epolite
v0.6.0
Published
A public-private key library for post-quantum cryptography (early stage, use with caution)
Downloads
261
Readme
EPOLITE Privacy Guard
Efficient Post-Quantum Optimized Lattice-based Implementation of Trusted Encryption
GPG-Like Post Quantum Encryption
This library contains a public/private keypair system which can be used for post-quantum encryption between users.
Standards used
- FALCON-512 is used for signing messages, to be used prior to encryption.
- Kyber-512 is used for encrypting messages (was Kyber-1024), to be used to encrypt messages using AES.
Kyber 1024 was used; however, it was changed to 512 due to the unreasonable size of messages, upwards of 200 KB for a single byte message, scaling at O(n).
In the future, this may be updated to include other PQ encryption standards; however, these are the ones I chose for now.
Disclaimers
- This library, while functional, has not been audited, either by me or anyone else.
- The returned encrypted messages are MASSIVE. You can expect a 4 KB encrypted message from a 10 byte input, and at least 5x when the input is signed.
- I cannot guarantee any encryption standards used in this library to be vulnerability or exploit free. While they are approved by the NIST, I personally do not fully endorse them due to how new these standards are.
- This library uses crypto subtle, and was designed specifically for browser use.
Using this library
This library is specifically built for the Bun Runtime. Please install that and replace NodeJS with this runtime, as it is much faster.
Afterwards, run bun add epolite
to install this package, and then use the documentation below.
Examples
Create Keypair
import {createKeyPair, type KeyPair} from "epolite";
//returns an object containing {publicKey: string, privateKey: string}
const kp: KeyPair = await createKeyPair();
console.log(kp.publicKey, kp.privateKey);
Encrypt
import {encrypt} from "epolite";
//publicKey is a string, starting with "----------BEGIN EPOLITE PUBLIC KEY----------"
//returns a base64 encoded string of the encrypted message
const encryptedString: string = await encrypt("deadbeef", publicKey);
console.log("Very, very long encrypted string:", encryptedString);
Decrypt
import {decrypt} from "epolite";
//returns the decrypted message as a string
const decryptedString: string = await decrypt(encryptedString, privateKey);
console.log("Decrypted message:", decryptedString);
Signing
import {sign} from "epolite";
//returns a base64 encoded string (signatures aren't too big, but they do include the original message).
const signedMessage: string = await sign("I do not like pineapple pizza", privateKey);
console.log("Signed message:", signedMessage);
Verifying
import {verify} from "epolite";
//fill these in with the signed message, starting with:
// ----------BEGIN EPOLITE SIGNED MESSAGE----------
const realSignature: string;
const fakeSignature: string;
await verify(realSignature, publicKey); //true
await verify(fakeSignature, publicKey); //false
More examples
You can find an example in src/test.ts
.
Contributing
Since this is for my own project, I probably will not merge or review pull requests.