AES Chat is a research-grade, browser-native communication infrastructure engineered for the post-quantum computational era. It establishes a cryptographically sovereign digital perimeter by synthesizing military-grade symmetric encryption (AES-256-GCM) with advanced lattice-based asymmetric primitives (ML-KEM/Kyber-768).
The platform addresses the emergent threat of "Harvest Now, Decrypt Later" strategies employed by sophisticated state-level adversaries. By integrating NIST-standardized Post-Quantum Cryptography (PQC), the protocol ensures that captured ciphertext remains mathematically intractable even against future cryptanalytic attacks facilitated by Large-Scale Quantum Computers (LSQC). The system further integrates Spatial Computing for collaborative audio environments and an Infinite Encrypted Canvas, optimizing the cognitive ergonomics of secure remote collaboration.
The protocol utilizes the Kyber-768 algorithm to perform cryptographic handshakes, effectively replacing legacy RSA and Elliptic Curve Diffie-Hellman (ECDH) protocols. This Module-Lattice-based Key Encapsulation Mechanism (KEM) is designed to withstand attacks from both classical and quantum processors.
The Sovereign Call System implements a double-layered security architecture for real-time media:
- Layer 1 (Standard): DTLS-SRTP encryption provided by the WebRTC stack.
- Layer 2 (Sovereign): Secondary frame-level encryption using AES-256-GCM via Insertable Streams (Encoded Transforms).
- Out-of-Band Verification: Integration of a Short Authentication String (SAS) ("Safety Code") derived from the SHA-256 hash of the shared PQC secret to neutralize Man-in-the-Middle (MITM) attacks.
The system operates on an ephemeral memory model. Cryptographic keys and session-specific material reside exclusively in volatile RAM and are explicitly purged (overwritten/nullified) upon session termination. No plaintext data or keying material is committed to non-volatile storage.
The platform features a 3D Audio Radar utilizing the Web Audio API for spatialization.
- Stereo Field Separation: Participants are positioned in a virtual three-dimensional field to leverage the "Cocktail Party Effect," improving speech intelligibility in multi-peer environments.
- P2P Mesh Topologies: Media packets flow directly between authenticated peers, minimizing latency and eliminating central points of interception.
The symmetric encryption layer utilizes a 256-bit key length, providing
Computational Analysis:
-
Baseline Global Throughput: Assuming a hypothetical aggregate computing power of
$10^{20}$ FLOPS. -
Estimated Brute-Force Duration:
$1.15 \times 10^{57} / (3.15 \times 10^7) \approx 3.67 \times 10^{49}$ years. - Conclusion: The temporal requirements for a brute-force exhaustion of the key space exceed the estimated remaining life of the universe by several orders of magnitude.
Kyber-768 derives its security from the hardness of the Module Learning with Errors (M-LWE) problem. It provides a security level equivalent to AES-192/256 against quantum cryptanalysis, ensuring forward secrecy in a post-quantum environment.
The system utilizes a hybrid model for signaling and media:
+-----------+ Signaling (Encrypted) +------------+
| Client A | <------------------------------------> | Relay Node |
+-----------+ +------------+
^ ^
| |
| Sovereign P2P Tunnel (PQC-E2EE) |
+-----------------------------------------------------+- Platform Core: ECMAScript 2022 (Modules), HTML5, CSS3.
- Cryptographic Library:
crystals-kyberimplementation (WASM/JS) and W3C Web Crypto API. - Signaling Layer: WebSocket (Socket.IO) with PQC handshake management.
- Media Stack: Web Audio API (Spatial Panner Nodes), WebRTC (Encoded Transforms).
- Initialize the repository:
git clone https://github.com/triunex/aes-chat.git
- Dependency installation:
npm install
- Development execution:
npm run dev
The infrastructure is optimized for containerized environments and cloud-native platforms such as Render.
- Deployment requires
NODE_ENV=productionconfiguration. - STUN/TURN infrastructure is required for peer traversal across restrictive NAT/Firewall boundaries.
The protocol assumes a "Zero-Trust" stance. Because decryption keys are ephemeral and strictly client-side, the infrastructure owner maintains no technical capacity to comply with data access requests (subpoenas) for message or call content. Users are advised to maintain physical security of their endpoints, as the software cannot protect against hardware-level data exfiltration or state-sponsored endpoint compromise.
This project is licensed under the MIT License. Developed for critical, high-stakes communication where cryptographic sovereignty is paramount.