Qarx256 is an experimental hybrid cryptography system that combines ML-KEM-1024 (a standardized post-quantum key encapsulation mechanism) with a custom ARX-based 256-bit block cipher. This system provides a complete quantum-resistant encryption solution, featuring both a command-line demonstration and a web-based control center with comprehensive security analysis tools.
The project addresses the emerging threat of quantum computers to current cryptographic standards. While established symmetric algorithms like AES remain relatively secure against quantum attacks (with appropriate key sizes), widely used public-key algorithms are vulnerable to Shor's algorithm. Qarx256 implements a hybrid approach using ML-KEM-1024 for quantum-safe key establishment and a custom ARX cipher for efficient symmetric encryption.
⚠️ Important Security Notice: This is research and demonstration software. Qarx256 has not undergone formal cryptanalysis or peer review. DO NOT use this system to protect sensitive data. For production use, rely on NIST-standardized algorithms.
- Quantum-Resistant Key Exchange: ML-KEM-1024 implementation providing NIST Level 5 security against quantum attacks
- ARX-Based Block Cipher: Pure Add-Rotate-XOR design with 32 rounds, 256-bit blocks, and 256-bit keys
- Complete Cryptographic Suite: Encryption, decryption, authentication, and PKCS#7 padding
- Interactive Web Interface: Browser-based control center with real-time security analysis
- Comprehensive Security Tools: Brute-force simulation, quantum attack analysis, and multi-vector attack assessment
- Production-Ready API: RESTful endpoints with CORS support for integration with other applications
qarx256/
├── main.go # CLI demonstration: ML-KEM + Qarx256 integration
├── server.go # Web server with API endpoints and UI
├── attack.go # Individual attack simulation logic
├── attackall.go # Comprehensive attack analysis
├── security_analysis.go # Cryptographic strength calculations
├── static/ # Web interface assets
│ ├── index.html
│ ├── styles.css
│ └── app.js
└── Documentation/
├── TECHNICAL_SPECS.md
└── DOCUMENTATION.md
- Key Establishment (ML-KEM-1024): Quantum-resistant key encapsulation following NIST standards
- Symmetric Encryption (Qarx256): Custom ARX cipher using the established key
- Authentication: SHA3-256 based tags for integrity verification
- Data Processing: PKCS#7 padding and CTR-style keystream generation
Qarx256 employs a pure ARX (Add-Rotate-XOR) architecture similar to other research ciphers:
- Block Size: 256 bits
- Key Size: 256 bits
- Rounds: 32
- Operations per round: Modular addition, bitwise rotations, and XOR
- Key Schedule: SHA3-512 based derivation with round constants
- Go 1.21+ (for cryptographic modules support)
- Modern web browser (for the control center)
# Clone the repository
git clone https://github.com/u84u/quantum-immunity.git
cd quantum-immunity
go build -o qarx256-cli main.go
go build -o qarx256-server server.go./qarx256-cliThe CLI demonstrates the complete quantum-resistant key exchange and encryption flow using ML-KEM-1024 and Qarx256.
./qarx256-server
# Server starts at http://localhost:8080The web interface provides full access to all cryptographic operations and security analysis tools.
The Qarx256 Control Center offers an intuitive browser-based interface for all cryptographic operations:
Main page
Secure Vault
Quantum Lab
War Room
-
Encryption Panel
- Message input with live encryption
- Key generation using ML-KEM-1024
- Visual representation of ciphertext components
-
Decryption Panel
- Secure message recovery
- Authentication tag verification
- Error handling for tampered data
-
Security Dashboard
- Classical brute-force time calculations
- Quantum Grover's algorithm impact analysis
- Universe age comparisons for perspective
-
Attack Simulation
- Configurable brute-force attempts
- Performance benchmarking
- Time-to-break estimations
Comprehensive security analysis with quantum attack simulations
All endpoints support CORS and return JSON responses.
Encrypts a message using ML-KEM key exchange and Qarx256.
Request:
{
"message": "Your secret text here"
}Response:
{
"success": true,
"key": "a1b2c3...",
"encrypted": "encrypted_data_hex...",
"nonce": "nonce_hex...",
"tag": "authentication_tag_hex..."
}Decrypts and verifies an encrypted message.
Request:
{
"key": "a1b2c3...",
"encrypted": "encrypted_data_hex..."
}Returns detailed cryptographic strength analysis.
Response:
{
"classicalBruteForce": "3.34 × 10^51 years",
"quantumGrover": "1.08 × 10^22 years",
"universeAgeRatio": "2.42 × 10^41 times",
"securityLevel": "QUANTUM-RESISTANT"
}Simulates brute-force attacks with configurable attempts.
Comprehensive analysis of six attack vectors against the system.
The system uses ML-KEM-1024, one of NIST's first standardized post-quantum algorithms. This lattice-based key encapsulation mechanism provides:
- NIST Security Level 5 (highest available)
- Resistance to both classical and quantum attacks
- Formal security reduction to hard lattice problems
Each of the 32 rounds performs:
x0 += k0; x1 += k1; x2 += k2; x3 += k3
x0 += x1
x1 = bits.RotateLeft64(x1, 16) ^ x0
x2 += x3
x3 = bits.RotateLeft64(x3, 12) ^ x2
x0 += x3
x3 = bits.RotateLeft64(x3, 8) ^ x0
x2 += x1
x1 = bits.RotateLeft64(x1, 7) ^ x2Round keys are derived using SHA3-512:
hash = SHA3-512(master_key || round_counter)
round_key = hash[0:32] split into 4×uint64
- Keystream generation: CTR-style with 16-byte nonce and 64-bit counter
- Authentication: SHA3-256 HMAC tag
- Padding: PKCS#7 for block alignment
- Grover's Algorithm: Effectively reduces 256-bit security to 128-bit, requiring 2¹²⁸ operations
- Current Quantum Computers: ~1000 qubits available; millions needed for practical attacks
- Security Margin: 32 rounds provide substantial defense against cryptanalysis
- ML-KEM-1024 Direct Attack: 8.34 × 10⁵⁰ years (classical)
- Quantum Grover Attack: 1.08 × 10²² years
- Authentication Forgery: 2²⁵⁶ operations required
- Side-Channel Attacks: Protected via constant-time operations
- Cryptanalysis: No known practical attacks
- Classical Brute Force: 3.34 × 10⁵¹ years
- Quantum-Resistant Foundation: Built on NIST-standardized ML-KEM
- Conservative Design: 32 rounds, 256-bit keys and blocks
- Authentication: Strong SHA3-256 integrity protection
- Side-Channel Resistance: Constant-time operations throughout
- Research Software: Not peer-reviewed or cryptanalyzed
- Custom Cipher: Qarx256 lacks formal security proofs
- Implementation Risks: Possible timing or fault injection vulnerabilities
- No Forward Secrecy: Current implementation doesn't provide session key erasure
| Aspect | Qarx256 System | AES-256-GCM | NIST PQC Standards |
|---|---|---|---|
| Quantum Resistance | Hybrid approach | Limited (Grover reduces to 128-bit) | Full (ML-KEM) |
| Standardization | Research | NIST Standard | NIST Standard |
| Performance | Good | Excellent | Moderate |
| Implementation Maturity | Experimental | Mature | Emerging |
- Cryptanalysis: Inviting differential and linear cryptanalysis
- Quantum Circuit Implementation: Resource estimation for quantum implementation
- Side-Channel Analysis: Detailed power/EM analysis
- Performance Optimization: Algorithmic improvements and parallelization
- NIST FIPS 203 - ML-KEM Standard
- IBM Quantum-Safe Cryptography - Overview and implementation
- Post-Quantum Cryptography - Wikipedia comprehensive guide
- ARX Cipher Design - Research on Add-Rotate-XOR architectures
- Key Encapsulation Mechanisms - Cryptographic foundations
This project is released under the MIT License for research and educational purposes. See the LICENSE file for complete terms.
- NIST for post-quantum cryptography standardization
- IBM Research for ML-KEM development and quantum-safe guidance
- Cryptographic research community for ongoing analysis and feedback
- Open source contributors to Go cryptography libraries