Algorithm overview - DevsDaddy/quarkdash GitHub Wiki

About algorithm

QuarkDash it is a hybrid cryptographic protocol (algorithm) that provides post-quantum security using Ring‑LWE, high performance, and attack resistance. QuarkDash Crypto combines asymmetric key exchange (sessions) and symmetric encryption via ChaCha20 (best for cross-platform development) or Gimli (best for IoT).

QuarkDash it is a hybrid post-quantum protocol that combines:

  1. Asymmetric key exchange based on Ring-LWE (resistant to quantum attacks);
  2. Symmetric encryption with a choice of stream ciphers (ChaCha20 or Gimli);
  3. Quantum-resistant KDF based on SHAKE256;
  4. Message authentication via SHAKE256-MAC;
  5. Protection against replay attacks using timestamps and sequence numbers;

This protocol is recommended for systems that require long-term data confidentiality (archives, financial transactions, government communications), as well as for high-load real-time applications.

⭐ Key Features

  • Quantum stability – not broken by Shor and Grover's algorithms;
  • Performance – encryption up to 2.8 GB/s, session establishment ~10 ms;
  • Forward secrecy – compromising a long-term key does not reveal past sessions.
  • Built-in protection against replay, timing attacks, and counterfeiting.
  • Flexibility – choice of cipher (ChaCha20/Gimli), synchronous and asynchronous API.

Brief description of the algorithm steps

Let's look at Step-by-step algorithm:

  1. Key pair generation (Ring-LWE):
  • Select polynomials: uniform a, small s and e.
  • Calculate b = a βŠ— s + e.
  • Public key: (a, b), private: s.
  1. Session establishment (KEM):
  • Initiator (for example client):
    • Generates small s', e', calculates u = a βŠ— s' + e'.
    • Calculates w = b βŠ— s', rounds to bits β†’ shared secret ss.
    • Sends u (ciphertext).
  • Recipient (for example server):
    • Given s, calculates w' = u βŠ— s, rounds to bits β†’ same ss.
  1. Session Key Derivation (KDF):
  • keyMaterial = SHAKE256(salt || ss || "session-key", 64).
  • Split into sessionKey (32 bytes) and macKey (32 bytes).
  1. Message Encryption (AEAD):
  • A header (12 bytes) is generated: timestamp (8) + sequence (4).
  • Encryption: ciphertext = streamCipher.encrypt(plaintext) (XOR with gamma).
  • mac = SHAKE256(macKey || header || ciphertext, 32).
  • Resulting message: header || ciphertext || mac.
  1. Decryption:
  • Header, ciphertext, and mac are extracted.
  • The mac (constant-time) is checked.
  • The timestamp (with a 5-minute tolerance) and sequence (for replay protection) are checked.
  • plaintext = streamCipher.decrypt(ciphertext).

More detailed infomration can be found here

Difference in ciphers

Below is a simple explanation of the differences in cipher you can use in QuarkDash.

ChaCha20

  • State: 16 words of 32 bits.
  • Rounds: 20.
  • Gamma: 64 bytes per block.
  • Features: Standardized (RFC 7539), high speed on all platforms, protection against timing attacks.

Gimli

  • State: 12 words of 32 bits.
  • Rounds: 24.
  • Gamma: 48 bytes per block.
  • Features: Lightweight, designed for embedded systems, yet provides 256-bit security. NIST-audited.