ruption_quantum_encrypt 0.1.1

A quantum-secure encryption crate with hybrid lattice/code-based cryptography and true randomness
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306

use getrandom::getrandom;
use sha3::{Digest, Sha3_256, Shake256};
use sha3::digest::{Update, ExtendableOutput};
use std::io::Read;
use std::thread;
use std::time::{Instant, Duration};

// Toy parameters for demonstration; scale up for real security
const LATTICE_DIM: usize = 256;  // Lattice dimension (use 2048+ for billion-qubit resistance)
const CODE_LENGTH: usize = 512;  // Code length (use 8192+ for extreme security)

/// Public key for the quantum-secure encryption scheme.
///
/// Combines lattice-based and code-based cryptographic components.
/// This is a simplified representation; production use requires proper LWE and McEliece implementations.
pub struct PublicKey {
    _lattice_matrix: Vec<Vec<u8>>, // Simplified lattice public key (matrix), unused in toy version
    _code_generator: Vec<u8>,      // Simplified code-based generator, unused in toy version
}

/// Secret key for the quantum-secure encryption scheme.
///
/// Contains private data for lattice and code-based decryption.
/// This is a toy version; scale parameters for real-world security.
pub struct SecretKey {
    _lattice_secret: Vec<u8>,      // Lattice private key, unused in toy version
    _code_secret: Vec<u8>,         // Code private key, unused in toy version
}

/// Ciphertext produced during key encapsulation.
///
/// Holds encrypted data from both lattice and code-based components.
/// In practice, this would result from proper cryptographic operations.
pub struct Ciphertext {
    lattice_cipher: Vec<u8>,      // Lattice-based ciphertext
    code_cipher: Vec<u8>,         // Code-based ciphertext
}

/// Shared secret derived during encapsulation.
///
/// Used for symmetric encryption or key derivation, wrapped for type safety.
pub struct SharedSecret(Vec<u8>);

impl SharedSecret {
    /// Returns a reference to the shared secret bytes.
    ///
    /// Useful for comparing or using the secret in encryption.
    pub fn as_bytes(&self) -> &[u8] {
        &self.0
    }
}

/// A generator for high-quality randomness approximating true entropy.
///
/// Combines OS-provided entropy, timing jitter, and a quantum-inspired simulation.
/// Suitable for cryptographic key generation in a software-only environment.
///
/// # Examples
/// ```
/// use ruption_quantum_encrypt::TrueRandom;
/// let mut trng = TrueRandom::new();
/// let random_bytes = trng.generate(32);
/// assert_eq!(random_bytes.len(), 32);
/// ```
pub struct TrueRandom {
    entropy_pool: Vec<u8>,        // Pool of collected entropy
}

impl TrueRandom {
    /// Initializes a new randomness generator with system entropy.
    ///
    /// Seeds the entropy pool with 64 bytes from the OS's secure random source.
    /// Panics if entropy retrieval fails (rare on modern systems).
    pub fn new() -> Self {
        let mut initial_entropy = vec![0u8; 64];
        getrandom(&mut initial_entropy).expect("Failed to get system entropy");
        TrueRandom {
            entropy_pool: initial_entropy,
        }
    }

    /// Collects timing jitter from thread scheduling to enhance entropy.
    fn collect_jitter(&mut self) {
        let mut jitter = Vec::new();
        for _ in 0..10 {
            let start = Instant::now();
            thread::sleep(Duration::from_nanos(1));
            let elapsed = start.elapsed().as_nanos() as u8;
            jitter.push(elapsed);
        }
        self.entropy_pool.extend(jitter);
    }

    /// Simulates a quantum-inspired entropy source using system timing.
    ///
    /// Approximates unpredictable behavior in software; not true quantum randomness.
    fn quantum_sim_entropy(&mut self) -> Vec<u8> {
        let mut sim_entropy = Vec::new();
        let now = Instant::now().elapsed().as_nanos();
        let mut state = now as u64;

        for _ in 0..16 {
            state ^= state.wrapping_add(self.entropy_pool[state as usize % self.entropy_pool.len()] as u64);
            sim_entropy.push((state & 0xFF) as u8);
        }
        sim_entropy
    }

    /// Generates random bytes of the specified length.
    ///
    /// Mixes OS entropy, jitter, and simulated quantum entropy with SHA-3 for uniformity.
    ///
    /// # Arguments
    /// * `len` - The number of bytes to generate.
    ///
    /// # Returns
    /// A `Vec<u8>` of random bytes.
    pub fn generate(&mut self, len: usize) -> Vec<u8> {
        self.collect_jitter();
        let sim_entropy = self.quantum_sim_entropy();
        self.entropy_pool.extend(sim_entropy);

        let mut hasher = Sha3_256::new();
        Update::update(&mut hasher, &self.entropy_pool);
        let mixed = hasher.finalize();

        if len > mixed.len() {
            let mut xof = Shake256::default();
            xof.update(&mixed);
            let mut reader = xof.finalize_xof();
            let mut output = vec![0u8; len];
            reader.read_exact(&mut output).unwrap();
            output
        } else {
            mixed[..len].to_vec()
        }
    }
}

impl Default for TrueRandom {
    /// Provides a default instance of `TrueRandom`.
    ///
    /// Delegates to `new()` to initialize with system entropy.
    fn default() -> Self {
        Self::new()
    }
}

/// Generates a keypair for quantum-secure encryption.
///
/// Uses `TrueRandom` to produce unpredictable keys.
/// This is a simplified version; real-world use requires proper cryptographic math.
///
/// # Returns
/// A tuple `(PublicKey, SecretKey)` for use in encryption/decryption.
///
/// # Examples
/// ```
/// use ruption_quantum_encrypt::keypair;
/// let (pk, sk) = keypair();
/// ```
pub fn keypair() -> (PublicKey, SecretKey) {
    let mut trng = TrueRandom::new();

    let lattice_secret = trng.generate(LATTICE_DIM);
    let lattice_matrix = vec![trng.generate(LATTICE_DIM); LATTICE_DIM];

    let code_secret = trng.generate(CODE_LENGTH / 8);
    let code_generator = trng.generate(CODE_LENGTH);

    (
        PublicKey {
            _lattice_matrix: lattice_matrix,
            _code_generator: code_generator,
        },
        SecretKey {
            _lattice_secret: lattice_secret,
            _code_secret: code_secret,
        },
    )
}

/// Encapsulates a shared secret using the public key.
///
/// Produces a ciphertext and shared secret for secure key exchange.
/// This is a toy implementation; replace with real algorithms for production.
///
/// # Arguments
/// * `pk` - The recipient’s `PublicKey`.
///
/// # Returns
/// A tuple `(Ciphertext, SharedSecret)` with the encrypted data and secret.
///
/// # Examples
/// ```
/// use ruption_quantum_encrypt::{keypair, encapsulate};
/// let (pk, _sk) = keypair();
/// let (ct, ss) = encapsulate(&pk);
/// ```
pub fn encapsulate(_pk: &PublicKey) -> (Ciphertext, SharedSecret) {
    let mut trng = TrueRandom::new();

    let lattice_cipher = trng.generate(LATTICE_DIM);
    let code_cipher = trng.generate(CODE_LENGTH);

    let mut hasher = Sha3_256::new();
    Update::update(&mut hasher, &lattice_cipher);
    Update::update(&mut hasher, &code_cipher);
    let shared_secret = SharedSecret(hasher.finalize().to_vec());

    (
        Ciphertext {
            lattice_cipher,
            code_cipher,
        },
        shared_secret,
    )
}

/// Decapsulates the ciphertext to retrieve the shared secret.
///
/// Uses the secret key to recover the shared secret.
/// Simplified for demonstration; real decryption would use the secret key.
///
/// # Arguments
/// * `ct` - The `Ciphertext` to decapsulate.
/// * `sk` - The `SecretKey` for decryption.
///
/// # Returns
/// The `SharedSecret` derived from the ciphertext.
///
/// # Examples
/// ```
/// use ruption_quantum_encrypt::{keypair, encapsulate, decapsulate};
/// let (pk, sk) = keypair();
/// let (ct, ss1) = encapsulate(&pk);
/// let ss2 = decapsulate(&ct, &sk);
/// assert_eq!(ss1.as_bytes(), ss2.as_bytes());
/// ```
pub fn decapsulate(ct: &Ciphertext, _sk: &SecretKey) -> SharedSecret {
    let mut hasher = Sha3_256::new();
    Update::update(&mut hasher, &ct.lattice_cipher);
    Update::update(&mut hasher, &ct.code_cipher);
    SharedSecret(hasher.finalize().to_vec())
}

/// Derives multiple keys from a shared secret.
///
/// Uses SHAKE256 to generate multiple 256-bit keys for layered encryption.
///
/// # Arguments
/// * `shared_secret` - The `SharedSecret` to derive keys from.
/// * `num_keys` - Number of keys to generate.
///
/// # Returns
/// A `Vec<Vec<u8>>` of derived keys.
///
/// # Examples
/// ```
/// use ruption_quantum_encrypt::{keypair, encapsulate, derive_keys};
/// let (pk, _sk) = keypair();
/// let (_, ss) = encapsulate(&pk);
/// let keys = derive_keys(&ss, 3);
/// assert_eq!(keys.len(), 3);
/// assert_eq!(keys[0].len(), 32);
/// ```
pub fn derive_keys(shared_secret: &SharedSecret, num_keys: usize) -> Vec<Vec<u8>> {
    let mut keys = Vec::new();
    let mut xof = Shake256::default();
    xof.update(&shared_secret.0);
    let mut reader = xof.finalize_xof();

    for _ in 0..num_keys {
        let mut key = vec![0u8; 32];
        reader.read_exact(&mut key).unwrap();
        keys.push(key);
    }
    keys
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_true_random() {
        let mut trng = TrueRandom::new();
        let rand1 = trng.generate(32);
        let rand2 = trng.generate(32);
        assert_eq!(rand1.len(), 32);
        assert_eq!(rand2.len(), 32);
        assert_ne!(rand1, rand2);
    }

    #[test]
    fn test_encryption() {
        let (pk, sk) = keypair();
        let (ct, ss1) = encapsulate(&pk);
        let ss2 = decapsulate(&ct, &sk);
        assert_eq!(ss1.as_bytes(), ss2.as_bytes());

        let keys = derive_keys(&ss1, 3);
        assert_eq!(keys.len(), 3);
        assert_eq!(keys[0].len(), 32);
    }
}