Full description of the algorithm - DevsDaddy/quarkdash GitHub Wiki

Below is a complete description of the QuarkDash Crypto library's operating algorithm. This algorithm provides production ready and fast quantum-resistant hybrid encryption protocol

QuarkDash is a hybrid post-quantum protocol combining:

• Asymmetric key exchange based on Ring-LWE (resistant to quantum attacks);
• Symmetric encryption with a choice of stream ciphers (ChaCha20 or Gimli);
• Quantum-resistant KDF based on SHAKE256;
• Message authentication via SHAKE256-MAC;
• Protection against replay attacks using timestamps and sequence numbers;

---

Full QuarkDash comparison with popular encryption algorithms can be found here

Ring parameters:

• Dimension N = 256
• Modulus Q = 7681 (a prime number suitable for NTT)
• Primitive root ω = 7 (of order N)

Key pair generation process:

• A polynomial a(x) with uniform coefficients from ``Z_Q` is randomly selected.
• A secret polynomial s(x) with small coefficients from {-1, 0, 1} is randomly selected.
• An error polynomial e(x) with small coefficients from {-1, 0, 1} is randomly selected.
• Calculate b(x) = a(x) * s(x) + e(x) (multiplication in the ring Z_Q[x]/(x^N+1)).
• Public key = (a, b) (serialized into bytes).
• Private key = s(x).

Mathematically:
b = a ⊗ s + e (multiplication via NTT, addition coefficient-wise).

Initiator (for example Client):

• Obtains Recipient's public key (a, b).
• Generates random small polynomials s' and e'.
• Computes u = a ⊗ s' + e' (this is the ciphertext).
• Computes w = b ⊗ s' (the approximate shared secret).
• Rounds the coefficients of w to bits (the most significant bit of each coefficient) → sharedSecret (256 bits).
• Sends u to Recipient.

Recipient (for example Server):

• Receives u.
• Using his secret key s, calculates w' = u ⊗ s.
• Rounds w' the same way as Initiator → sharedSecret (matches with high probability).

Why does the secret match?
w' = u ⊗ s = (a⊗s' + e') ⊗ s = a⊗s'⊗s + e'⊗s.
w = b ⊗ s' = (a⊗s + e) ​​⊗ s' = a⊗s⊗s' + e⊗s'

The difference w - w' = e⊗s' - e'⊗s is a small error that does not affect rounding.

• Uses SHAKE256 (Keccak implementation).
• Input: sharedSecret (256 bits), random salt (32 bytes), "session-key" label.
• Output: 64 bytes of key material.
• Divided into:
• • sessionKey (32 bytes) – for encryption.
• • macKey (32 bytes) – for authentication.

• A fixed nonce of 12 zero bytes is generated (for simplicity, since the session key is one-time).
• The cipher algorithm (ChaCha20 or Gimli) is selected.
• A cipher instance is created.

• Input: plaintext P (Uint8Array).
• Formation of metadata (12 bytes):
• • Bytes 0-7: current timestamp (uint64, little-endian).
• • Bytes 8-11: sequence number (uint32, little-endian, incrementing).
• Encryption: -- C = cipher.encrypt(P) (stream cipher: XOR with gamma).
• MAC Calculation:
• • Input for MAC: metadata || C.
• • Key: macKey.
• • Algorithm: MAC = SHAKE256(macKey || data, 32).
• Formation of final message:
• • E = metadata || C || MAC.

• Input: encrypted message E.
• Parsing:
• • metadata = E[0:12]
• • C = E[12:-32]
• • MAC = E[-32:]
• MAC Check:
• • Calculate expectedMAC similarly and compare using constant-time.
• Timestamp Check:
• • Extract the timestamp from the metadata and compare it with the current time. The acceptable deviation is 5 minutes.
• Sequence Number Check:
• • Extract the seq and verify that it has not been repeated (store it in a window of the last 1000 packets).
• Decryption:
• • P = cipher.decrypt(C).
• • Return P.

---

The data below are approximate values ​​from synthetic tests of the algorithm.

QuarkDash Crypto Results:

• Encryption speed: ~2.5 GB/s;
• Decryption speed: ~2.5 GB/s;
• Session creation speed: ~10-15 ms;
• Public key size: ~2KB;
• Private key size: ~1KB;
• Overhead: 44 bytes;
• The Difficulty of Quantum Hacking: 2^256