highCWE-327

ECDSA/ECDH Quantum Vulnerability: Detection & Auto-Fix

Elliptic Curve Cryptography — including ECDSA (signing), ECDH (key exchange), Ed25519, and X25519 — is broken by Shor's algorithm on a quantum computer, just like RSA. Although ECC uses smaller key sizes and is faster than RSA, it provides zero additional quantum resistance. NIST's post-quantum migration timeline applies equally to all elliptic curve algorithms. ECDSA is widely used in TLS 1.3, SSH, cryptocurrency wallets, code signing, and WebAuthn/FIDO2. All of these systems will need migration to ML-DSA (FIPS 204) or SLH-DSA (FIPS 205) for signatures, and ML-KEM (FIPS 203) for key exchange.

Why AI tools generate this vulnerability

AI Risk Factor

AI tools frequently suggest ECC as a "modern" and "more secure" alternative to RSA — which is true for classical attacks but completely irrelevant against quantum computers. When developers ask AI assistants to "use a more secure algorithm than RSA," the AI will suggest switching to ECDSA with P-256 or Ed25519, giving developers a false sense of security. Both RSA and ECC fall to the same quantum algorithm. AI-generated code using the Web Crypto API, Node.js crypto module, or Python cryptography library almost always defaults to ECDSA P-256 for signing operations.

Vulnerable code example

VULNERABLE
// Node.js — AI-generated quantum-vulnerable code
import { generateKeyPairSync, sign } from "crypto";

// VULNERABLE: ECDSA is broken by Shor's algorithm
const { publicKey, privateKey } = generateKeyPairSync(
  "ec",
  {
    namedCurve: "P-256",
    publicKeyEncoding: {
      type: "spki",
      format: "pem",
    },
    privateKeyEncoding: {
      type: "pkcs8",
      format: "pem",
    },
  }
);

// VULNERABLE: ECDSA signature — quantum-forgeable
const signature = sign("sha256", data, privateKey);

# Python — AI-generated quantum-vulnerable code
from cryptography.hazmat.primitives.asymmetric import ec

# VULNERABLE: ECDSA P-256 — quantum-vulnerable
private_key = ec.generate_private_key(ec.SECP256R1())

# VULNERABLE: ECDH key exchange — quantum-breakable
shared_key = private_key.exchange(
    ec.ECDH(), peer_public_key
)

Secure code example

SECURE
// Node.js — post-quantum signature (secure)
// ML-DSA (FIPS 204) — NIST-approved replacement for ECDSA
import { mlDsa65 } from "@noble/post-quantum/ml-dsa";

// SECURE: ML-DSA key generation (quantum-resistant)
const { publicKey, secretKey } = mlDsa65.keygen();

// SECURE: quantum-resistant digital signature
const signature = mlDsa65.sign(secretKey, message);

// SECURE: verification
const isValid = mlDsa65.verify(
  publicKey, message, signature
);

# Python — post-quantum key exchange (secure)
# ML-KEM (FIPS 203) — NIST-approved replacement for ECDH
from pqcrypto.kem.kyber768 import (
    generate_keypair, encrypt, decrypt
)

# SECURE: ML-KEM key generation (quantum-resistant)
public_key, secret_key = generate_keypair()

# SECURE: quantum-resistant key encapsulation
ciphertext, shared_secret = encrypt(public_key)
shared_secret_dec = decrypt(secret_key, ciphertext)

How CodeShield detects this

CodeShield uses multi-layer static analysis to detect ecdsa/ecdh quantum vulnerability vulnerabilities across your entire codebase:

Detection of ECDSA, ECDH, Ed25519, and X25519 key generation across all languages
Elliptic curve signing and verification operations (P-256, P-384, P-521, secp256k1)
ECDH key exchange and shared secret derivation
Web Crypto API subtle.generateKey with ECDSA/ECDH algorithm
JWT libraries configured with ES256, ES384, ES512, EdDSA algorithms

Affected languages

JavaScriptTypeScriptPythonJavaGoRubyRust

Scan for ecdsa/ecdh quantum vulnerability in your repos

CodeShield detects ecdsa/ecdh quantum vulnerability and 5+ other vulnerability types across your entire codebase. Auto-fix with AI in one click.

Scan Your Repos Free