ESP32-S3 gets post-quantum encryption with Aethyr Edge Node open-source firmware

Aethyr Research has released post-quantum encrypted IoT edge node firmware for ESP32-S3 targets that boots in 2.1 seconds and supports full PQC (Post Quantum Cryptography) handshakes in 35ms. Public-key cryptographic algorithms such as RSA and ECC will soon have to be replaced due to the advance of quantum computers that will be able to crack such encryption within a few hours to days using Shor’s algorithm . While there’s still time, Google recently updated its timeline for post-quantum cryptography migration to 2029, mostly because it’s possible to store data now for an attack once sufficiently powerful quantum computers become available, and the NIST FIPS 203 standard (ML-KEM-768) mandates quantum-resistant security by 2035. The Aethyr Edge Node open-source firmware relies on formally verified ML-KEM-768 (FIPS 203) post-quantum key exchange, BLAKE3 integrity, and XChaCha20-Poly1305 encryption to implement post-quantum encryption to connect to a server over the AethyrWire Protocol (AWP). It’s a building block of the Aethyr distributed agent mesh, aiming to deploy autonomous AI agents over a mesh network with small nodes running TinyML and larger nodes for more complex reasoning without having to rely on the cloud. The only part of the project that’s open source for now is the ESP32-S3 firmware, and the rest of the Aethyr agent operating system remains proprietary. Aethyr dashboard The post-quantum resistant algorithms will introduce some delays, but based on the benchmarks released for an ESP32-S3-WROOM-1 module with a CPU clocked at 240MHz (50 iterations, mean and standard deviation), it does not look too bad. Operation Mean StdDev Min Max BLAKE3 (1KB) 255us 102us 238us 969us ML-KEM keygen 9,052us 164us 8,986us 9,558us ML-KEM encap 10,070us 11us 10,058us 10,146us ML-KEM decap 12,197us 11us 12,192us 12,275us XChaCha20 encrypt 243us 46us 235us 564us BLAKE3 KDF 49us 60us 40us 472us AWP frame enc+dec 363us 95us 346us 1,030us The firmware has an 833KB footprint, and the free heap is 157KB out of 512KB SRAM at runtime. The firmware has also been tested with 410,000 fuzz iterations (AddressSanitizer + UBSan) with zero crashes and 100,000 single-bit-flip tests, all detected. It also runs 13 self-tests on every boot. Aethyr tested it on ESP32-S3-WROOM-1 modules with 8MB PSRAM and an NVIDIA Jetson Orin Nano Super acting as a 2.4 GHz WiFi access point running the upstream NODE. It should work on any ESP32-S3 boards, and you can check out the code, configure, build, and flash the firmware to your board as follows (ESP-IDF v5.4+ required): git clone https://github.com/aethyrai/esp32-awp-edge cd esp32-awp-edge # Configure WiFi and upstream node idf.py menuconfig # → AWP Edge Node Configuration # WiFi SSID / Password # Upstream host IP and port idf.py build idf.py -p /dev/ttyUSB0 flash monitor 1 2 3 4 5 6 7 8 9 10 11 git clone https : //github.com/aethyrai/esp32-awp-edge cd esp32 - awp - edge # Configure WiFi and upstream node idf . py menuconfig # → AWP Edg