"Post-quantum secure" means the encryption still holds once large quantum computers exist. The catch: a quantum computer running Shor's algorithm breaks the classical key exchange almost every secure messenger relies on, including the X25519 in Signal's X3DH handshake that Keychat is built on.
It matters now, not later, because of "harvest now, decrypt later." An adversary records your encrypted Nostr traffic today and sits on it until quantum computers can crack it. Anything private sent through Keychat this year could be opened years from now. For a messenger whose whole pitch is confidentiality, that is the real exposure.
So the actual question is: does Keychat's Signal handshake use classical X3DH (X25519 only), or the post-quantum hybrid PQXDH (X25519 plus ML-KEM/Kyber) that Signal shipped in 2023? If it is stock Double Ratchet with classical X3DH, then no, not PQ-secure yet, same as most apps. Same question for your MLS group ciphersuite, and note the Nostr secp256k1 identity keys are classical too.
The fix is the hybrid path: keep X25519, add ML-KEM, so you stay secure even if one side breaks. That is what PQXDH and the post-quantum MLS ciphersuites are for.
