Shipping post-quantum cryptography to Python
Trail of Bits announced that post-quantum cryptography is now available in the Python ecosystem via pyca/cryptography. With funding from the Sovereign Tech Agency, they implemented ML-KEM (key-establishment) and ML-DSA (digital signatures), both NIST standards. The support ships in cryptography version 48, which includes Rust bindings, cross-binding APIs, tests, and AWS-LC backend support. pyca/cryptography is the 11th most-downloaded PyPI package, with 1.2 billion downloads in the last month, and underpins projects like Ansible, Certbot, Apache Airflow, and paramiko. The White House order of June 22, 2026, mandates post-quantum key establishment for high-value federal systems by December 31, 2030, and post-quantum digital signatures by December 31, 2031. The post notes that post-quantum primitives have larger sizes: ML-DSA-65 public keys are 1,952 bytes (vs. 32 bytes for Ed25519) and signatures are 3,309 bytes (vs. 64 bytes). ML-KEM-768 public keys are larger than X25519's. Operations are slower but imperceptible on modern hardware. The post emphasizes that library support is necessary for the software stack to migrate, as policy alone cannot drive the transition.
Python developers can now pip-install post-quantum primitives, enabling ecosystem-wide migration ahead of federal deadlines.