How to Enable Post-Quantum Access on i2pd?

• This tutorial is forward-looking; the following content is completely infeasible in the current stable version of i2pd.

Currently, ML-KEM-768 is the default post-quantum algorithm, ensuring data transmitted cannot be decrypted by quantum computers.

ECIES_X25519_AEAD (type 4) and ML-KEM-768 (type 6) are the two default enabled algorithms. If the latter is unavailable, the former is used (ECIES_X25519_AEAD is a traditional asymmetric algorithm, vulnerable to quantum computers).

Post-quantum algorithms can be enabled on i2pd only when the following requirements are met.

For Clients

• Device OpenSSL version ≥ 3.5
• Future i2pd version

For Servers

• Device OpenSSL version ≥ 3.5
• Future i2pd version

If you want to disable traditional asymmetric algorithms, set the i2cp.leaseSetEncType parameter to 6 (ML-KEM-768), like this:

[my-website]
type = http
host = 127.0.0.1
port = 8080
keys = my-website.dat
i2cp.leaseSetEncType = 6

This ensures visitors can only connect via post-quantum tunnels. However, if the visitor's i2pd version is too old or OpenSSL version is < 3.5, access will be denied.

To disable post-quantum algorithms, set the parameter to 4.