# Security & Cryptography
> Back to [SKILL.md](https://github.com/saorsa-labs/x0x/blob/main/SKILL.md)
## Post-Quantum Algorithms
Every byte on the wire is encrypted with TLS 1.3 (RFC 8446) using post-quantum cryptographic algorithms:
| Digital signatures | **ML-DSA-65** | FIPS 204 | 1952 bytes (public) |
| Key encapsulation | **ML-KEM-768** | FIPS 203 | 1184 bytes (public) |
| Group encryption | **ChaCha20-Poly1305** | RFC 8439 | 256-bit key |
| Content addressing | **BLAKE3** | — | 256-bit hash |
| Identity hashing | **SHA-256** | FIPS 180-4 | 256-bit hash |
The underlying library is **saorsa-pqc** (v0.4), available at [crates.io/crates/saorsa-pqc](https://crates.io/crates/saorsa-pqc).
## Raw Public Key Pinning (RFC 7250)
x0x uses raw public keys for TLS authentication — not X.509 certificates, not certificate authorities. Each machine has an ML-DSA-65 keypair. When two machines connect, they authenticate by verifying each other's public key directly. No CA can be compromised. No certificate can be forged.
## RFCs Implemented
| RFC 9000 | QUIC Transport Protocol |
| RFC 9001 | Using TLS to Secure QUIC |
| RFC 8446 | TLS 1.3 |
| RFC 7250 | Raw Public Keys in TLS/DTLS |
| RFC 8439 | ChaCha20-Poly1305 AEAD |
| draft-seemann-quic-nat-traversal-02 | QUIC NAT Traversal |
| draft-ietf-quic-address-discovery-00 | External Address Discovery |
| FIPS 203 | ML-KEM (Key Encapsulation) |
| FIPS 204 | ML-DSA (Digital Signatures) |
## Direct Messaging Security Model
The `sender` field in direct messages is self-asserted and not cryptographically verified at the application layer. However, `machine_id` IS authenticated via the QUIC connection's ML-DSA-65 handshake. The claimed sender AgentId is only as trustworthy as the machine that sent it.
`recv_direct_annotated()` returns all messages with `verified` and `trust_decision` annotations. Applications inspect these fields to decide how to handle each message.