AoiAsahina/0x8

GitHub: AoiAsahina/0x8

0x8 是一个浏览器原生的后量子密码套件,实现了NIST标准算法,用于安全视频通话、聊天和文件传输,抵御量子计算威胁。

Stars: 0 | Forks: 0

2026-05-05_073914 2026-05-05_073902 2026-05-05_073844 2026-05-05_073826 2026-05-05_073800 2026-05-05_073747 2026-05-05_073722 2026-05-05_073654 摘要 ``` 0x8: Browser-native Post-Quantum Cryptographic application implementing NIST-standardized algorithms at the highest security level: ML-KEM-1024 (FIPS 203), ML-DSA-87 (FIPS 204), SLH-DSA-256 (FIPS 205), FN-DSA-1024 (FIPS 206) -> Algorithm (formerly known as Falcon) is in the process of final standardization by NIST. The system provides hybrid encrypt-then-sign file/message encryption with a structured binary container format (PQENC), a commit-reveal key exchange protocol with Short Authentication String (SAS) verification for WebRTC peer-to-peer connections, forward-secret ratcheted session encryption for real-time chat and file transfer, and post-quantum media encryption for video calls using WebRTC Insertable Streams. This report provides a complete specification of the protocols, algorithms, data formats, and security properties, including a formal analysis of attack surfaces and computational difficulty for adversaries. ``` 1. 引言 1.1 动机 ``` The transition to post-quantum cryptography (PQC) demands not only standardized algorithms but also practical, deployable systems that integrate PQC primitives into existing communication infrastructures. The "Store-Now-Decrypt-Later" (SNDL) threat makes classical key agreement (ECDH) insufficient: an adversary recording ciphertexts today can decrypt them once a cryptographically relevant quantum computer emerges. Browser-based deployment offers zero-install accessibility but introduces unique challenges in trust establishment, key management, and real-time encryption. ``` 1.2 贡献 ``` A hybrid encrypt-then-sign protocol (PQENC) combining ML-KEM-1024 key encapsulation with AES-256-GCM authenticated encryption and NIST Level 5 digital signatures, with the signature itself bound into the Additional Authenticated Data (AAD). A commit-reveal handshake protocol with Proof-of-Possession (PoP) signatures and SAS-based out-of-band verification, preventing man-in-the-middle attacks even against a malicious signaling server. A forward-secret ratcheted session layer using HKDF-SHA-256 per-message key derivation with separate send/receive ratchet chains, rollback detection, and automatic PQC re-keying. Post-quantum media encryption via WebRTC Insertable Streams and a Web Worker, applying AES-256-GCM to RTP frames with time-based autonomous ratcheting (3-second intervals). A structured binary container format with magic bytes, versioning, algorithm identifiers, and length-prefixed fields for unambiguous parsing and integrity verification. ``` 1.3 威胁模型 ``` We consider adversaries with the following capabilities: Network adversary: Full control over the signaling server and network paths (MITM). Quantum adversary: Possession of a cryptographically relevant quantum computer capable of breaking ECDH, RSA, and ECDSA. Classical adversary: Bounded polynomial-time classical computation. Insider threat: One party attempting to forge messages from the other. We assume the out-of-band channel for SAS verification is authentic but not confidential. ``` 2. 系统架构 2.1 组件概览 ``` ++-------------------------------------------------------------------+ ¦ 0x8 Application ¦ +-------------------------------------------------------------------¦ ¦ Key ¦ Encrypt ¦ Decrypt ¦ WebRTC ¦ PQ ¦ Video Call ¦ ¦ Gen ¦ + Sign ¦ + Verify ¦ P2P ¦ Handshake¦ (PQC Media) ¦ +-------------------------------------------------------------------¦ ¦ Cryptographic Core (Web Crypto API + @noble) ¦ ¦ +----------+ +----------+ +----------+ +------------------+ ¦ ¦ ¦ ML-KEM ¦ ¦ ML-DSA ¦ ¦ SLH-DSA ¦ ¦ FN-DSA ¦ ¦ ¦ ¦ 1024 ¦ ¦ 87 ¦ ¦ 256 ¦ ¦ 1024 ¦ ¦ ¦ ¦(FIPS 203)¦ ¦(FIPS 204)¦ ¦(FIPS 205)¦ ¦ (FIPS 206) ¦ ¦ ¦ +----------+ +----------+ +----------+ +------------------+ ¦ ¦ +----------------------+ +----------------------------------+ ¦ ¦ ¦ AES-256-GCM (Web ¦ ¦ HKDF-SHA-256 (Web Crypto API) ¦ ¦ ¦ ¦ Crypto API) ¦ ¦ ¦ ¦ ¦ +----------------------+ +----------------------------------+ ¦ +-------------------------------------------------------------------¦ ¦ Transport Layer (PeerJS / WebRTC) ¦ ¦ +--------------+ +------------------+ +--------------------+ ¦ ¦ ¦ Signaling ¦ ¦ DataChannel ¦ ¦ Media (SRTP + ¦ ¦ ¦ ¦ Server ¦ ¦ (Chat/Files) ¦ ¦ Insertable Streams)¦ ¦ ¦ +--------------+ +------------------+ +--------------------+ ¦ +-------------------------------------------------------------------¦ ¦ Browser Runtime ¦ ¦ +------------+ +--------------+ +--------------------------+ ¦ ¦ ¦ Web Crypto ¦ ¦ Web Worker ¦ ¦ File System Access API ¦ ¦ ¦ ¦ API ¦ ¦ (Media Enc) ¦ ¦ (Stream-to-Disk) ¦ ¦ ¦ +------------+ +--------------+ +--------------------------+ ¦ +-------------------------------------------------------------------+ ``` 2.2 库加载策略 ``` The application dynamically imports PQC libraries using ES module imports with an importmap resolving to local @noble/post-quantum builds: importmap: @noble/hashes/ ./@noble/hashes/ @noble/curves/ ./@noble/curves/ @noble/ciphers/ ./@noble/ciphers/ @noble/post-quantum/ ./@noble/post-quantum/ All