- This is an encryption scheme to send and receive data securely. We built it with post-quantum security in mind.
- We use ML-KEM for asymmetric shared key establishment, ML-DSA for asymmetric digital signature authentication, AES256-CTR for symmetric encryption, and HMAC-SHA256 for symmetric authentication.
- These algorithms were chosen to stay above an effective key size of 80 bits, even with Shor's algorithm and Grover's algorithm in effect.
- After 20 messages have been sent, a new shared secret key will be established, mimicking ephemeral key usage.
- We use a cryptographic HMAC ratchet to have both the sender and receiver generate 20 random HMAC keys at a time, never using the same HMAC key twice. Once the ratchet depletes of HMAC keys, a new ratchet of 20 HMAC keys is generated.
- Rule #1 of cryptography is to never do it yourself! As such, we heavily use the Go crypto package.
- The entry.go file contains the logic for sending and receiving data between two hosts. This is handled with the independent Host 1 and Host 2 structs.
- The hosts will exchange messages as an array of strings, one string at a time. I use President Lincoln's Gettysburg Address as an example.
-
All the necessary files are included in this repository. You can either run using go run . or using the included Go binary with ./post-quantum-crypto
-
Once the program starts, it will display information to narrate the process of this cryptographic scheme. This first part displays the asymmetric portion of this cryptographic scheme, used to establish a shared secret key with ML-KEM and verify authenticity with ML-DSA.
- With a shared secret key established, we then move into symmetric cryptography with AES256-CTR and HMAC-SHA256 to encrypt, decrypt, and verify messages.
- After 20 messages have been sent, the program establishes a new shared secret key with ML-KEM and ML-DSA. Additionally, the HMAC ratchet is depleted of HMAC keys, and the program generates a new ratchet of 20 HMAC keys.
- Nicholas Golparvar
- Terry Weatherman
- Alex Stacey