// cbom · CycloneDX 1.6
Cryptographic Infrastructure
This page documents the 20 cryptographic components actively used on beyond-shor.eu — from the post-quantum signature algorithms working in the background to the classical building blocks in the playground. Taking crypto-agility seriously means knowing what you have. This is our answer: a machine-readable cryptography inventory you can download, inspect, and analyse with CBOMkit-coeus.
Each component carries a context-scoped ID following the pattern algorithm:usage — for example aes-256-gcm:playground. This ensures the same cryptographic primitive can appear as a distinct entry in different deployment contexts without risking ID collisions.
The number 20 is a precision, not a limitation: not every library ends up in the CBOM — only the algorithms that perform actual cryptographic work on beyond-shor.eu. The TLS layer of the hosting provider, internal Node.js hashes for package integrity, and build tooling are deliberately out of scope.
The inventory is updated daily by an automated scanner that analyses the entire codebase for cryptographic primitives. New algorithms appear automatically, removed ones disappear — no manual effort required.
signed: cbom.json
sig: a3cd695b…131e2629
components
20
Cryptographic Assets
quantum-safe
18
Quantum-Safe
not-qs
2
Not quantum-safe
spec
CycloneDX
v1.6
// dependency-map
Dependency Map
KEM
#classic-mceliece-8192128:playground
Classic McEliece 8192128
KEM
#frodokem-1344:playground
FrodoKEM-1344
KEM
#ml-kem-1024:playground
ML-KEM-1024
Key Exchange
#x25519:playground
X25519
KDF
#hkdf-sha256:playground
HKDF-SHA-256
Block Cipher
#aes-256-gcm:playground
AES-256-GCM
Hash
#sha-256:contact-form
SHA-256
MAC
#hmac-sha256:contact-form
HMAC-SHA-256
Hash
#sha-256:article-signing
SHA-256
Hash
#shake-256:article-signing
SHAKE-256
Signature
#ml-dsa-65:article-signing
ML-DSA-65
Hash
#shake-256:cbom-signing
SHAKE-256
Signature
#ml-dsa-65:cbom-signing
ML-DSA-65
Hash
#shake-256:playground
SHAKE-256
Signature
#ml-dsa-65:playground
ML-DSA-65
Hash
#sha-256:playground
SHA-256
Signature
#slh-dsa-sha2-128f:playground
SLH-DSA-SHA2-128f
Signature
#slh-dsa-sha2-128s:playground
SLH-DSA-SHA2-128s
Signature
#ecdsa-p256:playground
ECDSA P-256
// 1 standalone (no dependencies): hs256-jwt:strapi
// components
Component Inventory
AES-256-GCM
Interactive Cryptography Playground — Authenticated symmetric encryption (AEAD, 256-bit key). Grover's algorithm halves the effective key length: AES-256 provides ~128-bit post-quantum security, corresponding to NIST Level 1.
Dependencies
Classic McEliece 8192128
Interactive Cryptography Playground — Code-based KEM (binary Goppa codes). Oldest and most battle-tested PQC assumption (50+ years). Very large public keys (~1 MB). Quantum-safe at NIST security level 5. NIST Round 4 alternate candidate.
Dependencies
—FrodoKEM-1344
Interactive Cryptography Playground — Lattice-based KEM (plain LWE — no ring/module structure). Most conservative lattice assumption. Quantum-safe at NIST security level 5. NIST Round 3 alternate candidate maintained by Microsoft Research.
Dependencies
—HKDF-SHA-256
Interactive Cryptography Playground — HMAC-based Key Derivation Function with SHA-256 (RFC 5869 / NIST SP 800-56C). Derives a combined AES-256 key from the X25519 and KEM shared secrets in the hybrid encryption playground.
Dependencies
HMAC-SHA-256
Contact form — HMAC with SHA-256 (NIST FIPS 198). Grover's algorithm reduces the underlying hash preimage resistance to ~128 bits. Level 2 follows CycloneDX categorisation.
Dependencies
HS256 (JWT)
Strapi CMS — API authentication tokens (internal, server-to-server only).
Dependencies
—ML-DSA-65
Article signing and verification — NIST FIPS 204 (August 2024). Lattice-based digital signature (Module-LWE + Module-SIS). Pure ML-DSA: message bytes passed directly without pre-hashing — SHAKE-256 applied internally (µ = SHAKE-256(tr ∥ M, 64) per FIPS 204 §5.2). Quantum-safe at NIST security level 3.
Dependencies
ML-DSA-65
CBOM signing — NIST FIPS 204 (August 2024). Lattice-based digital signature (Module-LWE + Module-SIS). Pure ML-DSA: message bytes passed directly without pre-hashing — SHAKE-256 applied internally (µ = SHAKE-256(tr ∥ M, 64) per FIPS 204 §5.2). Quantum-safe at NIST security level 3.
Dependencies
ML-DSA-65
Interactive Cryptography Playground — NIST FIPS 204 (August 2024). Lattice-based digital signature (Module-LWE + Module-SIS). Pure ML-DSA: message bytes passed directly without pre-hashing — SHAKE-256 applied internally (µ = SHAKE-256(tr ∥ M, 64) per FIPS 204 §5.2). Quantum-safe at NIST security level 3.
Dependencies
ML-KEM-1024
Interactive Cryptography Playground — NIST FIPS 203 (August 2024). Lattice-based KEM (Module-LWE). Quantum-safe at NIST security level 5.
Dependencies
—SHA-256
Article signing and verification — SHA-256 (NIST FIPS 180-4). Used here to hash media file content (images) into a compact 32-byte digest that is embedded in the signed article message. Grover's algorithm reduces preimage resistance to ~128 bits. Level 2 follows the classical CycloneDX categorisation.
Dependencies
—SHA-256
Contact form — SHA-256 (NIST FIPS 180-4). Used here to hash media file content (images) into a compact 32-byte digest that is embedded in the signed article message. Grover's algorithm reduces preimage resistance to ~128 bits. Level 2 follows the classical CycloneDX categorisation.
Dependencies
—SHA-256
Interactive Cryptography Playground — SHA-256 (NIST FIPS 180-4). Used here to hash media file content (images) into a compact 32-byte digest that is embedded in the signed article message. Grover's algorithm reduces preimage resistance to ~128 bits. Level 2 follows the classical CycloneDX categorisation.
Dependencies
—SHAKE-256
Article signing and verification — SHAKE-256 (NIST FIPS 202) — extendable output function (XOF) based on Keccak-1600. Used internally by ML-DSA-65 to derive the message representative µ = SHAKE-256(tr ∥ M, 64) per FIPS 204 §5.2. Not called directly in source; implicit via @noble/post-quantum.
Dependencies
—SHAKE-256
CBOM signing — SHAKE-256 (NIST FIPS 202) — extendable output function (XOF) based on Keccak-1600. Used internally by ML-DSA-65 to derive the message representative µ = SHAKE-256(tr ∥ M, 64) per FIPS 204 §5.2. Not called directly in source; implicit via @noble/post-quantum.
Dependencies
—SHAKE-256
Interactive Cryptography Playground — SHAKE-256 (NIST FIPS 202) — extendable output function (XOF) based on Keccak-1600. Used internally by ML-DSA-65 to derive the message representative µ = SHAKE-256(tr ∥ M, 64) per FIPS 204 §5.2. Not called directly in source; implicit via @noble/post-quantum.
Dependencies
—SLH-DSA-SHA2-128f
Interactive Cryptography Playground — Hash-based stateless signature scheme (fast variant). NIST FIPS 205 (August 2024). Faster signing than the small variant at the cost of larger signatures. Quantum-safe at NIST security level 1. Based on SPHINCS+.
Dependencies
SLH-DSA-SHA2-128s
Interactive Cryptography Playground — Hash-based stateless signature scheme (small variant). NIST FIPS 205 (August 2024). Smallest signatures of the SLH-DSA family at the cost of significantly slower signing. Quantum-safe at NIST security level 1. Based on SPHINCS+.
Dependencies
ECDSA P-256
Interactive Cryptography Playground — Classical elliptic-curve digital signature (NIST P-256 / secp256r1). Quantum-VULNERABLE — Shor's algorithm can recover the private key from the public key. Intentionally included as a quantum-vulnerable classical baseline in the Signature Playground.
Dependencies
X25519
Interactive Cryptography Playground — Classical ECDH key exchange (Curve25519). Quantum-VULNERABLE — Shor's algorithm breaks the elliptic curve discrete logarithm. Intentionally included as quantum-vulnerable baseline in hybrid schemes.
Dependencies
—// export
Export
// show CBOM JSON
{
"bomFormat": "CycloneDX",
"specVersion": "1.6",
"version": 12,
"serialNumber": "urn:uuid:b7e3c2a1-4f8d-4e9b-a1c3-d6f2e8b5a790",
"metadata": {
"timestamp": "2026-03-27T18:53:51Z",
"component": {
"type": "application",
"name": "beyond-shor.eu",
"version": "1.0.0",
"description": "Post-Quantum Cryptography blog and interactive playground"
},
"tools": [
{
"name": "scan-cbom.mjs",
"version": "1.0.0"
}
]
},
"components": [
{
"bom-ref": "aes-256-gcm:playground",
"type": "cryptographic-asset",
"name": "AES-256-GCM",
"description": "Interactive Cryptography Playground — Authenticated symmetric encryption (AEAD, 256-bit key). Grover's algorithm halves the effective key length: AES-256 provides ~128-bit post-quantum security, corresponding to NIST Level 1.",
"cryptoProperties": {
"assetType": "algorithm",
"algorithmProperties": {
"primitive": "block-cipher",
"nistQuantumSecurityLevel": 1
}
}
},
{
"bom-ref": "classic-mceliece-8192128:playground",
"type": "cryptographic-asset",
"name": "Classic McEliece 8192128",
"description": "Interactive Cryptography Playground — Code-based KEM (binary Goppa codes). Oldest and most battle-tested PQC assumption (50+ years). Very large public keys (~1 MB). Quantum-safe at NIST security level 5. NIST Round 4 alternate candidate.",
"cryptoProperties": {
"assetType": "algorithm",
"algorithmProperties": {
"primitive": "kem",
"nistQuantumSecurityLevel": 5
}
}
},
{
"bom-ref": "frodokem-1344:playground",
"type": "cryptographic-asset",
"name": "FrodoKEM-1344",
"description": "Interactive Cryptography Playground — Lattice-based KEM (plain LWE — no ring/module structure). Most conservative lattice assumption. Quantum-safe at NIST security level 5. NIST Round 3 alternate candidate maintained by Microsoft Research.",
"cryptoProperties": {
"assetType": "algorithm",
"algorithmProperties": {
"primitive": "kem",
"nistQuantumSecurityLevel": 5
}
}
},
{
"bom-ref": "hkdf-sha256:playground",
"type": "cryptographic-asset",
"name": "HKDF-SHA-256",
"description": "Interactive Cryptography Playground — HMAC-based Key Derivation Function with SHA-256 (RFC 5869 / NIST SP 800-56C). Derives a combined AES-256 key from the X25519 and KEM shared secrets in the hybrid encryption playground.",
"cryptoProperties": {
"assetType": "algorithm",
"algorithmProperties": {
"primitive": "kdf",
"nistQuantumSecurityLevel": 2
}
}
},
{
"bom-ref": "hmac-sha256:contact-form",
"type": "cryptographic-asset",
"name": "HMAC-SHA-256",
"description": "Contact form — HMAC with SHA-256 (NIST FIPS 198). Grover's algorithm reduces the underlying hash preimage resistance to ~128 bits. Level 2 follows CycloneDX categorisation.",
"cryptoProperties": {
"assetType": "algorithm",
"algorithmProperties": {
"primitive": "mac",
"nistQuantumSecurityLevel": 2
}
}
},
{
"bom-ref": "hs256-jwt:strapi",
"type": "cryptographic-asset",
"name": "HS256 (JWT)",
"description": "Strapi CMS — API authentication tokens (internal, server-to-server only).",
"cryptoProperties": {
"assetType": "algorithm",
"algorithmProperties": {
"primitive": "mac",
"nistQuantumSecurityLevel": 2
}
}
},
{
"bom-ref": "ml-dsa-65:article-signing",
"type": "cryptographic-asset",
"name": "ML-DSA-65",
"description": "Article signing and verification — NIST FIPS 204 (August 2024). Lattice-based digital signature (Module-LWE + Module-SIS). Pure ML-DSA: message bytes passed directly without pre-hashing — SHAKE-256 applied internally (µ = SHAKE-256(tr ∥ M, 64) per FIPS 204 §5.2). Quantum-safe at NIST security level 3.",
"cryptoProperties": {
"assetType": "algorithm",
"algorithmProperties": {
"primitive": "signature",
"nistQuantumSecurityLevel": 3
}
}
},
{
"bom-ref": "ml-dsa-65:cbom-signing",
"type": "cryptographic-asset",
"name": "ML-DSA-65",
"description": "CBOM signing — NIST FIPS 204 (August 2024). Lattice-based digital signature (Module-LWE + Module-SIS). Pure ML-DSA: message bytes passed directly without pre-hashing — SHAKE-256 applied internally (µ = SHAKE-256(tr ∥ M, 64) per FIPS 204 §5.2). Quantum-safe at NIST security level 3.",
"cryptoProperties": {
"assetType": "algorithm",
"algorithmProperties": {
"primitive": "signature",
"nistQuantumSecurityLevel": 3
}
}
},
{
"bom-ref": "ml-dsa-65:playground",
"type": "cryptographic-asset",
"name": "ML-DSA-65",
"description": "Interactive Cryptography Playground — NIST FIPS 204 (August 2024). Lattice-based digital signature (Module-LWE + Module-SIS). Pure ML-DSA: message bytes passed directly without pre-hashing — SHAKE-256 applied internally (µ = SHAKE-256(tr ∥ M, 64) per FIPS 204 §5.2). Quantum-safe at NIST security level 3.",
"cryptoProperties": {
"assetType": "algorithm",
"algorithmProperties": {
"primitive": "signature",
"nistQuantumSecurityLevel": 3
}
}
},
{
"bom-ref": "ml-kem-1024:playground",
"type": "cryptographic-asset",
"name": "ML-KEM-1024",
"description": "Interactive Cryptography Playground — NIST FIPS 203 (August 2024). Lattice-based KEM (Module-LWE). Quantum-safe at NIST security level 5.",
"cryptoProperties": {
"assetType": "algorithm",
"algorithmProperties": {
"primitive": "kem",
"nistQuantumSecurityLevel": 5
}
}
},
{
"bom-ref": "sha-256:article-signing",
"type": "cryptographic-asset",
"name": "SHA-256",
"description": "Article signing and verification — SHA-256 (NIST FIPS 180-4). Used here to hash media file content (images) into a compact 32-byte digest that is embedded in the signed article message. Grover's algorithm reduces preimage resistance to ~128 bits. Level 2 follows the classical CycloneDX categorisation.",
"cryptoProperties": {
"assetType": "algorithm",
"algorithmProperties": {
"primitive": "hash",
"nistQuantumSecurityLevel": 2
}
}
},
{
"bom-ref": "sha-256:contact-form",
"type": "cryptographic-asset",
"name": "SHA-256",
"description": "Contact form — SHA-256 (NIST FIPS 180-4). Used here to hash media file content (images) into a compact 32-byte digest that is embedded in the signed article message. Grover's algorithm reduces preimage resistance to ~128 bits. Level 2 follows the classical CycloneDX categorisation.",
"cryptoProperties": {
"assetType": "algorithm",
"algorithmProperties": {
"primitive": "hash",
"nistQuantumSecurityLevel": 2
}
}
},
{
"bom-ref": "sha-256:playground",
"type": "cryptographic-asset",
"name": "SHA-256",
"description": "Interactive Cryptography Playground — SHA-256 (NIST FIPS 180-4). Used here to hash media file content (images) into a compact 32-byte digest that is embedded in the signed article message. Grover's algorithm reduces preimage resistance to ~128 bits. Level 2 follows the classical CycloneDX categorisation.",
"cryptoProperties": {
"assetType": "algorithm",
"algorithmProperties": {
"primitive": "hash",
"nistQuantumSecurityLevel": 2
}
}
},
{
"bom-ref": "shake-256:article-signing",
"type": "cryptographic-asset",
"name": "SHAKE-256",
"description": "Article signing and verification — SHAKE-256 (NIST FIPS 202) — extendable output function (XOF) based on Keccak-1600. Used internally by ML-DSA-65 to derive the message representative µ = SHAKE-256(tr ∥ M, 64) per FIPS 204 §5.2. Not called directly in source; implicit via @noble/post-quantum.",
"cryptoProperties": {
"assetType": "algorithm",
"algorithmProperties": {
"primitive": "hash",
"nistQuantumSecurityLevel": 3
}
}
},
{
"bom-ref": "shake-256:cbom-signing",
"type": "cryptographic-asset",
"name": "SHAKE-256",
"description": "CBOM signing — SHAKE-256 (NIST FIPS 202) — extendable output function (XOF) based on Keccak-1600. Used internally by ML-DSA-65 to derive the message representative µ = SHAKE-256(tr ∥ M, 64) per FIPS 204 §5.2. Not called directly in source; implicit via @noble/post-quantum.",
"cryptoProperties": {
"assetType": "algorithm",
"algorithmProperties": {
"primitive": "hash",
"nistQuantumSecurityLevel": 3
}
}
},
{
"bom-ref": "shake-256:playground",
"type": "cryptographic-asset",
"name": "SHAKE-256",
"description": "Interactive Cryptography Playground — SHAKE-256 (NIST FIPS 202) — extendable output function (XOF) based on Keccak-1600. Used internally by ML-DSA-65 to derive the message representative µ = SHAKE-256(tr ∥ M, 64) per FIPS 204 §5.2. Not called directly in source; implicit via @noble/post-quantum.",
"cryptoProperties": {
"assetType": "algorithm",
"algorithmProperties": {
"primitive": "hash",
"nistQuantumSecurityLevel": 3
}
}
},
{
"bom-ref": "slh-dsa-sha2-128f:playground",
"type": "cryptographic-asset",
"name": "SLH-DSA-SHA2-128f",
"description": "Interactive Cryptography Playground — Hash-based stateless signature scheme (fast variant). NIST FIPS 205 (August 2024). Faster signing than the small variant at the cost of larger signatures. Quantum-safe at NIST security level 1. Based on SPHINCS+.",
"cryptoProperties": {
"assetType": "algorithm",
"algorithmProperties": {
"primitive": "signature",
"nistQuantumSecurityLevel": 1
}
}
},
{
"bom-ref": "slh-dsa-sha2-128s:playground",
"type": "cryptographic-asset",
"name": "SLH-DSA-SHA2-128s",
"description": "Interactive Cryptography Playground — Hash-based stateless signature scheme (small variant). NIST FIPS 205 (August 2024). Smallest signatures of the SLH-DSA family at the cost of significantly slower signing. Quantum-safe at NIST security level 1. Based on SPHINCS+.",
"cryptoProperties": {
"assetType": "algorithm",
"algorithmProperties": {
"primitive": "signature",
"nistQuantumSecurityLevel": 1
}
}
},
{
"bom-ref": "ecdsa-p256:playground",
"type": "cryptographic-asset",
"name": "ECDSA P-256",
"description": "Interactive Cryptography Playground — Classical elliptic-curve digital signature (NIST P-256 / secp256r1). Quantum-VULNERABLE — Shor's algorithm can recover the private key from the public key. Intentionally included as a quantum-vulnerable classical baseline in the Signature Playground.",
"cryptoProperties": {
"assetType": "algorithm",
"algorithmProperties": {
"primitive": "signature",
"nistQuantumSecurityLevel": 0
}
}
},
{
"bom-ref": "x25519:playground",
"type": "cryptographic-asset",
"name": "X25519",
"description": "Interactive Cryptography Playground — Classical ECDH key exchange (Curve25519). Quantum-VULNERABLE — Shor's algorithm breaks the elliptic curve discrete logarithm. Intentionally included as quantum-vulnerable baseline in hybrid schemes.",
"cryptoProperties": {
"assetType": "algorithm",
"algorithmProperties": {
"primitive": "ke",
"nistQuantumSecurityLevel": 0
}
}
}
],
"dependencies": [
{
"ref": "aes-256-gcm:playground",
"dependsOn": [
"hkdf-sha256:playground"
]
},
{
"ref": "classic-mceliece-8192128:playground",
"dependsOn": []
},
{
"ref": "frodokem-1344:playground",
"dependsOn": []
},
{
"ref": "hkdf-sha256:playground",
"dependsOn": [
"classic-mceliece-8192128:playground",
"frodokem-1344:playground",
"ml-kem-1024:playground",
"x25519:playground"
]
},
{
"ref": "hmac-sha256:contact-form",
"dependsOn": [
"sha-256:contact-form"
]
},
{
"ref": "hs256-jwt:strapi",
"dependsOn": []
},
{
"ref": "ml-dsa-65:article-signing",
"dependsOn": [
"sha-256:article-signing",
"shake-256:article-signing"
]
},
{
"ref": "ml-dsa-65:cbom-signing",
"dependsOn": [
"shake-256:cbom-signing"
]
},
{
"ref": "ml-dsa-65:playground",
"dependsOn": [
"shake-256:playground"
]
},
{
"ref": "ml-kem-1024:playground",
"dependsOn": []
},
{
"ref": "sha-256:article-signing",
"dependsOn": []
},
{
"ref": "sha-256:contact-form",
"dependsOn": []
},
{
"ref": "sha-256:playground",
"dependsOn": []
},
{
"ref": "shake-256:article-signing",
"dependsOn": []
},
{
"ref": "shake-256:cbom-signing",
"dependsOn": []
},
{
"ref": "shake-256:playground",
"dependsOn": []
},
{
"ref": "slh-dsa-sha2-128f:playground",
"dependsOn": [
"sha-256:playground"
]
},
{
"ref": "slh-dsa-sha2-128s:playground",
"dependsOn": [
"sha-256:playground"
]
},
{
"ref": "ecdsa-p256:playground",
"dependsOn": [
"sha-256:playground"
]
},
{
"ref": "x25519:playground",
"dependsOn": []
}
]
}