Aethyr Research has launched IoT edge node firmware for ESP32-S3 devices with post-quantum encryption, enabling boot in 2.1 seconds and facilitating PQC handshakes in 35ms.
Traditional public-key algorithms like RSA and ECC are on the verge of being outdated due to quantum computers’ potential to decode them rapidly using Shor’s algorithm. Acknowledging the looming threat, Google has revised its post-quantum migration timeline to 2029. Meanwhile, NIST FIPS 203 requires quantum-resistant security by 2035, prompting preparations for a transition in cryptography.
The Aethyr Edge Node firmware utilizes the ML-KEM-768 (FIPS 203) post-quantum key exchange, BLAKE3 integrity, and XChaCha20-Poly1305 encryption to facilitate secure server connections via the AethyrWire Protocol. Central to the Aethyr distributed agent mesh, it aims to deploy autonomous AI agents across a mesh network without cloud dependency. Currently, only the ESP32-S3 firmware is open-source; the rest of the Aethyr agent OS is proprietary.
Post-quantum resistant algorithms add minimal delays. Benchmark results for an ESP32-S3-WROOM-1 module at 240MHz show manageable impacts:
Operation | Mean | StdDev | Min | Max
—|—|—|—|—
BLAKE3 (1KB) | 255us | 102us | 238us | 969us
ML-KEM keygen | 9,052us | 164us | 8,986us | 9,558us
ML-KEM encap | 10,070us | 11us | 10,058us | 10,146us
ML-KEM decap | 12,197us | 11us | 12,192us | 12,275us
XChaCha20 encrypt | 243us | 46us | 235us | 564us
BLAKE3 KDF | 49us | 60us | 40us | 472us
AWP frame enc+dec | 363us | 95us | 346us | 1,030us
The firmware occupies 833KB, leaving 157KB of free heap out of 512KB SRAM at runtime. It underwent 410,000 fuzz iterations with zero crashes and 100,000 single-bit-flip tests and includes 13 self-tests each boot. Tested on ESP32-S3-WROOM-1 modules with NVIDIA Jetson Orin Nano Super as a WiFi access point, it should work with other ESP32-S3 boards. Instructions for code configuration and flashing are available on GitHub.
git clone https://github.com/aethyrai/esp32-awp-edge
cd esp32-awp-edge
# Configure WiFi and upstream node
idf.py menuconfig
# → AWP Edge Node Configuration
# WiFi SSID / Password
# Upstream host IP and port
idf.py build
idf.py -p /dev/ttyUSB0 flash monitor
A small issue persists: no OS image or software for the Jetson board was found, limiting usefulness. The encryption implementation could aid other PQC-resistant projects. Documentation is accessible [on GitHub](https://github.com/aethyrai/esp32-awp-edge), with more details in a [related blog post](https://web.archive.org/web/20260405041940/https://aethyrresearch.com/blog/post-quantum-esp32-edge-node).