> Post-quantum cryptography has not yet had the amount of public analysis and scrutiny that classical cryptography has enjoyed. For this reason, we will use post-quantum cryptography in combination with classical cryptography. The post-quantum component will use lattice-based algorithms, as they offer good security and performance. For digital signatures, we have selected CRYSTALS-Dilithium in combination with Ed25519. For encryption, we chose CRYSTALS-Kyber in combination with X25519. Using a combination of classical and post-quantum algorithms offers the best of both worlds: Your data will be safe unless the attacker breaks both classical and quantum cryptography.<p>Notable that this seems to me (as a non-expert) like the exact same path that the Signal team is using. CRYSTALS-Kyber is the same algorithm selected by Signal for their own implementation of post-quantum.<p><a href="https://signal.org/blog/pqxdh/" rel="nofollow noreferrer">https://signal.org/blog/pqxdh/</a>