ProbablySafe

• 

  Open Safe

• 

  Labeled Components 1

• 

  Labeled Components 2

Inspiration

NIST finalized its first set of post-quantum cryptography (PQC) standards in August 2024 (FIPS 203, 204, and 205), signaling that organizations — especially federal agencies — need to begin migrating away from quantum-vulnerable encryption such as RSA and ECC toward quantum-resistant algorithms like ML-KEM and ML-DSA.

We believed that security and privacy should matter just as much for ordinary people as they do for governments and corporations, so we asked a simple question:

What if the place quantum-vulnerable security hurts most is not a datacenter, but someone’s home?

That idea led us to ProbablySafe — a smart-lock prototype that demonstrates, in a way people can actually see, why legacy public-key systems are threatened by future quantum attacks and why post-quantum cryptography matters.

We also wanted ProbablySafe to go beyond just preventing unauthorized access. A secure home system should not only resist attacks, but also help the homeowner understand when an access attempt happened and who was involved. That led us to integrate a facial-recognition dashboard that helps users quickly identify intruders without having to manually dig through long CCTV logs or security footage.

What it does

ProbablySafe is a post-quantum smart lock prototype designed to protect physical access systems against the long-term risks of quantum-vulnerable public-key cryptography.

The system uses a phone-friendly frontend to send unlock requests through our backend, which verifies the request cryptographically before triggering the physical lock. When authentication succeeds, ProbablySafe sends an unlock command to an ESP32, which controls a servo motor that physically unlocks our lock box.

In addition to the lock itself, ProbablySafe includes a facial-recognition security dashboard that helps users identify suspicious visitors or intruders more quickly. Instead of forcing the user to scroll back through long logs or CCTV footage, the dashboard highlights relevant captured faces so the homeowner can immediately see who attempted to access the system.

Together, these two components work as a stronger security platform:

• post-quantum cryptography protects the lock against future quantum-vulnerable attack paths
• facial recognition and dashboard monitoring help users detect and identify attempted intrusions in a fast, usable way

How we built it

We built ProbablySafe as a full stack system with four layers:

• Frontend: a phone-friendly interface that lets a user send unlock requests and view lock status
• Backend: a Python API that handles authentication, verification, and device control
• Cryptography layer: post-quantum key establishment using ML-KEM and authenticated encryption using AES-GCM
• Hardware layer: an ESP32 connected to a servo motor that physically actuates the lock box
• Vision layer: a facial-recognition pipeline that surfaces relevant faces and intrusion attempts in a dashboard

Challenges we ran into

One challenge was getting post-quantum tooling working across environments, especially the native liboqs dependency on Windows. Setting up the shared libraries, matching architectures, and making the runtime find the correct DLLs took more effort than expected.

We also had to think carefully about the post-quantum attack story. It would have been easy to make the secure side feel dramatic by weakening it, but that would have been misleading. Instead, we designed the demo so the post-quantum “attack” is a tampering attempt that fails safely, which is both more realistic and more defensible.

Our demo shows four scenarios:

1. Trusted legacy unlock → lock opens
   
2. Quantum attack on legacy RSA → forged unlock succeeds
   
3. Trusted post-quantum unlock → lock opens
   
4. Attack/tampering on post-quantum packet → authentication fails, lock stays closed
   

That sequence clearly shows the difference between a quantum-vulnerable system and a post-quantum one.

Accomplishments that we're proud of

We are proud that:

• we implemented ML-KEM + AES-GCM in the secure unlock path
• we designed the system so tampered packets are rejected and the hardware remains locked
• we built something that feels like a real smart lock product, not just a cryptography proof of concept
• we added a facial-recognition dashboard that makes intrusion monitoring faster and more practical for users
• we connected prevention and identification into one system: cryptiQ helps protect the lock and helps the user understand attempted breaches

What we learned

The crypto layer matters, but so do:

• how requests move from frontend to backend
• how verification is tied to physical actions
• how hardware responds to failure states
• how to make the entire system fail closed

What's next for ProbablySafe

Next, we want to keep pushing ProbablySafe toward a more complete post-quantum smart lock platform.

Our next steps include:

• integrating additional post-quantum primitives such as ML-DSA
• improving the mobile/web app into a more polished smart lock product interface
• adding richer lock state telemetry, audit logs, and admin controls
• expanding from one prototype lock box into a multi-device smart access system

Built With

• aer
• esp32
• fastapi
• javascript
• liboqs
• next.js
• python
• qiskit
• restapi