This home-made software is a quantum-resistant hybrid cipher generation tool utilizing heavily modified version of Kyber1024 PQC (post-quantum cryptography) algorithm for Key exchange (KEM), which is a NIST certified KEM algorithm to handle Secret and Top secret documents and a wide range of modern symmetric algorithms for encryption including AES, Twofish, Serpent, Salsa20, Chacha20, ChachaPoly1305, Threefish, Sodium, etc. For PQC in addition to our modified version of Kyber1024, we also include several versions of Kyber, ML-KEM, McEliece, HQC, FrodoKEM and NTRUprime from audited PQClean and Open-Quantum-Safe libraries, user may select any of these with just a drop down menu.
As a further layer of security, the software is delivered in a fingerprint encrypted USB drive with hardware AES-256 chip from a Chinese fab. The encryption software and secret keys always remain on its encrypted partition. A PQC digital signature algorithm is used for license management and makes sure that the executable cannot be run from paths other than the encrypted partition.
This version of PQC Kyber1024 is evolved out of several public implementations of Kyber1024, which are heavily modified and hardened by making it use our home-made TRNG (true random number generator) and QRNG (quantum random number generator) hardware instead of traditional PRNG (pseudo random number generator). The functions AES256_CTR_DRGB, SHA3_256 and SHA3_512 used in the original algorithm, which used pyCryptoDome library, were removed in the programming. In the NIST recommended version of this algorithm (ML-KEM), a 32 bytes permutation is required for the brute force attack (guessing private key from public key), while due to our modification it now requires 64 bytes of permutation, making it more resistant against any possible future brute force attacks. Only SHAKE 128 and 256 hash algorithms from pyCryptoDome library (unvulnerable version of this library is used in this implementation) are being used in the keygen and encryption process, but only after a year long auditing and testing against journal-published algorithm implementations. To enable faster encryption and decryption Barrett reduction is used instead of Montgomery reduction. Furthermore, length of the private key is 3252 bytes which is shorter than the original algorithm’s 6618 bytes, this is to keep smaller and secure.
The software uses a number of symmetric encryption algorithms from pyCryptoDome (AES, Salsa20, Chacha20 and ChachaPoly1305), CyptoPlus (Serpent and Twofish), Skein (Threefish) and libSodium (Sodium). In November 2001, US NIST selected Rijndael as the algorithm for AES, its selection was based on its performance, but if performance is ignored then two other algorithms namely Serpent and Twofish are equally if not better secure than Rijndael. Additionally Salsa20 is one of the finalists of EU version of AES competition named eSTREAM in December 2008 and Chacha_Poly1305 is one of the finalist of Japanese CRYPTREC in March 2023. QrypticMCS uses AES, Serpent, Twofish, Salsa20, Chacha20 and Chacha_Poly1305 in double, triple and quadruple cascaded encryption schemes, thus making QrypticMCS ciphertext to be more secure than Truecrypt/Veracrypt.
The file structure of the ciphertext starts with cipherkey as generated by PQC algorithm followed by a byte identifying symmetric algorithm(s) used, then one or several initialization vectors or nonces depending on combination of symmetric ciphers used and last part contains the ciphertext as encrypted by the symmetric algorithm(s).
Leave a Reply