A cross-platform implementation of the Post-Quantum Extended Diffie-Hellman (PQXDH) cryptographic protocol, which combines classical elliptic curve with post-quantum CRYSTALS-Kyber for future-proof encryption.
$ dotnet add package PQXDHA cross-platform .NET implementation of the Post-Quantum Extended Diffie-Hellman (PQXDH) protocol, providing hybrid encryption that combines classical elliptic curve cryptography with post-quantum algorithms to protect against future quantum computing threats.
dotnet add package PQXDH
using System;
using System.Text;
using System.Threading.Tasks;
using PQXDH;
// Generate a key pair for the recipient
var bobKeyPair = await PQXDHCrypto.GenerateKeyPairAsync();
// The message to encrypt
string message = "Hello, post-quantum world!";
byte[] messageBytes = Encoding.UTF8.GetBytes(message);
// Encrypt the message for Bob
var encryptedPackage = await PQXDHCrypto.EncryptAsync(messageBytes, bobKeyPair.GetPublicKey());
// Bob decrypts the message
byte[] decryptedBytes = await PQXDHCrypto.DecryptAsync(encryptedPackage, bobKeyPair);
string decryptedMessage = Encoding.UTF8.GetString(decryptedBytes);
Console.WriteLine(decryptedMessage); // Outputs: Hello, post-quantum world!
PQXDH (Post-Quantum Extended Diffie-Hellman) is a cryptographic protocol developed by Signal to enhance the security of the X3DH key exchange protocol against quantum computing threats. It combines the classical X25519 elliptic curve with post-quantum algorithms in a hybrid approach.
The hybrid approach ensures that:
This library implements the PQXDH protocol specification as defined by Signal, adapted for use in .NET applications.
ML-KEM (Module Lattice-based Key Encapsulation Mechanism) is the NIST-standardized version of CRYSTALS-Kyber, one of the winners of the NIST Post-Quantum Cryptography standardization process. In April 2023, NIST published FIPS 203 which standardizes Kyber as ML-KEM.
This library uses ML-KEM-1024, which provides the highest security level of the ML-KEM family:
PQXDH.NET is designed to be widely compatible with .NET platforms through multi-targeting:
PQXDH.NET uses:
// Generate a key pair
var keyPair = await PQXDHCrypto.GenerateKeyPairAsync();
// Extract just the public components for sharing
var publicKey = keyPair.GetPublicKey();
// The public key can be serialized and shared with others
byte[] serializedPublicKey = SerializePublicKey(publicKey); // Implement your serialization
// Later, deserialize and use for encryption
var deserializedPublicKey = DeserializePublicKey(serializedPublicKey); // Implement your deserialization
var encryptedData = await PQXDHCrypto.EncryptAsync(data, deserializedPublicKey);
// Encrypt a file
byte[] fileContents = File.ReadAllBytes("secret.pdf");
var encryptedPackage = await PQXDHCrypto.EncryptAsync(fileContents, recipientPublicKey);
// Save the encrypted package
SaveEncryptedPackage(encryptedPackage, "secret.pdf.encrypted"); // Implement your serialization
// Later, load and decrypt
var loadedPackage = LoadEncryptedPackage("secret.pdf.encrypted"); // Implement your deserialization
byte[] decryptedFile = await PQXDHCrypto.DecryptAsync(loadedPackage, recipientKeyPair);
File.WriteAllBytes("decrypted.pdf", decryptedFile);
This project is licensed under the MIT License - see the LICENSE file for details.
Contributions are welcome! Please feel free to submit a Pull Request.
This project, including the entire codebase, documentation, and project structure were created through collaborative prompting with Anthropic's Claude 3.7 Sonnet. This represents an experiment in AI-assisted software development, demonstrating how generative AI can support the creation of specialized cryptographic libraries.
While the implementation follows established cryptographic protocols and best practices, users should conduct their own security reviews before using this library in production environments.