65 + AES-256-GCM via liboqs 0.15.0
Install
npm install -gREADME
# Q-CORE PQC Shield for OpenClaw
[](LICENSE)
[](https://github.com/openclaw/openclaw)
[](https://github.com/open-quantum-safe/liboqs)
[](https://csrc.nist.gov/pubs/fips/203/final)
**Post-Quantum Cryptography plugin for [OpenClaw](https://github.com/openclaw/openclaw)** — adds end-to-end encryption and digital signatures to OpenClaw messages using NIST-standardized post-quantum algorithms.
Built by [Q-CORE Systems s.r.o.](https://qcore.systems)
## Features
- **ML-KEM-768** key encapsulation (NIST FIPS 203)
- **ML-DSA-65** digital signatures (NIST FIPS 204)
- **AES-256-GCM** authenticated symmetric encryption
- **HKDF-SHA256** key derivation (RFC 5869)
- **Replay protection** with timestamp + nonce cache (5-minute window)
- **At-rest key encryption** using scrypt + AES-256-GCM (KDF-protected keystore)
- **Real liboqs 0.15.0** — no stubs, no mocks in production paths
- **Native Node.js FFI** via koffi — no Python subprocess bridge
## Algorithms supported
| Type | Algorithms | Standard |
|------|-----------|----------|
| KEM | ML-KEM-512, ML-KEM-768, ML-KEM-1024 | NIST FIPS 203 |
| Signature | ML-DSA-44, ML-DSA-65, ML-DSA-87 | NIST FIPS 204 |
| Symmetric | AES-256-GCM | NIST SP 800-38D |
| KDF | HKDF-SHA256 | RFC 5869 |
| Password KDF | scrypt (N=32768, r=8, p=1) | RFC 7914 |
## Performance
Benchmarks measured on Intel Core i7-7700HQ (Kaby Lake, 2017 laptop), Node.js 22, liboqs 0.15.0:
| Operation | Average | Throughput |
|-----------|---------|------------|
| ML-KEM-768 KeyGen | 0.03 ms | 34 602 ops/s |
| ML-KEM-768 Encaps | 0.02 ms | 43 332 ops/s |
| ML-KEM-768 Decaps | 0.02 ms | 44 080 ops/s |
| ML-DSA-65 KeyGen | 0.08 ms | 11 845 ops/s |
| ML-DSA-65 Sign | 0.16 ms | 6 185 ops/s |
| ML-DSA-65 Verify | 0.05 ms | 20 081 ops/s |
| AES-256-GCM encrypt 1 KB | 0.02 ms | 49 553 ops/s |
| End-to-end Encrypt+Sign (256 B) | 0.26 ms | 3 872 msg/s |
| End-to-end Verify+Decrypt | 0.14 ms | 7 294 msg/s |
## Requirements
- OpenClaw 2026.5.12 or later
- Node.js 22 LTS or later
- liboqs 0.15.0 (system shared library)
- Linux x86_64 (other platforms supported via koffi prebuilts: macOS x64/arm64, Linux arm64, FreeBSD)
## Installation
### 1. Install liboqs (Linux)
Ubuntu / Debian / Mint:
sudo apt-get install liboqs-dev
Or build from source:
git clone --branch 0.15.0 https://github.com/open-quantum-safe/liboqs
cd liboqs && mkdir build && cd build
cmake -DCMAKE_INSTALL_PREFIX=/usr/local -DOQS_BUILD_ONLY_LIB=ON ..
make -j$(nproc) && sudo make install
sudo ldconfig
Verify:
ldconfig -p | grep liboqs
Expected output: `liboqs.so.0.15.0 -> /usr/local/lib/liboqs.so`
### 2. Install OpenClaw
sudo npm install -g openclaw@latest
openclaw --version
### 3. Install the plugin
git clone https://github.com/QCSsecurity/openclaw-pqc-shield
cd openclaw-pqc-shield
npm install
npm run build
openclaw plugins install --link .
openclaw plugins enable pqc-shield
### 4. Verify
openclaw plugins inspect pqc-shield --runtime
Expected output includes:
Status: loaded
Commands:
pqc-status
pqc-keygen
pqc-encrypt
pqc-decrypt
pqc-sign
pqc-verify
## Configuration
Add to your OpenClaw config:
{
"plugins": {
"entries": {
"pqc-shield": {
"enabled": true,
"config": {
"liboqsPath": "/usr/local/lib/liboqs.so",
"keystoreDir": "~/.openclaw/pqc-keystore",
"kemAlgorithm": "ML-KEM-768",
"sigAlgorithm": "ML-DSA-65",
"replayWindowMs": 300000
}
}
}
}
}
## Commands
| Command | Description |
|---------|-------------|
| /pqc-status | Show plugin status and key inventory |
| /pqc-keygen | Generate ML-KEM-768 + ML-DSA-65 keypair |
| /pqc-encrypt | Encrypt + sign message for a recipient |
| /pqc-decrypt | Verify + decrypt envelope |
| /pqc-sign | Sign message (detached signature) |
| /pqc-verify | Verify detached signature |
## Security model
### Threat coverage
- Quantum-resistant key exchange (ML-KEM-768 = NIST Level 3, IND-CCA2)
- Quantum-resistant signatures (ML-DSA-65 = NIST Level 3, EUF-CMA)
- Message tampering (AES-256-GCM authentication)
- Replay attacks (timestamp window + nonce cache)
- At-rest key compromise (scrypt-derived AES-256-GCM)
- Algorithm substitution (algorithm IDs included in signed envelope)
- Surreptitious forwarding (encrypt-then-sign, signer pk bound in envelope)
### Envelope format (encrypt-then-sign)
SENDER side:
recipientPublicKey -> ML-KEM Encaps -> (kemCiphertext, sharedSecret)
HKDF-SHA256(sharedSecret, salt=H(kemCiphertext)) -> aesKey
AES-256-GCM encrypt(plaintext, aad=kemCt||timestamp) -> (iv, tag, ciphertext)
ML-DSA-65 sign(version || algos || kemCt || iv || tag || ct || signerPk || ts)
RECIPIENT side:
Verify ML-DSA signature (reject immediately if invalid)
Check timestamp window (reject if outside 5 min)
Check replay cache (reject if seen)
ML-KEM Decaps(kemCiphertext, secretKey) -> sharedSecret
HKDF-SHA256(sharedSecret, salt=H(kemCiphertext)) -> aesKey
AES-256-GCM decrypt(iv, tag, ciphertext, aad) -> plaintext
## Testing
Unit tests (mock liboqs, fast):
npm test
Integration tests with real liboqs 0.15.0:
LIBOQS_REAL=1 npm test
Benchmarks:
npm run bench
Current test status: 24/24 unit tests + 12/12 real end-to-end tests passing.
## License
MIT — see [LICENSE](LICENSE).
## About Q-CORE Systems
Q-CORE Systems s.r.o. is a Czech cybersecurity company focused on Post-Quantum Cryptography implementations.
- Web: [qcore.systems](https://qcore.systems)
- Contact: [email protected]
- IČO: 24636053
This plugin is a community contribution. Q-CORE Systems offers commercial PQC services (security audits, custom integrations, NIS2/CRA compliance) for organizations transitioning to post-quantum cryptography. Individual pricing on request.
## Acknowledgments
- [Open Quantum Safe (liboqs)](https://github.com/open-quantum-safe/liboqs) — production PQC implementations
- [OpenClaw](https://github.com/openclaw/openclaw) by Peter Steinberger — the AI agent platform
- [koffi](https://github.com/Koromix/koffi) by Niels Martignène — modern Node.js FFI
---
**Q-CORE Systems s.r.o.** — Post-quantum security for the AI agent era.
tools
Comments
Sign in to leave a comment