SHARE:

.NET 10: Post-Quantum Cryptography Comes to .NET

2026-01-19 by anthonygiretti

Introduction

Quantum computing is no longer just a research topic. As the technology matures, the cryptographic algorithms that secure today’s applications are expected to become vulnerable to quantum attacks. To prepare for that future, .NET 10 introduces built-in support for Post-Quantum Cryptography (PQC), allowing developers to start adopting quantum-resistant algorithms today.

In this post, we will explore what PQC means for .NET developers and how easy it is to use the new APIs with a practical example.

Why Post-Quantum Cryptography Matters

Most modern security protocols rely on algorithms such as RSA or ECDSA. These are considered safe with classical computers, but large-scale quantum computers could theoretically break them in a reasonable amount of time.

Post-Quantum Cryptography algorithms are designed to remain secure even in the presence of quantum computing power. Standardization efforts led by organizations like NIST have produced new algorithms, and .NET 10 now provides native support for some of them.

New Families of Algorithms in .NET 10

NET 10 introduces support for two major categories of post-quantum primitives:

  1. Digital Signatures – used for authentication and integrity
  2. Key Encapsulation Mechanisms (KEM) – used for secure key exchange

These map directly to the algorithms recently standardized by NIST and are now available through the System.Security.Cryptography namespace.

Example 1 – ML-DSA: Quantum-Resistant Digital Signatures

ML-DSA is a general-purpose post-quantum signature algorithm intended to replace RSA or ECDSA in many scenarios. It offers strong security with good performance and relatively compact signatures.

The following example demonstrates how to generate a key, sign data, export the public key, and verify the signature:

This API follows the same patterns that .NET developers already know, making it extremely easy to integrate into existing applications.

Typical use cases include:

  • API authentication
  • Code signing
  • Document signing
  • Secure messaging systems

Example 2 – SLH-DSA: Highly Conservative Signatures

While ML-DSA focuses on performance and efficiency, SLH-DSA is a stateless hash-based signature algorithm designed for extremely long-term security. It produces larger signatures but offers very conservative security guarantees.

Here is how to use SLH-DSA in .NET 10:

SLH-DSA is particularly well suited for:

  • Firmware updates
  • Highly regulated environments
  • Archival signatures
  • Systems requiring maximum cryptographic conservatism

Example 3 – ML-KEM: Post-Quantum Key Exchange

Digital signatures are only one part of the story. Secure communication protocols also require a way to establish shared secrets. In classical cryptography this is often done with RSA or ECDH.

.NET 10 introduces ML-KEM, a post-quantum Key Encapsulation Mechanism designed to replace those algorithms.

The following example shows how two parties can agree on a shared secret using ML-KEM:

This pattern is the post-quantum equivalent of traditional key exchange mechanisms and can be used for:

  • Building encrypted channels
  • Securing custom protocols
  • Hybrid classical + PQC encryption systems
  • Future TLS-like implementations

Choosing the Right Algorithm

With multiple options available, it is useful to understand when to use each one.

  • Need digital signatures with good performance? Use ML-DSA
  • Need extremely conservative long-term signatures? Use SLH-DSA
  • Need to establish shared secrets securely? Use ML-KEM

In many real-world scenarios, systems will combine classical algorithms with post-quantum ones in hybrid modes to ensure compatibility during the transition period.

Conclusion

Post-Quantum Cryptography is becoming a crucial part of long-term security strategies. With .NET 10, Microsoft is giving developers the tools needed to begin that transition today.

Whether you are signing data with ML-DSA, using SLH-DSA for high-assurance scenarios, or exchanging secrets with ML-KEM, the new APIs make it possible to experiment with and deploy quantum-resistant cryptography using familiar .NET patterns.

The future of secure computing is quantum-resistant, and .NET 10 ensures that the .NET ecosystem is ready for it.

Happy coding!

Written by

anthonygiretti

Anthony is a specialist in Web technologies (14 years of experience), in particular Microsoft .NET and learns the Cloud Azure platform. He has received twice the Microsoft MVP award and he is also certified Microsoft MCSD and Azure Fundamentals.