From that other site...

‐-----------

Hi everyone,

I’ve been working on a project called OTRv4+ – an OTRv4 client that adds post‑quantum cryptography to every layer of the protocol. It’s a single‑file Python app (with three small C extensions) that runs on IRC, supports I2P/Tor, and even runs on a phone via Termux.

Why post‑quantum?

If a quantum computer breaks X448 tomorrow, your past and future messages are still protected. The key exchange uses Triple X448 + ML‑KEM‑1024, authentication uses Ed448 ring signatures + ML‑DSA‑87, and the ratchet brace key rotates via fresh ML‑KEM‑1024 at every DH epoch. All symmetric crypto uses SHA‑3 / AES‑256‑GCM, which are quantum‑resistant at the symmetric level.

What makes it different?

· No liboqs – I used OpenSSL 3.5+ native FIPS 203/204 providers for ML‑KEM and ML‑DSA.

· Single‑file Python (~12k lines) – the whole protocol is in one file to make auditing easier.

· 224 tests – covering ratchet torture, state forks, wire format fuzzing, and everything in between.

· Runs on Termux – I tested it on my phone with I2P on Libera.Chat.

Comparison with Signal PQXDH

Signal’s PQXDH adds ML‑KEM to the handshake but explicitly says “Authentication in PQXDH is not quantum‑secure”. OTRv4+ uses ML‑DSA‑87 to make authentication post‑quantum as well – at the cost of losing PQ deniability (a known open problem). I think it’s a worthwhile trade‑off for IRC where deniability is less critical.

If you want to try it:

· Git clone: https://github.com/muc111/OTRv4Plus

· Requires Python 3.9+, OpenSSL 3.5+, and a C compiler.

· Works on Termux, Linux, probably other Unix‑likes.

· Supports I2P, Tor, and clearnet with auto‑detection from the hostname.

Feedback / Contributions

I’d love to get your thoughts – issues, pull requests, or just a “hey, this works on my setup”. If you’re interested in a commercial license for proprietary use, please open an issue with the label commercial-license.

Cheers!