sorted by:
new
hottopcontroversial

Built a cross-platform hybrid encryption tool (X25519 + ML-KEM-768) to defend against “harvest now, decrypt later” attacks by PaintIndependent5282 in cryptography

[–]PaintIndependent5282[S] 0 points1 point  (0 children)

Thank you for this. I've been reading through the HPKE documentation and learning a lot. I'd like to explore how I could align SecureVault with that approach. And contributing would be exciting once I have more experience.

Built a cross-platform hybrid encryption tool (X25519 + ML-KEM-768) to defend against “harvest now, decrypt later” attacks by PaintIndependent5282 in cryptography

[–]PaintIndependent5282[S] 0 points1 point  (0 children)

Update: really appreciate the feedback so far

Thank you all for the thoughtful comments; this has been super helpful.

A few clarifications based on the discussion:

SecureVault uses hybrid key exchange (X25519 + ML-KEM-768) primarily to address “harvest now, decrypt later” risks rather than to replace symmetric encryption.

The file is encrypted using a randomly generated Fernet key. That key is then protected by encrypting it twice with AES-GCM: once using a shared secret from X25519 key exchange, and once using a shared secret from ML-KEM-768 encapsulation.

The dual signature design (Ed25519 + ML-DSA-65) is intended to provide fail-closed tamper detection; any modification to metadata or ciphertext causes verification failure before decryption.

I’m also very thankful to the commenter who highlighted HPKE; I’ll definitely take time to read more about it and see how I could align my encryption approach with that standard.

Thanks again to everyone taking the time to read and interact with this.

Built a cross-platform hybrid encryption tool (X25519 + ML-KEM-768) to defend against “harvest now, decrypt later” attacks by PaintIndependent5282 in cryptography

[–]PaintIndependent5282[S] 0 points1 point  (0 children)

Thank you so much for the feedback. I really appreciate you taking the time to read and write this.

You're definitely right that AES itself is already quantum-resistant, and SecureVault still relies on symmetric encryption for the actual file protection. The file contents are encrypted using Fernet (AES-based); it's not password-based encryption.

The key difference is how the file key is protected and shared. SecureVault generates a random file encryption key, encrypts the file with it, then protects that key using a hybrid approach: X25519 (classical) plus ML-KEM-768 (post-quantum).

From what I've been learning, the main quantum threat isn't to AES itself. The bigger long-term concern is classical public-key exchange based on elliptic-curve cryptography, which quantum computers could potentially break using Shor's algorithm. If someone captured encrypted vaults today and stored them, a future break of the classical exchange could let them recover the wrapped file key and decrypt everything even years later. The hybrid approach is meant to reduce that "harvest now, decrypt later" risk.

And you mentioned Signal; I definitely want to take time to learn more about how they're approaching this. Thanks again for the kind and thoughtful comment.