What is VORTEX-256?
VORTEX-256 is a lattice-based Key Encapsulation Mechanism (KEM) invented at Bajpai Labs. It lets two parties establish a shared 32-byte secret over an insecure channel — the foundational operation behind post-quantum TLS, VPNs, and encrypted messaging.
The cryptographic innovation is Rotational Module Learning With Errors (RotMLWE): instead of hiding secrets under a random module matrix (as ML-KEM does), VORTEX hides a single secret under the Frobenius orbit of one ring element.
Standard approach (ML-KEM): VORTEX-256 approach (RotMLWE):
A (k×k matrix) a (one element)
↓ ↓
A·s + e a₀=a, a₁=σ(a), a₂=σ²(a)…
↓
aᵢ·s + eᵢDesign goals
| Goal | How VORTEX achieves it |
|---|---|
| Novel security foundation | New hardness assumption (RotMLWE) with a clean algebraic construction |
| Wire-compatible footprint | Same pk/ct sizes as Kyber-512 — 800 / 768 / 32 bytes |
| Efficient key expansion | 1 XOF call + cheap permutations vs k² matrix expansion |
| Accessible to developers | Pure Python (zero deps) + optional C native backend + PEM support |
| CCA-secure by construction | Fujisaki–Okamoto transform with implicit rejection |
Who is this for?
| Audience | Use case | Start here |
|---|---|---|
| Application developers | Post-quantum key exchange in apps, services, IoT | Quickstart → Integration guide |
| Security engineers | Threat modeling, key management, compliance review | Security model |
| Cryptographers | Analyze RotMLWE assumption, parameter choices | Concepts → Cryptography |
| Systems programmers | Embed in C/C++ services, firmware, HSMs | C library guide |
| Contributors | Extend the library, fix bugs, improve performance | Development guide |
How a key exchange works
The shared secret is never transmitted. Bob derives it during encapsulation; Alice recovers the identical value during decapsulation.
Package surfaces
| Surface | Install | Best for |
|---|---|---|
Python (vortex_pqc) | pip install vortex-pqc | Applications, scripts, services, prototyping |
C library (libvortex_pqc.a) | Build from source | Embedded systems, native services, language bindings |
| PEM encoding | Included in Python package | Key files, config management, ops tooling |
When to use VORTEX-256
Good fit
- Post-quantum research and prototyping
- Education and benchmarking lattice KEM constructions
- Exploring alternatives to ML-KEM's matrix-based assumption
- Applications that need Kyber-compatible wire sizes with a different primitive
Not recommended (yet)
- Production TLS without independent security audit
- Regulated environments requiring NIST-approved algorithms (use ML-KEM)
- Long-term archival keys where algorithm agility is unavailable
See Comparison guide and Security model for details.
Research preview status
VORTEX-256 is published as a research preview — similar to how major organisations ship experimental APIs before general availability:
| Stage | Status |
|---|---|
| Reference implementation | ✅ Python + C |
| Test suite | ✅ 26 Python + 3 C tests |
| Documentation | ✅ You are here |
| PyPI distribution | ✅ vortex-pqc |
| NIST standardisation | ❌ Not applicable |
| Independent cryptanalysis | ⏳ Ongoing community review welcome |
Next steps
Ready to code? → Quickstart Integrating into a service? → Key exchange guide | Want the math? → Core concepts Evaluating vs Kyber? → Comparison guide |