It uses nothing but Merkle trees and SHA-256 hashes, lacks documentation and should be used by no one, but the code is pretty simple to follow  and I'd appreciate any and all comments/criticisms in terms of implementation, optimizations, usage requirements and API improvements:
The NSA announced they will be transitioning to quantum resistant algorithm in the "not to distant future".
So this is something that may be getting a lot more press in the...not to distant future.
1. It takes time to implement new methods. Would it be acceptable for there to be a period of months or years during which we can't make credit card transactions, etc.?
2. Coded text of messages encoded using conventional cryptographic methods can be intercepted, archived and then broken at a later date. If you make a purchase today, somebody archives the coded exchange, and a quantum computer capable of cracking the encryption used in that exchange becomes available before your credit card expires, you've got a problem. You've got an even bigger problem if you transmit information that remains sensitive for longer than your credit card info.
As a general rule, don't use conventional encryption methods to transmit information with long-term sensitivity (e.g. medical records, etc.).
So what do you suggest I use today, given that I have a medical record here and I need it over there?
For network transfers, you'll likely also want to select your encryption with PFS:
For defense against large quantum computers, different PFS schemes need to be used (fortunately not hard to construct from other post quantum primitives).
(A) Handling key exchange (Diffie-Hellmman) is ugly. There are other algorithms, but I'm unclear what a good choice is right now. I'm also unclear if larger key sizes are actually helpful.
(B) For symmetric algorithms, AES, use AES-256. In the quantum case, it might be equivalent to ~127-128 bit AES, which is pretty decent.
(C) For hashing, use SHA-512. It uses 64-bit words, and might be similar in strength to SHA-256 today.
(D) A lot of hash algorithms can actually be used as signature schemes, especially if you combine them with Merkle tree like structures.
Also, all alphanumeric combinations have been generated.
The receiving party received the data on physical media in the mail, but refused to access it, as the tool used to encrypt the data wasn't validated to FIPS 140-2 Level 2. (It was a reasonably good commercial product, and had Level 1 validation, and the folks negotiating this had no clue what that meant anyway) Why did that matter? Who the hell knows.
Their counter proposal was that something like 2,000 pages of whatever would be securely transmitted via Fax.
The punchline is that the stuff ended up getting re-shipped in paper form via Fedex Same-Day, securely nestled in a big pelican case secured with zip ties and a $30 padlock. Everyone shook their heads, except for the poor secretary facing sending 2,000 pages through a fax machine :)
Also if tomorrow some one makes a quantum computer which can say break 2048bit RSA easily it won't break the world.
A state actor with a trillion dollar machine won't care about your credit card. And this won't change quickly quantum computing will be very expensive for decades to come.
And moving to symmetric encryption with key exchange instead of classical PKI is always an option.
As a general rule using anything but conventional encryption is a sure way of having your encryption broken unless you are a world grade cryptographer with 50 world grade friends that can audit your system.
My niche, high assurance, has seen a lot of use of old, Merkle trees for memory encryption and obfuscation. A few examples.
Note: Merkle seems to be one of the under-appreciated cryptographers of history. His legacy might live on and get better than ever post-Quantum, though. ;)
Personally, I think this is another spot where a mini-Manhattan Project worth of brains should be put into. Specifically, finding more problems that can be turned into good, asymmetric crypto. I'm sure there's already a list of potential ones that a ridiculously hard to solve. Just need bright people thinking hard on how to leverage them for key exchange at the least.
That's a pretty big if.
Do you have any examples of steganography software tha you think does it right?