Production-ready hybrid cryptography combining classical (RSA/ECDSA) with post-quantum (Kyber/Dilithium) algorithms for quantum resistance and backward compatibility
Project description
๐ RightsToSecure Hybrid Crypto Wrapper
Practical Hybrid Post-Quantum Cryptography Implementation
Developed by RightsToSecure
Founder: Praveen Naidu
๐ก๏ธ Overview
The RightsToSecure Hybrid Crypto Wrapper is a production-ready Python library that implements hybrid cryptography by combining classical algorithms (RSA/ECDSA) with post-quantum cryptography (Kyber/Dilithium). This approach provides quantum resistance while maintaining backward compatibility with existing cryptographic infrastructure.
๐ฏ Key Benefits
- Quantum-Resistant: Protects against future quantum attacks
- Backward Compatible: Works with existing RSA/ECC systems
- Production Ready: Includes comprehensive testing and error handling
- Easy Integration: Simple Python API with mock OQS support for development
- Crypto-Agile: Designed for easy algorithm updates and migrations
โ Core Features
๐ Hybrid Key Encapsulation (KEM)
- RSA + Kyber: Combines RSA-2048/4096 with Kyber-512/768/1024
- ECC + Kyber: Combines ECDSA (P-256/P-384/P-521) with Kyber
- Session Key Derivation: Uses SHAKE256 for secure key generation
- Multiple Security Levels: Choose from different Kyber security levels
โ๏ธ Hybrid Digital Signatures
- ECDSA + Dilithium: Dual signature scheme for maximum security
- Compact & Structured Formats: Flexible signature representation
- Tamper Detection: Built-in verification for message integrity
- Multiple Curves: Support for secp256r1, secp384r1, secp521r1
๐ ๏ธ Developer-Friendly Features
- Mock OQS Implementation: Test without installing liboqs-python
- Comprehensive Documentation: Detailed examples and API reference
- Docker Support: Containerized deployment ready
- REST API: FastAPI-based web service included
- Console Scripts: Easy command-line demonstrations
๐ Quick Start
Installation
pip install rights-to-secure-hybrid-crypto
Basic Usage
from src import hybrid_kem, hybrid_signature, utils
# Generate hybrid keys
rsa_pub, rsa_priv = utils.generate_rsa_keys(2048)
kyber_pub, kyber_priv = utils.generate_kyber_keys("Kyber512")
# Perform hybrid key exchange
session_key, ciphertext = hybrid_kem.perform_key_exchange(
"RSA", rsa_pub, "Kyber512", kyber_pub
)
# Create hybrid signature
message = b"Hello, Quantum World!"
ecdsa_pub, ecdsa_priv = utils.generate_ecdsa_keys("secp256r1")
dilithium_pub, dilithium_priv = utils.generate_dilithium_keys("Dilithium2")
signature = hybrid_signature.create_hybrid_signature(
message, ecdsa_priv, dilithium_priv
)
๐ Project Structure
rights_to_secure_hybrid_crypto/
โโโ src/
โ โโโ hybrid_kem.py # Hybrid Key Exchange implementation
โ โโโ hybrid_signature.py # Hybrid Digital Signatures
โ โโโ utils.py # Key generation, hashing, KDF
โ โโโ mock_oqs.py # Mock OQS for testing
โโโ examples/
โ โโโ demo_key_exchange.py # KEM demonstration
โ โโโ demo_signing.py # Signature demonstration
โ โโโ api_example.py # FastAPI REST service
โโโ tests/
โ โโโ test_hybrid_kem.py # KEM unit tests
โ โโโ test_hybrid_signature.py # Signature unit tests
โโโ Dockerfile # Container configuration
โโโ docker-compose.yml # Multi-service orchestration
โโโ USAGE.md # Comprehensive usage guide
๐ง Technical Implementation
Hybrid Key Exchange Process
- Classical Encryption: Encrypt random secret with RSA/ECC
- PQC Encapsulation: Use Kyber to encapsulate PQC secret
- Secret Combination: Concatenate both secrets
- Key Derivation: Apply SHAKE256 to generate final session key
Hybrid Signature Process
- Dual Signing: Sign message with both ECDSA and Dilithium
- Signature Combination: Concatenate both signatures
- Verification: Independently verify both signature components
Security Considerations
- Cryptographically Secure Random: Uses
secretsmodule - Secure Key Derivation: SHAKE256 and HKDF implementation
- Private Key Protection: No hardcoded keys or weak defaults
- Algorithm Agility: Easy to update cryptographic algorithms
๐งฐ Requirements
Core Dependencies
cryptography>=41.0.0 # Classical cryptography (RSA, ECC, ECDSA)
liboqs-python>=0.7.2 # Post-quantum cryptography (Kyber, Dilithium)
pytest>=7.0.0 # Testing framework
Optional Dependencies
# For API functionality
pip install rights-to-secure-hybrid-crypto[api]
# For web framework support
pip install rights-to-secure-hybrid-crypto[web]
# For development tools
pip install rights-to-secure-hybrid-crypto[dev]
๐ณ Docker Deployment
Quick Start with Docker
# Build and run the API service
docker-compose up api
# Run with all services
docker-compose --profile full up
Available Services
- API Service: FastAPI REST interface
- Development: Hot-reload development environment
- Testing: Automated test suite
- Demo: Interactive demonstrations
๐ Performance & Security Levels
Supported Algorithms
| Classical | Post-Quantum | Security Level | Use Case |
|---|---|---|---|
| RSA-2048 | Kyber512 | 128-bit | Development |
| RSA-3072 | Kyber768 | 192-bit | Production |
| RSA-4096 | Kyber1024 | 256-bit | High Security |
| ECDSA-P256 | Dilithium2 | 128-bit | Standard |
| ECDSA-P384 | Dilithium3 | 192-bit | Enhanced |
| ECDSA-P521 | Dilithium5 | 256-bit | Maximum |
๐ Testing & Validation
Test Coverage
- โ Unit Tests: All core functions tested
- โ Integration Tests: End-to-end workflows
- โ Mock Testing: OQS-free testing environment
- โ Performance Tests: Algorithm benchmarking
- โ Security Tests: Cryptographic validation
Run Tests
# Run all tests
python -m pytest tests/
# Run with coverage
python -m pytest --cov=src tests/
# Run specific test suites
python test_simple.py # Basic functionality
python test_core.py # Core components
python test_comprehensive.py # Full feature set
๐ Production Deployment
Best Practices
- Use Real OQS: Install
liboqs-pythonfor production - Secure Key Storage: Implement proper key management
- Regular Updates: Keep dependencies updated
- Monitoring: Monitor for security advisories
- Backup Strategy: Implement key backup and recovery
Integration Examples
- TLS/SSL: Hybrid certificate generation
- API Security: Request/response signing
- File Encryption: Secure file storage
- Message Security: End-to-end encryption
- Blockchain: Quantum-resistant signatures
๐ Support & Community
Documentation
- API Reference: Comprehensive function documentation
- Examples: Real-world usage scenarios
- Tutorials: Step-by-step implementation guides
- Best Practices: Security and deployment recommendations
Getting Help
- GitHub Issues: Bug reports and feature requests
- Documentation: https://academy.rightstosecure.com
- Email Support: contact@arkaenterprises.com
- Community: Join our developer community
๐ License
MIT License - See LICENSE file for details.
๐ Links
- Website: https://rightstosecure.com
- Documentation: https://academy.rightstosecure.com
- GitHub: https://github.com/rightstosecure/hybrid-crypto
- PyPI: https://pypi.org/project/rights-to-secure-hybrid-crypto/
Made with โค๏ธ by RightsToSecure Team
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file rights_to_secure_hybrid_crypto-1.0.1.tar.gz.
File metadata
- Download URL: rights_to_secure_hybrid_crypto-1.0.1.tar.gz
- Upload date:
- Size: 30.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.10.11
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
79381f1459b3e3e72728349dc990e0c3dbd55ca24547521526354f9c1922c0ae
|
|
| MD5 |
7467f44a7ae6ef4308bdc9133f50e176
|
|
| BLAKE2b-256 |
2e90623006315fd781bbd281c3d2c4263e1878f89a38ea03bbcf1bdc1fa5dada
|
File details
Details for the file rights_to_secure_hybrid_crypto-1.0.1-py3-none-any.whl.
File metadata
- Download URL: rights_to_secure_hybrid_crypto-1.0.1-py3-none-any.whl
- Upload date:
- Size: 25.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.10.11
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
e26dacad84065fb96da7a980e32431848491b8038430c99dc93452d07f6eca54
|
|
| MD5 |
7ecc32c0c51b60b5ccb2825d3f110976
|
|
| BLAKE2b-256 |
f1a0496fc09dc6c8b6f1b5f3cc9833daca7a94f88f49bb837535883010c1ee8e
|
