QNSP
Start building free
Why QNSP
The Quantum ImperativeWhy QNSPPQC Migration GuideCompetitive AnalysisVet PQC Vendors
Platform
Platform ArchitectureCapabilitiesUse Cases by IndustryKnowledge BaseBlogResearch
Trust
Trust HubCompliance MappingNIST ACVP ConformancePerformance BenchmarksEntropy ChainAlgorithm CatalogSystem Status
Developers
Developer HubUse CasesAI Assistants (MCP)
PricingContactStart building free

Key Encapsulation

Classic McEliece

Classic McEliece Code-Based KEM

non-FIPScode-based1 parameter setsQNSP tier: maximum+provider: liboqsalso called: McEliece, Niederreiter
The original code-based public-key cryptosystem, in continuous study since 1978 — by far the oldest cryptographic assumption in the PQC catalogue. Trades extremely large public keys for the most-studied security assumption available.

Mechanism

How it works

Classic McEliece uses binary Goppa codes. The public key is a permuted, scrambled generator matrix; the secret key is the underlying Goppa code structure. Encryption adds error vectors to a codeword; decryption uses Patterson's algorithm to correct the errors. Security has been studied continuously for 47+ years with no major breaks.

Parameter Sets

1 variants shipped

Each variant trades security category against key, ciphertext, or signature size. QNSP exposes all variants via the @cuilabs/liboqs-native binding; tenant crypto-policy determines which are allowed.

VariantNIST LevelPublic KeySecret KeyCiphertextNote
mceliece348864 / 460896 / 6688128 / 6960119 / 8192128L5261,120 B6,452 B96 B5 parameter sets covering NIST security categories 1, 3, and 5. Public keys range 261 KB – 1.36 MB.

NIST ACVP

Conformance evidence

QNSP runs the official NIST ACVP test vectors against every shipped algorithm. Live evidence + SHA-3-256 tamper digest at /verify/conformance.

@noble/post-quantum
non-addressable
Pure-JavaScript reference; cross-verification secondary on Maximum + Government tiers.
@cuilabs/liboqs-native
non-addressable
Native-C primary production engine. Runs across every QNSP backend service.
View live ACVP evidence →

Use Cases

When to use it

  • Highest-assurance workloads where conservative assumption value outweighs key-size cost
  • Stable long-term keys where the one-time public-key bandwidth is acceptable (private CA keys, root signing identities)

Trade-offs

What you give up, what you get

  • Public keys are 100x-1000x larger than ML-KEM-1024 — fundamentally not suitable for TLS or per-session usage
  • Smallest ciphertexts in the PQC catalogue (96-240 bytes)
  • Best-studied PQC security assumption (47+ years of cryptanalysis)

References

Primary sources